All day Esports arena. Challenge your friends and drop shells, green, red, and blue.
- ics Calendar file
This series of self-guided labs will introduce even the most novice hacker to the world of embedded device firmware and software exploitation. First-come first-served, don't miss a chance try out these labs and get started with embedded device hacking.
- ics Calendar file
If you've never popped open an embedded device and tried to get a simple shell, this is the lab for you. This is a first-come first-served workshop where you can walk through the step by step instructions to finding and connecting to a debug interface on an embedded device.
- ics Calendar file
For 40 years, Phrack has published papers from the hacker underground. Join us as we discuss the evolution of hacking, hacker zines/culture, information security, and the role Phrack has played in all three. We will discuss the history of Phrack, the latest reboot and 40th anniversary production, followed by a panel of authors and contributors.
Speakers:richinseattle,Netspooky,Chompierichinseattle grew up reading Phrack on BBSs and now is lucky enough to be included as part of Phrack Staff. richinseattle is also known for his Undercurrents(.io) BBS, co-founding Uninformed Journal, and doing a bunch of talks at Defcon, Black Hat, and others.
SpeakerBio: NetspookyNetspooky is a security researcher and artist. He works on hacking zines Phrack & tmp.0ut, and runs the annual Binary Golf Grand Prix file format hacking party.
SpeakerBio: ChompieChompie is a security researcher, exploit developer, and weird-machine mechanic. She leads X-Force Offensive Research (XOR). In her free time, she volunteers on Phrack Staff and other initiatives that support the hacker community.
- ics Calendar file
AND!XOR creates electronic badges filled with hacker challenges. We love doing this, especially coming up with unique ways for hackers to earn them. 5N4CK3Y is a vending machine hardware hacking project from AND!XOR. We retrofitted it into an IoT CTF based badge dispensing machine, bling and all. Find enough flags on our web hosted CTF platform, you get a 5N4CK3Y dispense code, punch it in, and a badge is vended to you! There are a variety of challenges to earn a badge as well others to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, network security, phreaking, wireless, and cryptography to name a few. There's a little bit of everything, so it's a perfect way to learn something at one of the many DEF CON villages and talking with people you meet, then attempt the CTF challenges to dispense a badge. Hardware hacking is our passion and we want people to learn on badges once they get them.
A computer, desire to learn, and make friends to beg, borrow, and steal from if you need a tool which you do not already own. Our challenges are multidisciplinary. While we will not give away what is required this year, tools participants have used in the past include: Computer, Ghidra, AFL, telephone, lock pick set, SDR, Flipper Zero, UART Adapter, FT2232 hardware debugger, chip clip, telephone parts, TV remote control, audio recorder, tracing paper, pencil, solder iron & solder, hot air gun, exacto knife, lighter, ice from a Malört cocktail being sipped on by Lintile, copper wire, booze, and ramen. In short, any tools required for the CTF challenges can be obtained at DEF CON.
Absolutely not, we invite maximum participation.
- ics Calendar file
Bloatware. We all hate it, and most of us are good at avoiding it. But some vendor tools – especially those managing critical drivers – are still necessary, often because the drivers available through Windows Update just aren’t good enough for performance-critical computing.
What started as a routine driver update took a sharp turn when I confirmed a reboot modal… from my browser. Wait, my browser shouldn’t be able to do that!? To my disappointment (and maybe some surprise), it turned out to be arbitrary code execution – right from the browser. This kicked off a week-long deep dive, uncovering seven trivial CVEs in seven days across several vendors, all exploiting a common pattern: privileged services managing software on Windows with little regard for security.
In this talk, I’ll walk through the journey of discovery and exploitation of several vulnerabilities that lead to LPE/RCE.
SpeakerBio: Leon "leonjza" JacobsWith over two decades in IT - 15 years focused on cybersecurity - Leon is the CTO of Orange Cyberdefense’s SensePost Team. His career has taken him from a Tier 1 ISP, a private investment bank and now into full-time consulting, giving him a broad, real-world view of security challenges across industries. Today, Leon spends his time researching and hacking everything from enterprise networks to web and mobile applications. Passionate about building and innovating, he’s a regular contributor to the InfoSec community, sharing tools, insights, and lessons learned to help push the field forward.
- ics Calendar file
En esta charla exploraremos cómo acelerar el cálculo de funciones hash, centrándonos especialmente en el uso de dispositivos reconfigurables como las FPGAs. Comenzaremos con una introducción a las funciones hash, su papel fundamental en criptografía y seguridad informática, y sus propiedades clave como la irreversibilidad y la resistencia a colisiones.x000D x000D A continuación, haremos un repaso comparativo de las distintas plataformas de cómputo donde se pueden implementar algoritmos hash: CPU, GPU, ASIC y FPGA, analizando sus ventajas, limitaciones y casos de uso típicos. Nos detendremos especialmente en las FPGAs (Field-Programmable Gate Arrays), explicando su arquitectura, su capacidad de paralelismo masivo y su flexibilidad para implementar lógica específica.x000D x000D Por último, veremos la implementación del algoritmo SHA-256 en una FPGA. Mostraremos cómo se traduce el algoritmo a lógica digital, qué técnicas se pueden aplicar para optimizar el rendimiento, y qué resultados se pueden obtener en términos de velocidad y eficiencia energética.
SpeakerBio: Pablo Trujillo, Founder at ControlPaths Eng.Pablo has been an FPGA designer for over 10 years, specializing in digital signal processing and control algorithms, with a strong focus on their implementation in FPGA-based systems. He is the founder of ControlPaths Eng., a consultancy dedicated to electronic design and FPGA development. In addition to his professional work, Pablo authors the blog controlpaths.com, where he regularly publishes articles on FPGAs, SoCs, and hardware acceleration.
Pablo es diseñador de FPGA con más de 10 años de experiencia. Está especializado en procesado digital de señal e implementación de algoritmos de control sobre FPGA. Además de su trabajo, escribe regularmente en el blog controlpaths.com, donde investiga y publica artículos sobre procesado digital de señal en FPGA, y aceleración HW. Ha sido ponente en algunas charlas en España y Europa como AsturconTech (Asturias), Vicon (Vigo) o Embedded World (Nuremberg).
- ics Calendar file
More than 95% of Fortune 500 companies use Active Directory! Enterprises are managed using Active Directory (AD) and it often forms the backbone of the complete enterprise network. Therefore, to secure an enterprise from an adversary, it is inevitable to secure its AD environment. To secure AD, you must understand different techniques and attacks used by adversaries against it. Often burdened with maintaining backward compatibility and interoperability with a variety of products, AD environments lack ability to tackle latest threats.
This training is aimed towards attacking modern AD with focus on OPSEC and Stealth. The training is based on real world penetration tests and Red Team engagements for highly secured environments. Some of the techniques used in the course:
The course is a mixture of fun, demos, exercises, hands-on and lecture. You start from compromise of a user desktop and work your way up to multiple forest pwnage. The training focuses more on methodology and techniques than tools.
Attendees will get free two months access to an Active Directory environment comprising of multiple domains and forests, during and after the training and a Certified Red Team Expert Exam (CRTE) certification attempt.
Speakers:Nikhil,ManthanNikhil’s areas of interest include red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 15+ years of experience in red teaming.
He specializes in assessing security risks in secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Azure, Active Directory attacks, defense and bypassing detection mechanisms. Nikhil has held trainings and bootcamps for various corporate clients (in US, Europe and SE Asia), and at the world's top information security conferences.
He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more.
Nikhil is the founder of Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/
SpeakerBio: Manthan, Security Researcher at Altered SecurityManthan is a security researcher with a strong passion for enterprise security, red teaming and Active Directory security. He specializes in testing enterprise security defences with a deep understanding of offensive strategies, including EDR evasion and Active Directory attacks. He continuously researches emerging threats, attack techniques, and mitigation strategies to stay ahead of evolving adversaries.
He works as a Security Researcher at Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/
- ics Calendar file
More than 95% of Fortune 500 companies use Active Directory! Enterprises are managed using Active Directory (AD) and it often forms the backbone of the complete enterprise network. Therefore, to secure an enterprise from an adversary, it is inevitable to secure its AD environment. To secure AD, you must understand different techniques and attacks used by adversaries against it. Often burdened with maintaining backward compatibility and interoperability with a variety of products, AD environments lack ability to tackle latest threats.
This training is aimed towards attacking modern AD with focus on OPSEC and Stealth. The training is based on real world penetration tests and Red Team engagements for highly secured environments. Some of the techniques used in the course:
The course is a mixture of fun, demos, exercises, hands-on and lecture. You start from compromise of a user desktop and work your way up to multiple forest pwnage. The training focuses more on methodology and techniques than tools.
Attendees will get free two months access to an Active Directory environment comprising of multiple domains and forests, during and after the training and a Certified Red Team Expert Exam (CRTE) certification attempt.
Speakers:Nikhil,ManthanNikhil’s areas of interest include red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 15+ years of experience in red teaming.
He specializes in assessing security risks in secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Azure, Active Directory attacks, defense and bypassing detection mechanisms. Nikhil has held trainings and bootcamps for various corporate clients (in US, Europe and SE Asia), and at the world's top information security conferences.
He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more.
Nikhil is the founder of Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/
SpeakerBio: Manthan, Security Researcher at Altered SecurityManthan is a security researcher with a strong passion for enterprise security, red teaming and Active Directory security. He specializes in testing enterprise security defences with a deep understanding of offensive strategies, including EDR evasion and Active Directory attacks. He continuously researches emerging threats, attack techniques, and mitigation strategies to stay ahead of evolving adversaries.
He works as a Security Researcher at Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/
- ics Calendar file
Adversary Simulator booth has hands-on adversary emulation plans specific to a wide variety of threat-actors and ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics. This is a volunteer assisted activity where anyone, both management and technical folks can come-in and experience different categories of simulation, emulation and purple scenarios.
Adversary Simulator booth will be having a lab environment focused on recreating enterprise infrastructure, aimed at simulation and emulating various adversaries. Visitors will be able to view, simulate and control various TTPs used by adversaries. The simulator is meant to be a learning experience, irrespective of whether one is hands-on with highly sophisticated attack tactics or from the management.
- ics Calendar file
We are kicking off Adversray Village
- ics Calendar file
Adversary Village proudly presents "Adversary Wars CTF", an official contest at DEF CON, where the participants will have to pose as adversaries and replicate adversarial actions against each element of a “target” organization. Adversary Wars would have real world simulation of CTF scenarios and challenges, where the participants can perform various attacks and learn new attack vectors, TTPs, techniques, etc. To visualize the CTF environment, the contest area will feature a miniature model of the city made using interlocking-plastic-bricks. The breached components OR organization buildings will be physically marked in the city model as the CTF progresses.
- ics Calendar file
While the Cyber Demonstrator challenge is occurring, folks will be able to see what's happening inside the avionics on the aircraft and how their logging and reporting interacts with AI analysis systems to generate cyber alerts.
- ics Calendar file
When we travel with valuable baggage, we rely on the security of locks, especially those that are TSA-approved. But how secure are they really? In this talk, we’ll present our research on the vulnerabilities and bypasses of these locks and their embedding into the baggage, covering the most common models as well as the newer TSA008. We’ll discuss how lock picking techniques, master keys, and bypass methods can compromise the security of all TSA-approved models, potentially putting our belongings at risk.
SpeakerBio: Hector Cuevas Cruz, Bishop FoxHéctor is a Senior Managing Security Consultant at Bishop Fox with over 13 years of experience in offensive security, digital forensics, threat hunting, and incident response. Hector has presented at international conferenses such as DEFCON, SummerCon, WWHF & Ekoparty. He also leads Pwntacles, a student-driven hackerspace focused on cybersecurity research and development.
- ics Calendar file
Modern attackers aren’t waiting for CVEs. They’re quietly mapping your apps and APIs, uncovering unintended exposures, and slipping past defenses.
Don’t just react, anticipate. This workshop pulls back the curtain on the modern attacker’s playbook. You’ll learn how adversaries extract intelligence from exposed metadata clues hiding in plain sight. Then, we’ll dive into crafting stealthy, context-aware payloads designed to bypass detection and exploit subtle implementation flaws. Through real-world examples and guided exercises, you’ll learn to identify these patterns, recognize evasions, and build resilient detection and prevention strategies.
Takeaways: Early-stage recon via api access, information disclosure through common hardening State of the art evasion techniques with our free, open-source tool Obfuskit Normalization and encoding and adversarial techniques to subvert pathing, routing, and authentication Step up your defensive game against these attacks
Speakers:Roshan Piyush,Soujanya NamburiRoshan Piyush leads Security Research at Traceable by Harness, where he also oversees Aspen Labs — Harness's dedicated initiative for advancing modern application and API security. He is at the forefront of developing next-generation security platforms that deliver deep protection across the software lifecycle, from code to runtime.
With over a decade of experience in cybersecurity and a recent focus on API security, Roshan researches cutting-edge detection and prevention techniques across CI/CD pipelines, software supply chains, runtime environments, and cloud-native architectures. His work powers enterprise-grade security solutions that help organizations stay ahead of evolving threats.
An active contributor to the open-source security community, Roshan has been involved with projects like OWASP crAPI and Coraza WAF. He frequently shares his insights through technical talks, tools, and collaborations, helping drive progress across the broader AppSec ecosystem.
SpeakerBio: Soujanya NamburiI’m Soujanya Namburi, a Developer and Security Research Engineer. I specialize in WAF (Web Application Firewalls), anomaly detection, external surface scanners, and active security testing. I have extensive experience with open source security projects like OWASP Coraza, OWASP Coreruleset, and OWASP Crapi. I’m passionate about building secure, high-performance solutions and contributing to open-source projects that help organizations strengthen their security posture.
- ics Calendar file
Max 20 attendees since hardware is included for free.
Want to play with an open-source messaging system that has been deployed to space for a number of on-orbit projects?
In this workshop, you will work with a toolkit designed to create flexible and secure digital interactions across distributed systems while also eliminating common problems associated with consistency, availability, and partitioning of these systems and architectures. We'll walk you through compiling, configuring, and deploying a simple distributed wireless messaging application on our ESP32 badge board. Once it's flashed and working, the hardware is yours! Then dig deeper to learn the mechanisms that make Aranya work and make your own modifications.
The badge board you will receive is a multi-purpose development board based on the ESP32-S3 with 2MB PSRAM and 4MB Flash. It provides battery management, USB-C, two Qwiic ports, microSD, a big RGB notification LED, and a big tactile button. Battery included! For more information, check out the repo.
Toolz: A Mac or Linux machine (WSL will work) and a USB type-C cable. Chrome or Python for the front-end.
Skillz: Familiarity with command-line tools. Understanding Rust, Embassy, and esp-rs will be handy, but not required.
- ics Calendar file
"Ask a Hiring Manager" is an interactive group workshop designed to give job seekers and professionals direct access to seasoned hiring managers across various cybersecurity roles. Whether you're a recent graduate, transitioning from another field, or already working in security and exploring what's next, this is your chance to get unfiltered answers to the questions that matter most.
SpeakerBio: Cory WolffWith over 20 years of experience in IT, security, and development, Cory Wolff leads the offensive security practice at risk3sixty, a consulting firm based in Atlanta, GA. He holds multiple certifications, including the Offensive Security Certified Professional (OSCP) and the Certified Information Systems Security Professional (CISSP), and has a proven track record of building and breaking various technologies since his first computer in 1988.
Cory also contributes to the cybersecurity community as a core team member of Red Team Village, a platform that fosters collaboration, learning, and innovation among red teamers and security professionals.
- ics Calendar file
"Ask a Hiring Manager" is an interactive group workshop designed to give job seekers and professionals direct access to seasoned hiring managers across various cybersecurity roles. Whether you're a recent graduate, transitioning from another field, or already working in security and exploring what's next, this is your chance to get unfiltered answers to the questions that matter most.
SpeakerBio: Peter HefleyTeam and people builder for over 20 years, primarily in the offensive security space.
- ics Calendar file
"Ask a Hiring Manager" is an interactive group workshop designed to give job seekers and professionals direct access to seasoned hiring managers across various cybersecurity roles. Whether you're a recent graduate, transitioning from another field, or already working in security and exploring what's next, this is your chance to get unfiltered answers to the questions that matter most.
SpeakerBio: Troy Fridley
- ics Calendar file
"Ask a Hiring Manager" is an interactive group workshop designed to give job seekers and professionals direct access to seasoned hiring managers across various cybersecurity roles. Whether you're a recent graduate, transitioning from another field, or already working in security and exploring what's next, this is your chance to get unfiltered answers to the questions that matter most.
SpeakerBio: Doug Mooney
- ics Calendar file
Kubernetes is the de facto operating system of the cloud, and more and more organizations are running their workloads on Kubernetes. While Kubernetes offers many benefits, it also introduces new security risks, such as cluster misconfiguration, leaked credentials, cryptojacking, container escapes, and vulnerable clusters.
In this hands-on session, attendees will dive into the world of Kubernetes security by exploring powerful open source tools and practical techniques used to audit and exploit K8S clusters. You'll learn how to quickly identify misconfigurations and vulnerabilities in containerized applications running on Kubernetes, leverage those weaknesses to steal service account tokens, move laterally across the environment, and potentially take full control of the cluster. Whether you're a red teamer, bug bounty hunter, or just getting started in cloud security, this session will equip you with the skills to pwn your first Kubernetes cluster.
SpeakerBio: Lenin Alevski, Security Engineer at GoogleLenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog https://www.alevsk.com.
- ics Calendar file
Hands-on Demonstration – approximately 40 minutes to learn about the protocol and system, the research behind the tool, and the hands-on activity.
Participants will learn about the standard satellite communication protocol developed by the Consultative Committee for Space Data Systems (CCSDS). The CCSDS protocols prioritize reliability and efficiency, however those guidelines are often ignored or implemented improperly. We will demonstrate how to detect and protect against vulnerabilities in CCSDS protocols. We want to inform those in the space sector about potential problems in CCSDS protocols and their impacts, along with a method for automating security assessments of these systems.
- ics Calendar file
This talk presents a practical methodology for reverse engineering real-time embedded firmware built on ARM Cortex platforms. Using Ghidra as the primary analysis environment to facilitate collaboration. We will demonstrate how to reconstruct the core layers of an embedded system to gain deep insight into its operation. The Board Support Package (BSP) is mapped using the SVD loader plugin to associate memory-mapped registers with hardware peripherals. The Hardware Abstraction Layer (HAL) is analyzed through custom type recovery and function pattern matching to identify initialization routines and peripheral control logic. At the RTOS level, we apply Ghidra’s BSim plugin to detect task creation, scheduler logic, and inter-process communication constructs used in FreeRTOS and similar kernels. The session equips attendees with a structured approach to reversing embedded C/C++ applications, even when symbols are stripped and source code is unavailable. The goal is to enable firmware analysts, security researchers, and engineers to confidently dissect the layered architecture of constrained, real-time embedded systems.
SpeakerBio: SolaSecCaleb Davis is a founding member of SolaSec, a cybersecurity consulting firm specializing in advanced penetration testing for embedded and connected systems. Based in Dallas/Fort Worth, he holds a degree in Electrical Engineering from the University of Texas at Tyler and is a patent-holding expert with vast experience in hardware and firmware security. Caleb leads deep technical assessments across a range of high-impact industries, including medical devices, automotive, industrial control systems, ATMs and financial terminals, aerospace components, and consumer electronics. His work focuses on secure design, trusted boot processes, cryptographic implementations, and threat modeling, helping organizations integrate security throughout the development lifecycle and align with industry and regulatory standards.
- ics Calendar file
After DC32, we had one question for ourselves: How could we possibly build upon the work done with last year’s ADS-B badge? Building upon the work we talked about at 38C3, the badge became a mixture of ideas. We wanted new functions extend the badge, but also be accessible for everyone. That set our direction for this year: a radio SAO that would have multiple levels of connectivity. Join us for a behind-the-scenes look as we walk through how we were able to (ab)use hardware to receive out of band signals, creating a custom signal processing chain, and create an SAO that can be integrated into your own badge. Now that you’ve got your hands on this year’s Aerospace Village badge, join Adam and Robert as they discuss the challenges and successes the team faced while building this year’s village badge.
Speakers:Adam Batori,Robert Pafford
- ics Calendar file
The Device Lab is highly-collaborative environment where security researchers test medical instruments, applications, and devices in real-time from participating Medical Device Manufacturers. Any potential issues are reported directly to the manufacturer, and coordinated vulnerability disclosures are produced.
As part of their product security programs, their proactive initiatives to test their products, and to enhance the cybersecurity of their medical technologies, select medical device makers are teaming up with the Biohacking Village.
These manufacturers are inviting security researchers to learn and to test their products in dedicated spaces set aside for them. Their staff will answer questions, educate researchers, and triage any potential security issues. Researchers who perform testing should expect to follow the manufacturers’ published coordinated vulnerability disclosure policy and report any potential issues found so they can be addressed. Security researchers must sign the Hippocratic Oath for Hackers and agree to the framework of boundaries and rules of engagement during and post conference engagement.
- ics Calendar file
You all know that PLC4TRUCKS is unintentionally accessible wirelessly (CVEs 2020-14514 and 2022-26131). In this talk we will dig into the details of the new CVE-2024-12054 and some other results on the ECU investigated. This talk is tailored to those with an automotive cybersecurity background. We found ECUs running the KWP2000 diagnostic protocol on PLC4TRUCKS, supposedly secured with their fancy seed-key exchange. But guess what? Those seeds are way more predictable than they should be. A bit of timing trickery, a classic reset attack, and boom – we're in, no peeking at the ECU's responses needed. Blind, non-contact attacks on PLC4TRUCKS? Yep, we found a way. Turns out wireless unauthorized diagnostics access isn't just limited to older equipment. These newer trailer brake controllers' diagnostic functions can be abused too. This situation highlights the need for future tractors to deploy mitigations that protect the trailer from wireless attacks because they are all reachable and even the new ones are vulnerable.
SpeakerBio: Ben GardinerBen is a Senior Cybersecurity Research Engineer at the National Motor Freight Traffic Association, Inc. (NMFTA)™ specializing in hardware and low-level software security. He has held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations.
Ben has conducted workshops and presentations at numerous cybersecurity events globally, including the CyberTruck Challenge, GENIVI security sessions, Hack in Paris, HackFest, escar USA and DEF CON.
Ben holds a M.Sc. Eng. in Applied Math & Stats from Queen’s University. In addition to speaking on the main stage at DEF CON, Ben is a volunteer at the DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV). He is GIAC GPEN and GICSP certified, chair of the SAE TEVEES18A1 Cybersecurity Assurance Testing TF (published J3322), a contributor to several American Trucking Associations (ATA) Technology & Maintenance Council (TMC) task forces, ISO WG11 committees, and a voting member of the SAE Vehicle Electronic Systems Security Committee.
- ics Calendar file
This year has posed greater challenges for job seekers, with many highly skilled Blue Teamers faced with layoffs and greater competition for fewer jobs. This panel will consist of leaders and practitioners from multiple areas of the cybersecurity field, sharing their journeys and perspectives on hiring in the industry. They’ll answer your questions on handling the job search, perspectives on hiring in a difficult job market, and advice on how to advance your career and skill up technically.
Speakers:Kirsten Sireci Renner,Russell MosleyBest known in the community for directing BSLV HireGround & BSidesCharm Hiring Village, Kirsten also co-founded Car Hacking Village in 2015. After a decade helping run it, she left and joined ICS Village and can be found at many conferences and events throughout the year speaking and volunteering. She settled into technical recruiting after working on helpdesks over twenty years ago. She is currently serving as the VP of Talent at SilverEdge and is always open to helping those who reach out - especially transitioning service members and veterans!
SpeakerBio: Russell Mosley'
- ics Calendar file
Join BTV staff as we share this year's highlights, puzzle and Capture the Flag events stats and winners, and shout our amazing volunteers, staff, sponsors, and of course attendees. Say goodbye for now, and snag any leftover swag!
SpeakerBio: BTV Directors
- ics Calendar file
Jun “Ghost Hacker” Kawasaki is an MD-candidate in Brain Pathology at Niigata University and former Tendai monk who reverse-engineers human being systems by fusing neuroscience, information physics, and ancient rituals. In his DEFCON parts—drawn from his new book Ghost Hacker: How to Hack the Human Spirit—he’ll reveal the playbook for planting and propagating ideas in the human spirit. also secure your spirit and soul.
Payment Method: Credit Card, Paypal
DC 33 Engagements - Car Hacking Village, Biohacking Village, GenSec, AIxCC
SpeakerBio: Jun “Ghost Hacker” KawasakiJun “Ghost Hacker” Kawasaki is an MD-candidate in Brain Pathology at Niigata University and former Tendai monk who reverse-engineers human being systems by fusing neuroscience, information physics, and ancient rituals. In his DEFCON parts—drawn from his new book Ghost Hacker: How to Hack the Human Spirit—he’ll reveal the playbook for planting and propagating ideas in the human spirit. also secure your spirit and soul.
DC 33 Engagements - Car Hacking Village, Biohacking Village, GenSec, AIxCC
- ics Calendar file
- ics Calendar file
- ics Calendar file
Micah is a member of the Lockdown Systems collective. He's a coder, a security researcher, and an independent journalist. He develops open source privacy and security tools, and he's done a lot of work related to journalism and whistleblowing. He’s the former director of infosec for The Intercept. He wrote a book that teaches people how to analyze hacked and leaked datasets, Hacks, Leaks, and Revelations. He really doesn’t like the technofascist future we’ve all been forced into.
- ics Calendar file
A practical guide to hardware hacking.
Join IoT Village for a hands-on workshop where people can learn step-by-step techniques to gain root access on a smart camera. Some of the methods involved are PCB analysis, power analysis, and exploiting debug interfaces to achieve shell access.
- ics Calendar file
Join us for an interactive workshop where we will walk you through the ins and outs of botnet deployment and operation via a command and control web server. Geared towards beginners, this workshop offers a hands-on approach to understanding how botnets function. You’ll also learn an effective defense strategy against the botnet you have created. No experience needed we will give you everything you need!
- ics Calendar file
Storm-2372 (Feb’25) has been virtually ignored, even though Russian threat actors demonstrated in-the-wild exploits using OAuth Device Code Phishing (Syynimaa, Oct’20) and PRT/device registration abuse (Moller, Oct’23) that fundamentally puts all Entra customers at risk via its abuse of OAuth, the device registration service, SSO and compromise of the Primary Refresh Token.
This talk starts with Moller’s original research and compares the API calls and logging for valid device registration flows against the original and other expected attack variants including non-device code OAuth, non-phishing attacks, and endpoint compromise.
We’ll then look at additional implications of the attack, look at on-the-wire payloads, then focus on the challenge of effective detection by going through published best practices with detecting off of Entra sign-in logs, what may or may not be blocked by conditional access policies, where continuous access evaluation helps or not, and what is detected by Sentinel and Cloud Defender.
We will demo the attack, show API payloads, confuse ourselves with logs, using native Microsoft functionality and try to answer what can and can’t be done effectively against this attack. Along the way we’ll rant about what makes detection (and prevention) so difficult based on the design of Entra, its logs, and native tooling.
SpeakerBio: Jenko Hwong, WideField SecurityJenko Hwong heads threat research at WideField Security, focusing on identity-based attacks and abuse. Prior, he spent 5 years at Netskope Threat Research Labs and has spent 20 years in engineering and product roles at various security startups in vulnerability scanning, AV/AS, pen-testing/exploits, L3/4 appliances, threat intel, and Windows security.
- ics Calendar file
This area will feature guided breach simulation exercises for participants to engage with. There will be two activities, "Breach-the-Hospital" and "Breach-the-Office," based on two LEGO sets. A simulated cyber range will be available for each scenario, providing an exact replica of an enterprise production environment. We will provide a detailed walkthrough of the attack scenarios, including Tools-Techniques-and-Procedures (TTPs) commands and how-to guides, demonstrating how to atatck and breach the hospital's infrastructure or the office environment. This exercise will give participants a clear understanding of how adversaries infiltrate corporate environments.
- ics Calendar file
Wi-Fi Easy Connect is a protocol introduced by the Wi-Fi Alliance as the core replacement for Wi-Fi Protected Setup (WPS). It is designed to simplify device provisioning using user-friendly methods such as QR code scanning or short-range wireless technologies like NFC and Bluetooth. In this paper, we present a comprehensive security and privacy assessment of Wi-Fi Easy Connect (version 3.0).
Our analysis uncovered several security issues, including aspects of the protocol’s design that may unintentionally expand the attack surface compared to WPS. Notably, we found that design choices intended to enhance usability can compromise security. All identified issues were disclosed to the Wi-Fi Alliance, and we incorporated their feedback regarding mitigations and risk acceptance into our evaluation.
This work underscores the critical balance between usability and security in protocol design and the dangers of prioritizing ease-of-use at the expense of robust security guarantees.
References:
George Chatzisofroniou is a computer security researcher and engineer specializing in Wi-Fi and wireless network security. He has conducted infrastructure and software security testing for Fortune 500 companies across Africa, Asia, Europe, and North America. His research has been presented at leading security conferences and has attracted media coverage for uncovering critical protocol-level vulnerabilities.
- ics Calendar file
Bricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation.
- ics Calendar file
Final words, thanks, and giveaways.
SpeakerBio: Bug Bounty Village Staff
- ics Calendar file
Join us at the Bug Bounty Village for the CTF Award Ceremony, where we celebrate the top performers of our inaugural Capture The Flag competition. During this in-person ceremony, we’ll recognize the highest-ranking participants on the leaderboard and award prizes to those present. If you’ve competed in the CTF and secured a spot on the leaderboard, make sure to attend and claim your prize! This is a unique opportunity to honor the skill and creativity of the global hacking community and to connect with fellow researchers and organizers. We look forward to seeing you there!
Speakers:Bug Bounty Village Staff,CTF.ae
- ics Calendar file
CTF.ae will perform a CTF Walkthrough Session, where they'll dive into some of the most interesting challenges from our inaugural Capture The Flag competition. In this session, we'll showcase a selection of the vulnerabilities hidden in the competition’s ecosystem — spanning web, API, and LLM assets — and demonstrate how they could be discovered and exploited. Whether you participated in the CTF or are just curious to learn, this is a great chance to see real-world techniques and creative solutions in action, explained by the creators themselves.
SpeakerBio: CTF.ae
- ics Calendar file
The Call Center Village contest is a community security-challenge that simulates common attack-surfaces found in multi-tenant, multi-industry, BPO call centers - often referred to as "answering services."
Test your skills in physical entry, network security, audio manipulation, messaging protocols, telephony tools, and application security based on our actual experiences working in the call center industry.
As a community, you will work together to break into AnswerTarget - the most modern and secure call-center never built - to unlock physical and digital flags that reveal clues for the Call Center Village social-engineering challenge.
Earn a Call Center Village challenge medal (and your chance at socially-engineering a real-world call center agent) by completing challenges during contest hours!
Prerequisites:
There are no prerequisites or pre-qualifications. We have all the required tools available for you to use, including laptops with a host of standard hacker and voice-related software tools, a flipper zero, a proxmark with writable cards, lock-picks, snap-tools, rubber-duckies, IP phones, headsets, microphones, and more!
- ics Calendar file
Have you ever looked at a tin can, a pile of coax, some solder, a few connectors, and your radio and thought, I’m not sure, but CAN IT HAM? In this new contest for DEF CON 33, the Ham Radio Village is challenging participants to see what they can turn into functioning antennas.
We'll have some basic supplies – tin cans, coax, solder, connectors,– but feel free to bring your own weird components if you want. The 10 best builds will get tested, and the top 3 will score bragging rights & prizes!
Come participate in some radio shenanigans, hack something together and see what you can make work (plus maybe learn something along the way).
Design and build a functioning amateur radio antenna using non-traditional or improvised materials (e.g., tin cans, coat hangers, umbrellas, plumbing pipe).
If it looks absurd and still gets on the air, you're doing it right. HRV will have connectors, soldering stations, and some raw materials for available for use. See what other materials you can find to make the best improvised antenna!
All antennas must be summitted by 10AM on Sunday.
Any antennas not picked up by 2pm on Sunday will be donated to the Ham village or disposed accordingly.
None - Bring your hands and brain and give it a try! You can also bring any* materials from off-site to construct your antenna
no
- ics Calendar file
High-entropy ASLR was supposed to make bypasses of ASLR on Windows virtually impossible - until now! This talk will debut nine novel bypasses of the strongest form of ASLR on Windows, which makes attacks such as brute-forcing totally infeasible. This talk showcases how mostly simple, easy-to-find ROP gadgets can be used to construct highly reliable, universal ASLR bypasses to key Windows system DLLs, allowing ROP gadgets from those DLLs to be used freely in exploits! The end result? The attack surface is greatly expanded, making it possible to do more attacks on binaries previously constrained by limited gadgets. What may have been impossible before due to insufficient ROP gadgets, now is quite possible! While this talk focuses primarily on ASLR bypass for x64, we will also briefly touch upon similar attacks for x86. As part of this talk, for the first time ever, I am also releasing and open-sourcing a new mini-tool that will generate complete, x64 ROP chains for each of these bypasses! We will see this ASLR bypass attack in action with demo. We conclude with recommendations to help remediate the problem. This talk is an in-depth technical deep dive into Windows internals and the design of this technique, but it will also be presented in an accessible way to beginners.
References:
Dr. Bramwell Brizendine has a Ph.D. in Cyber Operations and is the Director of the VERONA Lab. Bramwell has regularly spoken at DEFCON and presented at all regional editions of Black Hat (USA, Europe, Asia, MEA), as well as at Hack in the Box Amsterdam and Wild West Hackin' Fest. Bramwell received a $300,000 NSA research grant to create the SHAREM shellcode analysis framework, which brings unprecedented capabilities to shellcode analysis. He has additionally authored ShellWasp, which facilitates using Windows syscalls in shellcode, as well as two code-reuse attack frameworks, ROP ROCKET and JOP ROCKET. Bramwell has previously taught undergraduate, master's, and Ph.D. courses on software exploitation, reverse engineering, offensive security, and malware analysis. He currently teaches cybersecurity courses at the University of Alabama in Huntsville.
- ics Calendar file
Come compete in the world’s most challenging cyber defense competition based on the Aries Security Cyber Range. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth, so only the best prepared and battle hardened will escape the crucible.
- ics Calendar file
- ics Calendar file
The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEMs and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.
https://www.carhackingvillage.com/ctf-rules
No, contest is in person only.
- ics Calendar file
For over 10 years, I've operated at every level of darknet markets - from carding forums to multi-million dollar platforms. This is the unfiltered reality they don't teach you:
I'll share never-before-seen screenshots, chat logs, and operational details that reveal why no market lasts forever. Whether you're a researcher, journalist, or just curious - this is the uncensored history of the darknet's most infamous moments.
References:
godman666 has operated in the darknet’s criminal underbelly for over a decade. Starting with carding at 16, he moved to spam operations before rising through Silk Road and Tor carding forums. He built phishing empires, sold hacking tools, and ran infrastructure for major markets—including engineering the darknet’s largest phishing operation after a fallout with Empire Market’s staff. A backend role at a top market later ended in financial sabotage (ask about Christmas 2019). Recognized in Wired’s "The Most Dangerous People on the Internet" (2022), he shifted to offshore legal warfare takedown arbitrage, Wikipedia edits, and creative compliance. DEF CON’s Darknet Market Contest? Sabotaged by a hangover.
- ics Calendar file
The Chaining of Vulnerabilities session is essential for anyone serious about understanding real-world security threats. Attackers rarely rely on a single flaw - instead, attackers combine multiple low or medium-risk issues to breach systems and exfiltrate data. This session will reveal how these chains are built, and how overlooked weaknesses can lead to full system compromise. With practical case studies, attack flow breakdowns, and defense strategies, you’ll gain critical insight into offensive thinking and how to build more resilient systems. Whether you're a developer, security engineer, or red teamer, this session will sharpen your knowledge about how subtle flaws can be linked into powerful exploit chains.
Speakers:Monish Alur Gowdru,cybermeowMonish Alur Gowdru is dedicated to securing applications end-to-end, with over 5 years of experience in application security, software development, and secure code review. His passion for finding security gaps in applications sparked a deeper interest in learning to build applications, driving him to build the skills needed to secure systems from the ground up. This journey led him to earn a Master’s degree in Computer Science with a specialization in Information Assurance, along with hands-on experience as a Software Engineer. While this is his first time speaking at a conference, he’s an active contributor to local security communities and a mentor to those starting their careers in the field.
LinkedIn: https://www.linkedin.com/in/ag-monish/ Email Address: monish.alurgowdru@gmail.com
SpeakerBio: cybermeowMeet Apoorwa Joshi – Security Engineer, Code Whisperer & Threat Tamer at Amazon. With over 6 years in the trenches of application and cloud security at scale, she currently brings her talents to helping teams think like attackers before the attackers do. Armed with a Master’s degree, a knack for demystifying technical complexity, Apoorwa specializes in "shifting left" Based in Austin, Texas, Apoorwa is part of a new wave of security professionals. Though this is her first time on the conference stage, she’s no stranger to leading conversations that matter from mentoring junior engineers to influencing cross-team architecture decisions. When she’s not taming threats or refactoring risk, she enjoys playing ping pong and spending time with her cat.
Ask her about: threat modeling, secure architecture, DevSecOps, or how to sneak security into sprint planning without getting side-eyes.
- ics Calendar file
Greg isn't so much a hacker as he is an engineer, quietly building fortresses for hackers to play with (or run away from in defeat). He got his start securing data at rest with an app called Espionage — user-friendly folder encryption and plausible deniability for Mac users. He moved on to securing data in motion, creating DNSChain and defining DPKI (decentralized public key infrastructure), a vision to fix the inherent security flaws in HTTPS. This is his first DEF CON, where he will be presenting a work 10 years in the making: a new protocol and way of building any web app that is end-to-end encrypted, decentralized, and user-friendly.
- ics Calendar file
Using the Internet has become synonymous with giving up privacy.
"That's just the way it is," people tell themselves. "Of course, the company has access to my data."
But what if you had a choice?
What if every app you used online could be truly private-respecting — in the real sense of the term, not the ""privacy policy"" sense?
That's what we're here to discuss. Chelonia is the first implementation of Shelter Protocol: an end-to-end encrypted, federated protocol for building any kind of user-friendly web application.
SpeakerBio: Greg SlepakGreg isn't so much a hacker as he is an engineer, quietly building fortresses for hackers to play with (or run away from in defeat). He got his start securing data at rest with an app called Espionage — user-friendly folder encryption and plausible deniability for Mac users. He moved on to securing data in motion, creating DNSChain and defining DPKI (decentralized public key infrastructure), a vision to fix the inherent security flaws in HTTPS. This is his first DEF CON, where he will be presenting a work 10 years in the making: a new protocol and way of building any web app that is end-to-end encrypted, decentralized, and user-friendly.
- ics Calendar file
Adversary adventure is a story-scenario based, interactive, cyber war-gaming, choose-your-own adventure model interactive game. This is a gamified version of table-top exercises which is presented to the participants as they can choose to play as an attacker, post exploitation OR a Defender who is defending against an attacker group-threat actor OR even play as a CISO who is dealing with an adversarial situation such as a ransomware incident.
- ics Calendar file
- ics Calendar file
Cloud Village CTF Builders will help players learn and refine techniques following Cloud-based challenges. Join us in uncovering new ways to hack a cloud environment.
- ics Calendar file
- ics Calendar file
- ics Calendar file
CMD+CTRL is an immersive learning and hacking platform where developers, security professionals, and tech enthusiasts come together to sharpen their skills in web application security. Players compete in a real-world environment, uncovering vulnerabilities and learning security techniques hands-on. With real-time scoring, the experience stays engaging, fostering both collaboration and friendly competition.
At DEF CON 33 come try out some of our classic Cyber Ranges in a casual, non-competitive environment. Learn about web application security and hack into anything from a healthcare platform to an e-commerce site!
Computer with internet access.
No pre-qualification.
- ics Calendar file
Something isn’t right...
Hackwell Heights Medical Center, a naval hospital, has been thrust into chaos. A highly skilled spy has infiltrated the hospital's cybersecurity defenses, stealing sensitive patient information and threatening the lives of those under its care. As the hospital teeters on the brink of catastrophe, it’s up to you and your team to track down the intruder, uncover their methods, and stop the devastating chain of attacks before it’s too late.
Will you rise to the challenge and secure the future of Hackwell Heights Medical Center, or will the spy vanish with secrets that could endanger countless lives?
Join the Biohacking Village CTF and prove your skills in Code Crimson: A Biohackers Emergency.
- ics Calendar file
What if I told you that until recently, sharing CloudWatch dashboards publicly could introduce an initial access vector for attackers targeting AWS accounts? And that a series of bugs rooted in Amazon Cognito resulted in dozens of dashboards being exposed on the internet?
This is the story of a vulnerability accidentally discovered in a cloud security assessment and patched by AWS in July 2024, which provided unauthenticated actors some ...unexpected permissions into a target account. Our research takes a deep dive into this relatively unknown exploitation technique, showcasing once more why default configuration isn't always secure.
Join us in this journey that starts from the peculiar discovery, covers the analysis of an undocumented web application, and leads to the eventual 4-step attack that could breach the cloud perimeter. This talk will not only investigate the impact of a bug that once was, but will also discuss the risks remaining post-remediation, providing guidance on what AWS users can do to protect their estates against abuse.
SpeakerBio: Leo TsaousisLeo is a Senior Security Consultant at WithSecure where he leads the Attack Path Mapping service. His current role involves planning and conducting offensive security assessments, while building the team globally and pushing the boundaries of adversarial simulation.
When he’s not helping SOC teams or leading purple teams for WithSecure’s clients, you will find Leo presenting in security conferences around the world including DEF CON, SO-CON, DEATHcon, ROOTCON and BSides. His research output has ranged from mobile security to CVEs on IBM and Cisco products but his secret passion of cloud security can be seen from talks about AWS attack paths and Kubernetes threat detection.
- ics Calendar file
This is your last chance to place a phone call from inside the soundproof booth! You know you want to!
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
Various cyber tools and techniques have been utilized based on information from past attacks. Game players will learn about different cyber security frameworks, cyber-attack processes, and how they can use utilized in a fun way. The game is built to teach key cyber terms, theory and apply techniques based on real-world scenarios.
As a player, you are part of a Cyber Protection Team (CPT) assigned to the mission to prevent various attacks on critical infrastructure. Your task is to use the available information that your team has at your disposal to stop the adversary from achieving their objective.
Players will find themselves in a variety of future scenarios based on a specific industry/sector focus e.g. manufacturing, utilities, defense, finance. The task will be to defend each individual network/system to govern, identify, protect, detect, respond and recover against abnormal/suspicious activities on the network. You will be working against a global hacker network who is threatening to disrupt the overall operations of critical infrastructure sites for nefarious means.
Cyber Defender - The Game, teaches cyber professionals how hackers operate, the cyber kill chain, and tactics, techniques and procedures (TTPs) that can be employed to defend and attack critical infrastructure.
No
No
- ics Calendar file
Participants fly a custom narrow-body airliner with realistic controls and functions on approach to KBZN while encountering various cyber-anomalies. This challenge typically takes about 6 minutes, with a maximum of 15 minutes.
- ics Calendar file
One year after launch, the DEF CON Franklin returns to the Mainstage with partners from the Cyber Resilience Corps with updates on their mission to empower local communities through cyber volunteering and grassroots defense. We'll share key lessons learned from running on-the-ground volunteering programs and future plans for scaling civic cyber defense by joining forces. From helping small towns respond to ransomware to building rapid-response volunteer teams, this talk will highlight how hackers and technologists are stepping up to protect the public good—one community at a time.
References:
Speakers:Sarah Powazek,Jake Braun,Adrien OgeeSarah Powazek is the Program Director of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity (CLTC), where she leads flagship research on defending low-resource organizations like nonprofits, municipalities, and schools from cyber attacks. She serves as Co-Chair of the Cyber Resilience Corps and is also Senior Advisor for the Consortium of Cybersecurity Clinics, advocating for the expansion of clinical cyber education around the world. Sarah hosts the Cyber Civil Defense Summit, an annual mission-based gathering of cyber defenders to protect the nation’s most vulnerable public infrastructure. Sarah previously worked at CrowdStrike Strategic Advisory Services, and as the Program Manager of the Ransomware Task Force. In her free time, she serves as Deputy Director of DistrictCon, a hacker conference based in D.C.
SpeakerBio: Jake BraunJake Braun is the Executive Director of the Cyber Policy Initiative at the University of Chicago Harris School of Public Policy and Co-Founder of Cambridge Global Advisors, a national security consulting firm. He most recently served in The White House as acting Principal Deputy National Cyber Director. Prior to that role, Mr. Braun was appointed by The President as Senior Counselor to the Secretary of the Department of Homeland Security. Mr. Braun is the author of Democracy in Danger: How Hackers and Activists Exposed Fatal Flaws in the Election System (Rowman & Littlefield, 2019).
In addition to his role at the University of Chicago, Mr. Braun co-founded the DEF CON Voting Machine Hacking Village. In that capacity he co-authored two award-winning reports on the cyber security of our election infrastructure: the DEF CON 25 and 26 Voting Village Reports. Most recently, he partnered with DEF CON to launch “Franklin,” a program to memorialize the most innovative and impactful findings from DEF CON in the annual “Hackers’ Almanack.” “Franklin” also recruits cyber volunteers to support underresourced critical infrastructure.
SpeakerBio: Adrien OgeeAdrien spent his career in various cyber crisis response roles in Thales, the French and European Cybersecurity Agencies (ANSSI and ENISA), and the World Economic Forum. At the Institute, he oversees the provision of cybersecurity assistance to vulnerable populations. Adrien holds an MEng in telecommunication and information systems, an MSc in Global Security and has an MBA.
- ics Calendar file
No spoilers! Join us for a thrilling premier of a DoD-designed wargame about undersea threats and cyber planning.
SpeakerBio: Jared MacDonald, NUWC
- ics Calendar file
Cyberjūtsu is a new way to teach cybersecurity inspired from martial arts trainings. It is an educational way which allows everyone (novice to expert) to practice together and improve themselves in cybersecurity through confrontation. It follows budō (judo, jujitsu, karate...) principles and ethical code. The goal is to reach "maximum-efficient use of computer" in a "mutual benefit" of a human confrontation. It's a digital martial art fight e-sport using linux shell.
- ics Calendar file
Participants fly a simulated DA-62 complete with realistic Garmin instruments on approach into KDAB while encountering randomized GPS-spoof related scenarios. You can successfully complete the scenario by safely landing on your cleared runway. This challenge typically takes about 7 minutes, with a maximum of 20 minutes.
- ics Calendar file
(DCNextGen is for youth 8-18 attending DEF CON) And just like that, it's a wrap! While we're sad to see the fun end, we want to give everyone one last big thank you.
Join us for a final farewell to say goodbye to new friends and hear about all the cool plans we have for next year. We'll also be handing out prizes for all the Capture the Flag (CTF) events—you must be present to win!
SpeakerBio: BiaSciLab, CEO at Girls Who HackBianca 'BiaSciLab' Lewis is an 18 year old hacker that has been working in cyber security since the age of 11. She started her journey by hacking a mock election reporting system at Defcon at the age of 12 gaining national attention leading her to attend a congressional hearing on election security. Since then Bianca has become an international speaker discussing election security, Social Media Psyops, psychological warfare, women in tech, and other various cyber security topics at DEF CON, Black Hat, Defcamp and numerous other conferences including H.O.P.E. where she was the youngest ever to speak. Seeing the lack of young girls in the cyber space, she also started Girls Who Hack, her non-profit with the mission of teaching girls the skills of hacking so that they can change the future. She provides free online and in person classes on the most important topics in cyber security and online safety. Currently BiaSciLab is a key member of The Hacking Games working as the lead of their youth advisory and influence board “C.Y.B.E.R.” that exists to support The Hacking Games mission to guide the next generation with a passion for hacking onto pathways that drive positive change in the world.
- ics Calendar file
Come try your hand at being a DDoS attacker and/or defender in this fun cyberwar simulation. No experience or laptop needed! Sessions run every half hour.
- ics Calendar file
We demonstrate a vulnerability in a commonly-used autopilot computer that allows unsigned firmware to be pushed through trusted update channels such as SD cards and NMEA 2000 networked chart plotters without authentication or cryptographic validation. We show how a malicious ‘.swup’ file can be crafted and accepted by the system to gain persistent code execution, enabling arbitrary CAN bus injection on marine control networks. The attack chain, reminiscent of removable media-style delivery in air-gapped systems, demonstrates how firmware-level control in marine environments can be leveraged to disrupt navigation subsystems. We will walk through firmware extraction, reverse engineering of firmware and CAN subroutines, firmware repackaging, and live effects on NMEA 2000 networks. No physical access to the autopilot is needed, the attack leverages trusted firmware delivery via the chart plotter over NMEA 2000.
Speakers:Carson Green,Rik ChatterjeeCarson Green is a graduate research assistant in systems engineering from Colorado State University, with a bachelor’s degree in electrical engineering. He enjoys designing and debugging PCB’s, researching vulnerabilities in cyber-physical systems, and can often be found playing the banjo.
SpeakerBio: Rik Chatterjee, Colorado State UniversityRik is a PhD student at Colorado State University exploring the tangled edge of embedded systems and cybersecurity. His research focuses into real-world vulnerabilities in automotive and industrial controllers, from reverse-engineering to network protocol level vulnerabilities. He’s previously shared his work at DEF CON and NDSS. When he’s not pulling apart PCBs, you’ll find him elbow-deep in his vegetable garden, proving that both firmware and tomatoes need rooting.
- ics Calendar file
Modern processors are built for speed, but in doing so, they make dangerous assumptions. The very features that make processors fast can also make them untrustworthy. This talk explores how features like speculative and out-of-order execution open the door to powerful side-channel attacks like Spectre and Meltdown. You’ll learn how these vulnerabilities allow attackers to read privileged memory, bypass isolation, and leak secrets that should never be exposed. Through clear explanations and live demonstrations, we’ll show how trust in hardware can be misplaced and how those lies can be turned into exploits.
SpeakerBio: robwaz, Arizona State University
- ics Calendar file
The DEF CON MUD IS BACK... We tried to do battletech but we realized we needed better documentation.
Like all good plans we put together a new one at the last minute....
Without further delay we announce......Cheeseworld!!! An LPMUD from the 90's, a world of cheese, furbys and code that we have no idea how it's still working. Find ancient bugs, explore Wensleydale, roam the Nacho forest...
Download mudlet and connect to mud.defcon.wtf port 3022 (TLS) or 3000 (telnet)
Find EvilMog in the Contest and Events Area, the prize is usually pretty epic, winners chosen at 2pm Sunday August 10th.
Open now, get DEF CON started early!!!
- ics Calendar file
New to hacking? Start here. The DEF CON Academy is your entry point into the world of hacking and Capture the Flag (CTF) competitions. No experience? No problem. Stop by and you'll start with the basics — Linux commands, web security, binary challenges, and reverse engineering — and build up from there at your own pace. Mentors and real CTF pros will be on-site to help you when you get stuck, explain concepts, and cheer you on. Come sit down for a bit, plug in, enjoy our scheduled talks, and start leveling up your skills in a hands-on, no-pressure environment.
- ics Calendar file
Mr. Moss is an internet security expert and is the founder of Both the Black Hat Briefings and DEF CON Hacking conferences.
- ics Calendar file
DEF CON hosts many CTF contests, but this one is special for us and our players. It is almost entirely binaries, all original, and designed to test the top teams in the world, no matter what automated assistance they bring with them. It’s an attack-defense contest, which enables even more treachery and creativity from players. Back for a fourth year are LiveCTF head-to-head reversing races, bringing more strategy and excitement to our busy game.
- ics Calendar file
Whether you're a seasoned DEF CON veteran or a curious newcomer, the DEF CON Scavenger Hunt promises to challenge your skills, tickle your wits, and ignite your hacker spirit. Our list is a portal to mystery, mischief, and mayhem. Assemble your team of up to 5 members, interpret the items, and submit your efforts at the booth to our esteemed judges. Go beyond the basics for bonus points. Legends are born here.
The DEF CON Scavenger Hunt is open to everyone, regardless of skill level or experience, no pre-qualifying necessary. We strive to maintain the balance of a low barrier to entry while providing a challenge that many are eager to take on. Casual players should not be overwhelmed by the list, find a handful of items and have fun. If you are looking to win however, you will need to fully immerse yourself in the DEF CON Scavenger Hunt. Let's make some memories together.
Remember that it's not just about fame, glory, or boxes of swag; the true allure is the camaraderie of fellow hackers, the knowledge that you've etched your mark on DEF CON history, and the ultimate badge of honor: bragging rights. Nothing says "I'm a hacker" quite like being triumphant at the DEF CON Scavenger Hunt.
- ics Calendar file
Defcon.run is a beloved tradition at DEF CON, bringing together hackers for a refreshing start to the day. Originally known as the DEF CON 4x5K, the event has evolved into a distributed, community-driven experience featuring fun runs and rucks across Las Vegas. Participants can choose from various routes, ranging from simple 5Ks to more ambitious distances.
For DEF CON 33, the gathering point is "The Spot" by the North Entrance of the Las Vegas Convention Center West Hall. Here, the real wild hares gather before the sun has a chance to burn up this city of sin. The runs kick off at 06:00 Thursday through Sunday! But be there early for hype talks and shenanigans. We also have a whole new Meshtastic setup and website features we're adding. There are other runs swag drops and social meetups planned throughout the day and night as well!
Whether you're a seasoned runner or looking for something different, defcon.run offers a unique way to connect with other hackers and kick off your day. For more details and to sign up, visit defcon.run.
- ics Calendar file
Chaos at a major international airport. Flight info displays flicker with false data. Baggage systems fail. Aircraft controls are compromised. Even the skies are no longer safe. Your mission: investigate the breach, neutralize the threats, and take back control of the airport. The airport depends on you. The clock is ticking!
- ics Calendar file
A dedicated area equipped with the necessary tools, where visitors can experiment with various techniques and concepts under expert guidance.
- ics Calendar file
Join us for a self-guided interactive look at GE Applinces and get hands on with some of our most popular home appliances!
And for all Home Assistant enthusiasts!
Check us out and we will help you get started!
Find anything related to security? Contact our PSIRT by visiting our security webpage:
GEAppliances.comn/security
- ics Calendar file
We all understand the importance of having a solid support network, but growing your community and "promoting" yourself can feel awkward (especially if being in the spotlight isn't your cup of tea!). Personal branding and networking are important aspects of growing your community, and there are steps that even the most introverted of introverts can take to expand their network. This group discussion will help attendees: improve their presence on LinkedIn and other social media platforms; find impactful networking opportunities that aren't terrifying; and find ways to make self-promotion and "tooting your own horn" feel less awkward. Toot toot!
SpeakerBio: Jennifer VanAntwerp, Founder at Sober in CyberJen VanAntwerp is the founder of Sober in Cyber, a nonprofit on a mission to provide alcohol-free events and community-building opportunities for sober individuals working in cybersecurity. She is passionate about breaking the stigma of addiction recovery and is profoundly driven to increase the number of professional networking events that don’t revolve around alcohol. Jen is also the ABM manager at StrongDM, the Zero Trust privileged access platform. When she’s not developing marketing strategies or running her nonprofit, Jen enjoys volunteering, sewing, and tinkering with her beloved ’65 Ranchero.
- ics Calendar file
Kubernetes has become a center of modern cloud-native applications. Its complex architecture and dynamic nature introduce new security issues regularly, and while significant strides have been made in addressing security challenges, the task of managing entities and their access rights remains daunting. This talk will explore authorization auditing, examining the challenges of identifying cluster entities and access rights vs the required privileges to perform their intended tasks. We will discuss the importance of audit logs in understanding access patterns and complexities associated with such log analysis. We will introduce KIEMPossible, an open-source tool designed to help achieve least privilege status. KIEMPossible analyzes entities' permissions and usage through audit logs, providing insights for informed decision-making. This aims to simplify Kubernetes Infrastructure Entitlement Management (KIEM), allowing organizations to mitigate risks associated with excessive privileges.
SpeakerBio: Golan MyersA Security Researcher at Palo Alto Networks specializing in Cloud and Kubernetes.
- ics Calendar file
ICS Malware is rare. Yet, ICS Malware like FrostyGoop and TRISIS, and related discoveries like COSMICENERGY, were all found on VirusTotal, so analysts still hunt for novel ICS Malware in public malware repositories. In the process, they discover all kinds of tools: research, CTFs, obfuscated nonsense code with no effects, and sometimes, malware targeting ICS/OT sites. But how do they find and filter out the benign from malicious? Or the ICS and ICS-related malware from regular IT malware?
In this talk, we will use recently discovered samples to walk through the process of hunting and analyzing potential ICS threats. We’ll show the simple queries we use to cast a net, our typical analysis process, and relevant follow-on actions like victim notification. Lastly, we’ll discuss how we decide whether a sample is ICS malware using Dragos’s ICS malware definition.
Speakers:Jimmy Wylie,Sam HansonJimmy Wylie is a malware analyst at Dragos, Inc., who searches for and analyzes threats to critical infrastructure. He was the lead analyst on PIPEDREAM, the first ICS attack ""utility belt"", and TRISIS, the first malware to target a safety instrumented system. Formerly a DoD Contractor and malware analysis instructor, he has over 14 years of experience with reverse engineering and malware analysis. In his off-time, Jimmy enjoys playing board games, solving crossword puzzles, and testing the limits of his library card. He can be found on BlueSky: @mayahustle.bsky.social
SpeakerBio: Sam Hanson, DragosSam is currently an Associate Principal Vulnerability Analyst at Dragos where he researches vulnerabilities and malware impacting OT/ICS systems. Specifically, Sam discovers 0-day vulnerabilities in industrial software and threat hunts for ICS-related malware in public data sources. Sam has analyzed notable ICS-related malware, including components of PIPEDREAM and Fuxnet. Sam has presented at several cybersecurity conferences, including Dragos’ DISC (’22 and ’23), DISC:EU ‘24, and BSides:Zurich.
- ics Calendar file
A quick talk about the basics around Physical Security Assessment.
SpeakerBio: The Magician
- ics Calendar file
Experience the thrill of flying a drone in our custom-built cage right on the showroom floor. This activity is designed for everyone to enjoy, from kids to adults. Fly mini drones around the cage and see how well you can control these agile little machines. It's a fun, interactive way to learn the basics of drone piloting in a safe environment.
- ics Calendar file
Join our Drone Hacking Workshop and get hands-on experience with hacking into drone microcontrollers. This three-step in-depth activity is designed to teach you about the vulnerabilities and security of autonomous systems. Using sample drones, participants will learn techniques used in government pen tests. This workshop is suitable for all skill levels, from beginners to advanced hackers. Come and test your skills in a real-world scenario and understand the intricacies of drone security.
- ics Calendar file
Are you an IT or cybersecurity professional tired of navigating corporate hierarchies and seeking permission to innovate? This 45-minute session is your roadmap to transforming from an employee to an entrepreneur, taking full ownership of your expertise and future. We'll dismantle the traditional barriers to entry and empower you to become a game-changer in the Managed Service Provider (MSP) landscape.
This talk will equip you with actionable strategies and practical resources to launch and scale your own successful MSP. We will delve into the essentials of building a robust service offering, with a strong emphasis on cybersecurity. Discover proven techniques for effectively responding to security-focused Request for Proposals (RFPs) and crafting compelling Request for Quotations (RFQs) that win business. Furthermore, we'll explore powerful models for collaboration and teaming up with fellow professionals to expand your capabilities and market reach. Finally, we will address the critical aspect of funding, outlining various avenues to secure the capital needed to fuel your venture.
Join us to learn how to duck the gatekeepers, bypass the permission slips, and step into a future of full ownership, innovation, and impactful service delivery. It's time to become the game changer you were meant to be.
SpeakerBio: Kevin MitchellKevin Mitchell is a highly accomplished security professional with over 8 years of expertise spanning hardware embedded systems, automotive security, and application security. His deep technical skills encompass penetration testing, vulnerability research, firmware reverse engineering, and hardware analysis, evidenced by the discovery of CVE-2023-52709. 1 Kevin also brings experience in utilizing SAST/SCA tools and managing software dependencies with SBOMs, complemented by industry certifications like CISSP, CEH, and OSWP. He is a proactive and results-oriented individual dedicated to securing cutting-edge technologies.
- ics Calendar file
In this interactive exercise, you’ll learn how easy it is nowadays to reverse engineer the apps that are used to configure and interact with IoT devices.
IoT hacking with no multimeter or soldering iron required!
- ics Calendar file
Flow into the world of Tai Chi, where movement meets meditation. This ancient practice creates harmony between the mind and body and cultivates our inner chi or life force energy. The gentle movements with mindful breathwork relax the body, stretch the muscles and move energy improving strength, flexibility and balance. This mind-body practice also centers the mind, reduces stress and helps one to feel grounded and present.
During this moving meditation, we will connect with our inner nature, our community and the beautiful land that surrounds us calling in and moving through the 4 directions and elements of Air, Fire, Water and Earth.
This workshop is inclusive of all bodies. EveryBODY is Welcome here.
SpeakerBio: Megan AllenHi, I’m Megan Allen.
My work focuses on a holistic approach to health; moving the body’s natural energy into alignment with Earth and the seven chakras. I practice integrative wellness - honoring a person's emotional, mental, physical and spiritual well-being. I provide intuitive healing sessions and work with clients to relax the mind, increase body awareness and balance energy flow.
I also facilitate community wellness workshops, ceremonies and transformational group programs inviting participants to disconnect from their busy lives, turn inward and tap into the present to restore and maintain the body’s energetic balance and cultivate self-love, empowerment and sovereignty.
I inspire people to activate their highest potential in alignment with their wise hearts and to promote healing from within. I tailor my sessions to reflect this; using techniques from my healing disciplines as well as my love for Traditional Chinese Medicine, holistic aromatherapy, crystals and essential oils, tarot, animal medicine cards and a deep reverence for nature.
Nature is one of my greatest teachers. It constantly teaches me about grounding, stability, resilience, boundaries, growth, and stillness.
- ics Calendar file
Elevator floor lockouts are often used as an additional, or the only, layer of security. This talk will focus on how to correctly incorporate elevators into your security design, and how badly set up elevators could be used to access restricted areas– including using special operating modes, tricking the controller into taking you there, and hoistway entry.
Speakers:Bobby Graydon,Ege FeyziogluBobby is involved in the planning of Physical Security Village. He enjoys anything mechanical and is currently serving as VP R&D at GGR Security Consultants. I like trains and milk.
SpeakerBio: Ege Feyzioglu, Physical Security VillageEge is a security researcher specialising in access control systems and electronics. She is currently pursuing a degree in Electrical Engineering and work part-time for GGR Security as a Security Risk Assessor
- ics Calendar file
This is the main event at Embedded Systems Village and was awarded the Black Badge at DEFCON 32. Come and show off your skills at hacking our collection of vulnerable embedded devices and find flags to score points! From the networked embedded devices to hands-on embedded challenges, this CTF will be sure to challenge!
- ics Calendar file
Hack your first embedded system! Sit down at our provided laptops and be guided through exploiting an IP camera, then learn how you can set up the emulated camera (and other devices) at home with Ludus!
- ics Calendar file
Win bug bounty prize by escaping a game sandbox environment
- ics Calendar file
Google's Privacy Sandbox initiative aims to provide privacy-preserving alternatives to third-party cookies by introducing new web APIs. This talk will examine potential client-side deanonymization attacks that can compromise user privacy by exploiting vulnerabilities and misconfigurations within these APIs.
I will explore the Attribution Reporting API, detailing how debugging reports can bypass privacy mechanisms like Referrer-Policy, potentially exposing sensitive user information. I will also explain how destination hijacking, in conjunction with a side-channel attack using storage limit oracles, can be used to reconstruct browsing history, demonstrating a more complex deanonymization technique.
Additionally, I will cover vulnerabilities in the Shared Storage API, illustrating how insecure cross-site worklet code can leak data stored within Shared Storage, despite the API being deliberately designed to prevent direct data access. Real-world examples and potential attack scenarios will be discussed to highlight the practical implications of these vulnerabilities.
The presentation will conclude by emphasizing the critical need for rigorous security and privacy research to ensure that Privacy Sandbox APIs effectively protect user data and achieve their intended privacy goals, given the complexity and potential for unintended consequences in their design and implementation.
SpeakerBio: Eugene "spaceraccoon" LimEugene Lim is a security researcher and white hat hacker. From Amazon to Zoom, he has helped secure applications from a range of vulnerabilities. His work has been featured at top conferences such as Black Hat, DEF CON, and industry publications like WIRED and The Register.
- ics Calendar file
A deep dive into real-world, high-profile CVEs exposes a critical pitfall in AppSec: treating every high-severity vulnerability urgently without understanding its exploitability and business impact. We’ll analyze cases where CVEs are labeled as critical but were originally exploited in different environments, and often found in widely shared kernel code that turned out to be nearly impossible to exploit on cloud containers. By dissecting CVE patches, tracing fix propagation, and attack vectors across platforms like Android, Chrome, and cloud containers, we’ll reveal how misinterpreting CVE context leads to wasted triage cycles, unnecessary fixes, and security teams chasing irrelevant threats.
Speakers:Liad Cohen,Moshe Siman Tov BustanLiad Cohen is a Security Research Team Lead and a Data Scientist at OX Security. His day-to-day work involves empowering open source security and code security with AI capabilities, developing innovative data-driven AppSec detection systems from ideation to PoCs to production, and making product roadmap a reality, backed by deep pioneer security research. He started his career as a young "script kiddie", later becoming a gifted mathematician. Liad holds a Master of Science degree in Computer Science. He is a Mentor in hackathons and CTFs, publishing academic papers and articles in security journals and presented state of the art security research at BlackHat USA, RSA Conference, OWASP Global and others.
SpeakerBio: Moshe Siman Tov BustanMoshe is a Senior Security Researcher at OX Security, a company specializing in software supply chain security, and has worked in the security industry for 13 years. His work spans cloud security research, container security, memory forensics, and an in-depth understanding of programming languages. He also has extensive experience in mobile security, including iOS and Android research, deep analysis of Android malware, sandboxing, and memory forensics.
Beyond security research, Moshe has published multiple "Can It Run Doom?" projects online, and is also a professional guitarist in a progressive metal band.
- ics Calendar file
Prove your air combat superiority. Only the sharpest contenders will win the limited edition F-35 PCB badge, a symbol of your elite technical skills. Test your wits, and aerospace savvy in this exclusive showdown to earn your wings in the ultimate test of aerospace analytic problem solving. Challenges drop all weekend long.
- ics Calendar file
In this challenge, participants are given an encrypted firmware image for a D-Link access poitn alone with its publicly available GPL release.
The objective is to decrypt the firmware using clues from open source files.
This is a realistic test of practical reverse engineering and firmware analysis skills, with a focus on identifying overlooked assumptions in standard tooling.
- ics Calendar file
AppSec Village is proud to present our DEF CON Contest in partnership with SecDim. Unlike a typical CTF, this contest rewards the players who fix security vulnerabilities. You can choose between secure coding challenges or competing against other players in an Attack & Defence AppSec challenge, where you need to secure your app before being given a chance to hack other players’ apps😈. You can also develop your own AppSec challenge by following the challenge contribution guidelines. All approved challenges will be hosted during AppSec Village @ DEF CON.
There are two categories of winners: - The player with the highest total points by the end of the event (August 10 at noon PDT) - The best-contributed challenge submission
The Award Ceremony will be held at 12:45 PM PDT in the AppSec Village on August 10.
- ics Calendar file
In the discipline of Format Fu, silence is strength and syntax is sharp. This session explores the art of exploiting format string vulnerabilities, where crafted output can be used to leak memory, overwrite values, and seize control. A single percent x can expose stack addresses. A carefully placed percent n can rewrite memory. You will learn to recognize these subtle flaws, manipulate them with precision, and turn seemingly harmless input into a powerful exploit.
SpeakerBio: tedan_vosin, Arizona State University
- ics Calendar file
The Ham Radio Village is excited to return to DEF CON 33, offering you the opportunity "Access Everything" by gaining you access to the airwaves though free amateur radio license exams! Ham radio has a long history with ham radio operators being considered the original electronic hackers, innovating long before computers, integrated circuits, or even transistors were invented. The Ham Radio Village keeps this spirit alive by providing free ham radio license exams at DEF CON.
In today's world, wireless communication is essential. A fundamental understanding of radio technology is more important than ever. Earning your amateur radio license opens the door to the world of amateur radio, providing you with valuable knowledge of radio frequency (RF) technology. This knowledge can be applied to a wide range of other RF-related topics, including RFID credentials, Wi-Fi, and other wireless communication systems.
Registration is required and can be completed anytime before taking the exam.
Exams are drop-in and you can show up ant anytime during the testing window until 45 minutes before the end of the exam session (to allow ample time for testing, grading, and paperwork).
One registration covers you for the whole weekend -- no need to pick a specific day.
- ics Calendar file
We know DEF CON and Vegas can be a lot. If you're a friend of Bill W who's looking for a meeting or just a place to collect yourself, DEF CON 33 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in W301.
- ics Calendar file
Create a custom bracelet to wear or trade, each featuring a special bead with a hidden message or symbol of empowerment. This tactile, low-key activity is perfect for starting conversations and forming connections across the community. No crafting experience needed, just good vibes and open hands. Join us during this hour for a WISP bead to add to your bracelet!
- ics Calendar file
This year at Rapid7’s hands-on hardware hacking lab, you’ll dive in deep to gain root access on an IoT.
Using tools like Flashrom and Hexedit, we’ll guid you through dumping SPI flash, modifying firmware dump to force single user mode, and using UART to interact with the target.
Then we’ll rebuild the environment, load drivers, and regain full acess – finishing with modifying the “CORRECT” root password file to take complete control.
- ics Calendar file
Los modelos de lenguaje han revolucionado la productividad… y también han abierto nuevas superficies de ataque. Esta charla presenta un recorrido práctico por el OWASP Top 10 para LLMs, destacando vulnerabilidades como prompt injection, data leakage, model denial y más.x000D x000D A través de demostraciones reales, analizaremos cómo estas fallas pueden ser explotadas en entornos empresariales y cómo mitigarlas desde la perspectiva de la seguridad ofensiva y defensiva.x000D x000D Si te interesa el hacking de IA, el análisis de riesgos emergentes o simplemente quieres ver cómo se puede pwn un modelo con unas líneas de texto, esta charla es para vos.x000D
SpeakerBio: Randy Varela, Senior Security Consultant - Akamaix000D Randy Varela @𝙃𝙖𝙘𝙠𝙞𝙣𝙜𝙢𝙚𝙨𝙨 is a cybersecurity professional with a solid decade immersed in cybersecurity from Costa Rica 🇨🇷 My role as a cybersecurity leader has led me to work on multiple projects from Red Teaming, Risk and Compliance, SOC engineering, Cloud Architect, and Pentesting.
- ics Calendar file
- ics Calendar file
Ship-to-shore cranes manufactured in China have faced increased scrutiny from the United States Congress in the past year due to concerns about potential supply chain vulnerabilities, pricing practices, and the global dependence on these critical infrastructure components produced by Chinese state-owned companies.
Coast Guard Cyber Protection Teams (CPTs) have been the US government’s primary resource doing technical cybersecurity work on these cranes – to include assessment, threat hunting, and incident response operations. This talk discusses findings and recommendations from over 11 crane missions conducted by US Coast Guard CPTs, to include the existence of surprise cellular modems and potential attack paths.
References:
Lieutenant Commander Kenny Miltenberger currently serves as the first Commanding Officer of the 2003 Cyber Protection Team (CPT) in Alameda, CA. He is responsible for protecting the nation’s Marine Transportation System in cyberspace by conducting hunt, assess, and incident response operations. His team is the Coast Guard’s newest CPT and the only CPT geographically detached from Coast Guard Cyber Command (CGCYBER).
Kenny recently completed an assignment where he founded the Coast Guard’s Red Team and ran the Coast Guard's Blue Team (cooperative assessments). During that tour he founded CGCYBER’s educational phishing capability, led cyber Opposing Forces for a major multinational exercise, and oversaw over 100 Red and Blue Team missions during his tour. Other notable positions include his work as an engineer for the U.S. Navy’s Naval Sea Systems Command, where he was a developer on a shipboard cyber security platform.
Kenny has a BS in Electrical Engineering from the Coast Guard Academy and an MS Electrical Engineering from University of Maryland College Park.
Kenny has also worked as part-time faculty at University of Maryland, College Park, where he taught Binary Exploitation in their Cyber Masters Program. Industry certifications include OSCP, GXPN, GCPN, GREM, GPEN, GNFA, GCIH, GISP, and CISSP.
SpeakerBio: Nicholas FredericksenLieutenant Commander (LCDR) Nick Fredericksen currently serves as the first Commanding Officer of the 1790 Cyber Protection Team (CPT) in Washington, DC. He is responsible for protecting the nation’s Marine Transportation System (MTS) in cyberspace by conducting assess, hunt, and incident response operations. The 1790 CPT is the Coast Guard’s first CPT, reaching full operational status in Spring 2021.
Nick's previous assignment was Deputy of Coast Guard Cyber Command’s Maritime Cyber Readiness Branch. His primary duties included leading a team of marine safety professionals trained in cybersecurity and dedicated to raising the consistency, competency, and capabilities of cybersecurity in the MTS. This included cybersecurity incident investigations; studying the Techniques, Tactics, and Procedures of threat actors; and providing critical stakeholders awareness publications and information sharing.
Other notable assignments include conducting IT project management where he led the Coast Guard’s first service migration to a modernized, software-as-a-service managed solution.
Nick has a BS degree in Operations Research and Computer Analysis and an MS in Information Systems Management from Florida Institute of Technology.
His cybersecurity certifications include CISSP, GCIH, GICSP, GCFA, and GPEN.
- ics Calendar file
What do elite basketball teams and top-tier cybersecurity professionals have in common? More than you might think. In this talk, I’ll share how my journey as a basketball player and official provided a unique foundation for a thriving career in cybersecurity. From the hardwood to the SOC, the skills of teamwork, rapid decision-making, communication, and strategic thinking are not just transferable—they’re essential. Drawing on real-world examples, I’ll demonstrate how the lessons learned from the court directly translate to defending against digital threats, building resilient teams, and navigating high-pressure incidents. Whether you’re a sports enthusiast, a cybersecurity pro, or just curious about unconventional career paths, this session will show you how to leverage your own unique experiences for success in the cyber arena.
SpeakerBio: Jason BrooksJason Brooks is a cybersecurity professional with a unique blend of military discipline and Silicon Valley roots. A proud Bay Area native and U.S. Navy veteran, Jason brings over a decade of experience in threat intelligence, SOC operations, and cyber defense strategy. With a passion for both technology and community, he identifies as a "nerdlete"—a lifelong learner and athlete—dedicated to protecting digital infrastructure while mentoring the next generation of cyber talent. Grounded in the birthplace of modern tech, Jason represents the second generation of innovators committed to making cybersecurity more diverse, effective, and equitable.
- ics Calendar file
This talk pulls the curtain on the behind-the-scenes badge-making story of the second official Bug Bounty Village badge. A fascinating and intricate blend of interactive electronics, layered PCB prints, and Matrix-style LED effects, all wrapped around an engaging CTF.
SpeakerBio: Abhinav Pandagale, Founder at Hackerware.ioAbhinav's artistry comes from the times he used to sneakily paint drawings made by his sister. His hacking career began as a toddler, disassembling his toys but never put them back together. His entrepreneurial roots come from selling snacks at a school fair and making a loss of . Having learned how not to make money, he launched Hackerware.io - a boutique badgelife lab with in-house manufacturing - which has grown over the past nine years into a global presence across 19 countries. He’s often spotted at conferences around the world - hosting hardware villages or pulling off the kind of random shenanigans that earned him the Sin CON Person of the Year 2025 award.
- ics Calendar file
Modern IT systems are complex and it’s all about full-stack nowadays. To become a pentesting expert, you need to dive into full-stack exploitation and gain a lot of practical skills. That’s why I created the Full-Stack Pentesting Laboratory.
For each attack, vulnerability and technique presented in this training there is a lab exercise to help you master full-stack pentesting step by step. What’s more, when the training is over, you can take the complete lab environment home to hack again at your own pace.
I found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training I’ll share my experience with you. The content of this training has been carefully selected to cover the topics most frequently requested by professional penetration testers.
Note: This training was sold out at DEF CON 2024 and received very positive feedback from students. That’s why we're bringing it back to Las Vegas for DEF CON 2025.
SpeakerBio: Dawid Czagan, Founder and CEO at Silesia Security LabDawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his offensive security experience in his hands-on trainings. He delivered trainings at key industry conferences such as DEF CON (Las Vegas), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (references are attached to Dawid Czagan's LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions).
Dawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan), YouTube (https://www.youtube.com/channel/UCG-sIlaM1xXmetFtEfqtOqg), and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).
- ics Calendar file
Modern IT systems are complex and it’s all about full-stack nowadays. To become a pentesting expert, you need to dive into full-stack exploitation and gain a lot of practical skills. That’s why I created the Full-Stack Pentesting Laboratory.
For each attack, vulnerability and technique presented in this training there is a lab exercise to help you master full-stack pentesting step by step. What’s more, when the training is over, you can take the complete lab environment home to hack again at your own pace.
I found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training I’ll share my experience with you. The content of this training has been carefully selected to cover the topics most frequently requested by professional penetration testers.
Note: This training was sold out at DEF CON 2024 and received very positive feedback from students. That’s why we're bringing it back to Las Vegas for DEF CON 2025.
SpeakerBio: Dawid Czagan, Founder and CEO at Silesia Security LabDawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his offensive security experience in his hands-on trainings. He delivered trainings at key industry conferences such as DEF CON (Las Vegas), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (references are attached to Dawid Czagan's LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions).
Dawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan), YouTube (https://www.youtube.com/channel/UCG-sIlaM1xXmetFtEfqtOqg), and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).
- ics Calendar file
Learn the basics of game hacking by playing a game that teaches you to hack the game itself to progress through levels.
- ics Calendar file
This Pac-Man themed set of challenges takes Players on a journey through learning and demonstrating hacker and information security skills to earn points. With multiple subject-matter specific challenge groups and tracks, this hacker challenge game has something for everyone. Players will only be able to turn in scavenger hunt items during Contest Area Operating Hours.
- ics Calendar file
This Pac-Man themed set of challenges takes Players on a journey through learning and demonstrating hacker and information security skills to earn points. With multiple subject-matter specific challenge groups and tracks, this hacker challenge game has something for everyone. Contest will continue operation on the Scramble.RogueSignal.io website outside of Contest Area Operating Hours until the Contest is closed.
- ics Calendar file
This Pac-Man themed set of challenges takes Players on a journey through learning and demonstrating hacker and information security skills to earn points. With multiple subject-matter specific challenge groups and tracks, this hacker challenge game has something for everyone. Contest will continue operation on the Scramble.RogueSignal.io website outside of Contest Area Operating Hours until the Contest is closed.
- ics Calendar file
This Pac-Man themed set of challenges takes Players on a journey through learning and demonstrating hacker and information security skills to earn points. With multiple subject-matter specific challenge groups and tracks, this hacker challenge game has something for everyone. Contest will continue operation on the Scramble.RogueSignal.io website outside of Contest Area Operating Hours until the Contest is closed.
- ics Calendar file
Rotating real production games to hack in a player vs player competition to create real hacks to win various games. Teams or individuals can win Gold Silver or Bronze or just have fun playing the games
- ics Calendar file
Bug bounty programs often resemble battlegrounds, where security researchers (""hackers"") and vulnerability triagers collide over validity, severity, and bounty rewards. Although this friction can strain relationships, it also represents a powerful opportunity for collaboration and community-building. In this session, experienced bug bounty hacker Richard Hyunho Im (@richeeta) and seasoned triage expert Denis Smajlović (@deni) team up to dissect these challenging interactions, share real-world stories from high-stakes bounty scenarios, and propose practical solutions for improved hacker-triager relationships.
Drawing directly from their experiences on both the researcher and company sides, Richard and Denis cover common scenarios including severity debates (e.g., Gmail aliasing vulnerabilities), unclear bug submissions, controversial gray-area issues (such as Apple's BAC vulnerability rejection), and respectful escalation of bounty disputes (e.g., CVE-2025-24198). Attendees will gain insights into how effective communication, clear business impact framing, and mutual respect can bridge the divide between researchers and triagers.
Beyond monetary rewards, this presentation emphasizes how researchers can strategically leverage bug bounty work to enhance personal branding, build professional networks, and advance career opportunities. With empathy, humor, and candor, Richard and Denis demonstrate that the ""bounty battleground"" doesn't need to be hostile; it can instead become a place for growth, trust, and professional success.
Key takeaways include actionable strategies for clearer reporting, effectively communicating severity, navigating gray-area cases, and respectfully challenging triage decisions. Ultimately, this talk equips attendees with tools and mindsets to positively shape the bug bounty ecosystem and foster genuine collaboration within the community.
Speakers:Richard "richeeta" Hyunho Im,Denis SmajlovićRichard Hyunho Im (@richeeta) is a senior security engineer and independent vulnerability researcher at Route Zero Security. Currently ranked among the top 25 researchers in OpenAI's bug bounty program, Richard has also received security acknowledgements from Apple (CVE-2025-24198, CVE-2025-24225, CVE-2025-30468, and CVE-2024-44235), Microsoft, Google, and the BBC. His research highlights overlooked attack surfaces, focusing on practical exploitation that challenges assumptions about everyday software security.
SpeakerBio: Denis Smajlović, Nova Information SecurityDenis Smajlović (@deni) is an OSCP-certified security engineer and Principal Security Consultant at Nova Information Security. Denis brings extensive experience managing high-profile bug bounty programs and collaborating closely with Fortune 500 companies, global tech firms, and major financial institutions. His specialty lies in bridging gaps between external researchers and internal security teams, clearly translating vulnerabilities into tangible business impacts, and fostering constructive, trust-based relationships between hackers and corporate triagers.
- ics Calendar file
Imagine a hologram that talks, thinks, and operates offline—no cloud, no internet, no mercy. Born on the ISS and battle-tested in zero-gravity, HoloConnect AI is now aiming at Earth’s most vulnerable systems: medical devices.
This talk reveals how we’re embedding vision- and voice-aware AI inside air-gapped holographic agents that run locally, assist in surgery, and diagnose without ever phoning home. We'll unpack how we cracked the interface between hardware, holography, and healthcare, and why offline is the new secure. Expect deep insights on sandboxed AI logic, secure embedded stacks, voice spoofing defense, and real-world risks when you give a glowing face to machine intelligence. Bonus: live demo of a medical-grade hologram running without Wi-Fi—because in space and in surgery, there is no Ctrl+Z.
SpeakerBio: Fernando De La Peña Llaca, DrDr. Fernando De La Peña Llaca reverse-engineered the impossible: beaming a real-time hologram into orbit using consumer devices and custom AI. As CEO of Aexa Aerospace, he led the first off-planet holoportation and is now bringing that tech back to Earth to disrupt how we interact with machines. NASA award-winner, space technologist, and long-time builder, Dr. De La Peña fuses aerospace-grade security with street-smart AI. His current mission? Build a hologram smart enough to help—and locked down enough not to kill. DEF CON is the perfect place to stress-test that logic.
- ics Calendar file
As we know, spacecraft will become prime targets in the modern cyber threat landscape, as they perform critical functions like communication, navigation, and Earth observation. While the launch of the SPARTA framework in October 2022 gave the community insight into potential threats, it didn’t address how to detect them in practical scenarios. In 2025, our research took a different approach as we didn’t just theorize about threats, we actively exploited space systems using SPARTA techniques to figure out what Indicators of Behavior (IoBs) would look like in a real-world attack scenario.
By leveraging offensive cyber techniques from SPARTA, we identified the specific patterns and behaviors that adversaries might exhibit when targeting spacecraft. These insights allowed us to systematically develop IoBs tailored to the operational constraints and unique environments of space systems. As a result, we demonstrated how Intrusion Detection Systems (IDS) for spacecraft can be designed with realistic, data-driven threat profiles.
This presentation will walk through our methodology, from exploiting space systems to crafting practical IoBs, and how these insights can directly translate to building robust IDS solutions. We’ll show how a threat-informed, hands-on approach to cybersecurity can transform theoretical knowledge into practical defenses for space infrastructure.
SpeakerBio: Brandon Bailey, The Aerospace Corporation
- ics Calendar file
Rebooted this year, enjoy a traditional fox hunt tracking down the hidden transmitters.
Up for more of a challenge? Attempt to solve the hidden puzzle within the fox hunt to win the ultimate prize!
--
The last surviving fragments of Project ACCESS, a defunct open comms initiative, have resurfaced. The faceless OmniCorp thought they had erased it from the spectrum, but rogue operatives are pushing back. Disguised among the DEF CON crowd, Foxes are carrying the pieces needed to reboot the system.
They’re broadcasting open signals across the con space. Your job? Track them down, follow the trail, and recover the payloads. Some Foxes are stationary. Others are on the move. All of them have something you need—but they won’t just hand it over. You’ll have to answer DEF CON trivia, solve puzzles, or earn their trust in creative ways.
This isn’t a gear-only hunt. Whether you’re rocking SDRs, handheld radios, or just tuned into the right frequency, you’ve got a shot. It’s part signal chase, part real-world goose chase, and 100% hacker weirdness.
Expect: - Live human Foxes broadcasting short-range signals - Some Foxes roaming the con floor hunt them down, respectfully - DEF CON history questions, crypto puzzles, and maybe a social engineering twist or two - Physical items or clues exchanged when you succeed - No encryption. No gatekeeping. Just old school radio and clever chaos.
Think you can track the signal, crack the code, and restore the last breath of open access?
Then grab your gear, tune in, and start hunting.
RF Fox Hunt(s): To participate in the RF fox hunt(s), you will need a radio or scanner that can receive signals in the 2m and/or 70cm Amateur Radio Bands (144.000 MHz - 148.000 MHz, 420.000 MHz - 450.000 MHz).
Something to read NFC cards.
There is no pre-qualifier to the Ham Radio Fox Hunt.
- ics Calendar file
Every day our lives become more connected to consumer hardware. Every day the approved uses of that hardware are reduced, while the real capabilities expand. Come discover hardware hacking tricks and tips regain some of that capacity, and make your own use for things! We have interactive demos to help you learn new skills. We have challenges to compete against fellow attendees. We have some tools to help with your fever dream modifications. Come share what you know and learn something new.
- ics Calendar file
Curious about hacking chips using fault-injection? Take your first steps in our (free) glitching workshops! We provide you with hardware & guidance to conduct your first fault-injection attacks, all you need is a laptop running Python & OpenOCD: Reproduce the nRF52 "AirTag" glitch or learn how to glitch one of the chips used in crypto-wallets to store millions of dollars.
- ics Calendar file
Don’t know how to make a network cable and want to learn? Has it been years? Or do you think you’re a pro? Come see if you can… make the best cable at con by cut/wire/crimp.
- ics Calendar file
"Hack it if you can" Challenge: HavocAI is challenging hackers at DEF CON 33 to find vulnerabilities and exploits in their "Rampage" Autonomous Surface Vessel software and hardware, offering a $5,000 prize for the best cyber minds who demonstrate exploits. This initiative aims to strengthen the security of autonomous vessels for national security purposes. Pre-registration and US citizenship (with passport) are required to participate.
SpeakerBio: Daniel Morrisey, HavocAI
- ics Calendar file
A place for people with disabilities to hear talks aimed at hacking disabilities / gear / specific topics on security and safety. To have a place to recharge assistance devices, get assistance with disability issues, to have a safe space to retreat should things get to be too much, to form community bonds with other hackers with disabilities and to be an educational outreach and support system showing that just because you have a disability you can still be a hacker and part of the community. Also a break area for service animals, and people with sensory issues.
- ics Calendar file
Anticounterfeiting is an obscure and private world. Companies tightly hold their secrets and rely heavily on security through obscurity. But banknotes and government IDs aren’t the only targets of counterfeiting. Live events are increasingly targeted as ticket prices increase. The fast moving and dynamic nature of live events makes both counterfeiting and anticounterfeiting a more complex challenge. The limited time before the event ends is a key defense for event producers.
But with a basic mix of social engineering, arts and crafts, and keen observation most of these credentials can be defeated using DIY techniques. Even advanced measures like UV ink or holograms can be defeated or avoided with techniques you might have learned in art class. But while copying a credential seems easy enough, there are numerous mistakes that would-be counterfeiters make.
This talk will reveal 11 beginner mistakes to credential copying and how to avoid them. With physical examples of real historical credentials from NASA, NATO, the US Navy, the NFL, and more, this talk will leave you ready to fake a badge like a pro.
References:
With over two decades of experience in the event and information security industries, Russell Phillips is a leader in event access control. Russell coordinates all aspects of event access control technology and leads the Information Security team at SXSW, and has been instrumental to the operational success of one of the largest cultural events in the world. His in depth field experience in the myriad hardware, software, and human complications provides him with nuanced insights into turning policy into practice. Running among the world’s largest mobile event access control deployment provides the perfect testing ground to hone training, implementation, and incident response.
A lifelong proponent of the hacker ethos, Russell remains fascinated with all technology weird and wonderful. Mesh SDR networks and at-home pulse dialing telephony are current personal project areas.
Russell is a Certified Information Security Systems Professional and a member of Telephone Collectors International.
- ics Calendar file
Our human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.
A badge is required for each human age 8 and older.
You are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don't know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.
Linecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
Online badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
Please help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
You will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash -- it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site -- they will not be mailed or shipped.
We can scan the QR code either from your phone's display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.
If you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 before July 18, and $84 on and after July 18.
Online purchases are provided a receipt via email when the purchase is made.
Online purchase -- often referred to as pre-registration -- does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.
Badges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.
There are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.
We are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt on plain paper.
If you've purchased a DEF CON badge as part of your Black Hat registration, you're in luck - you will be able to pick up your DEF CON badge at Black Hat on Thursday. Please bring your Black Hat badge and watch for emails from Black Hat about where exactly the badge pickup will be. There will be DEF CON goons at Mandalay at the pickup desk to help out and answer questions.
Please note that DEF CON is not able to access or verify Black Hat registration or attendee info. DEF CON's preregistration list is not the same as Black Hat's. For help, ask at Black Hat registration or the concierge area.
Want to buy multiple badges? No problem! We're happy to sell you however many badges you want to pay for.
If you lose your badge, there is unfortunately no way for us to replace it. You'll have to buy a replacement at full price. Please don't lose your badge. :(
If you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
If you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.
- ics Calendar file
- ics Calendar file
Illumicon is all about Hackers lighting the Way! Throughout the day attendees will be able control the hands on displays with someone knowledgeable in the field nearby to answer any questions. The displays will include 2 professional laser displays controlled either by either analog or digital and several led fixtures all just waiting for attendees to make them shine. Knowledgeable people will be there to answer questions whether it is hardware, software, sourcing or design. We are here to get you on your way to letting your Blink Flag Fly!!
- ics Calendar file
Please note: This two-day training will be offered on Saturday and Sunday (August 9-10). Participants will receive a DEF CON Human Badge with their registration
It is indeed all about the information. Information is power—and those who control it hold the reins. This course dives deep into the topic of Influence Operations (IO), teaching you how adversaries manipulate, deceive, and control the flow of information to achieve their objectives. From destabilizing governments to swaying elections and ruining careers, IO is a tool used by state and non-state actors alike. The question is, how do you defend against it?
In this fast-paced, hands-on course, we’ll break down how IO is planned, executed, and defended against. You’ll gain the skills and knowledge to not only recognize and counteract these operations but to protect yourself, your organization, and even your country from their impact.
What You'll Learn:
By the end of the course, you’ll not only have a deep understanding of how IO is executed, but you'll also walk away with practical tools to defend against these attacks. You’ll learn how to recognize the signs of manipulation, understand the motivations behind IO, and develop countermeasures to protect against them.
In a world where information is weaponized, knowing how to protect yourself is no longer optional. Whether you’re securing yourself, an organization, protecting a political campaign, or defending a nation, this course is your toolkit for navigating the complex and increasingly dangerous world of influence operations.
Speakers:Tom Cross,Greg ContiTom Cross is an entrepreneur and technology leader with three decades of experience in the hacker community. Tom attended the first DefCon in 1993 and he ran bulletin board systems and listservs in the early 1990’s that served the hacker community in the southeastern United States. He is currently Head of Threat Research at GetReal Security, Principal at Kopidion, and creator of FeedSeer, a news reader for Mastodon. Previously he was CoFounder and CTO of Drawbridge Networks, Director of Security Research at Lancope, and Manager of the IBM Internet Security Systems X-Force Advanced Research team. He has written papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. He has spoken at numerous security conferences, including Black Hat Briefings, Defcon, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides. He has a B.S. in Computer Engineering from the Georgia Institute of Technology. He can be found on Linkedin as https://www.linkedin.com/in/tom-cross-71455/, on Mastodon as https://ioc.exchange/@decius, and on Bluesky as https://bsky.app/profile/decius.bsky.social.
SpeakerBio: Greg Conti, Co-Founder and Principal at KopidionGreg Conti is a hacker, maker, and computer scientist. He is a nine-time DEF CON speaker, a seven-time Black Hat speaker, and has been a Black Hat Trainer for 10 years. He’s taught Adversarial Thinking techniques at West Point, Stanford University bootcamps, NSA/U.S. Cyber Command, and for private clients in the financial and cybersecurity sectors. Greg is Co-Founder and Principal at Kopidion, a cyber security training and professional services firm.
Formerly he served on the West Point faculty for 16 years, where he led their cybersecurity research and education programs. During his U.S. Army and Military Intelligence career he co-created U.S. Cyber Command’s Joint Advanced Cyberwarfare Course, deployed to Iraq as Officer-in-Charge of U.S. Cyber Command’s Expeditionary Cyber Support Element, and was the first Director of the Army Cyber Institute.
Greg is co-author of On Cyber: Towards an Operational Art for Cyber Operations, and approximately 100 articles and papers covering hacking, online privacy, usable security, cyber conflict, and security visualization. Greg holds a B.S. from West Point, an M.S. from Johns Hopkins University, and a Ph.D. from the Georgia Institute of Technology, all in computer science. His work may be found at gregconti.com (https://www.gregconti.com/), kopidion.com (https://www.kopidion.com/) and LinkedIn (https://www.linkedin.com/in/greg-conti-7a8521/).
- ics Calendar file
- ics Calendar file
- ics Calendar file
Explore the basics of what CIP is, how it is used in industry, and how to get started hacking it.
SpeakerBio: Trevor FlynnIndustrial Controls Engineer and ICS security specialist
- ics Calendar file
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
SpeakerBio: TOOOL
- ics Calendar file
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
SpeakerBio: TOOOL
- ics Calendar file
Physical security is an important consideration when designing a comprehensive security solution. There are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn how these attacks work as well as how to defend against these attacks in this talk!
Speakers:Karen Ng,Matthew CancillaKaren is a Risk Analyst at GGR Security, and is one of GGR's entry team for physical penetration tests. She has a strong interest in physical security, delivering trainings on physical security vulnerabilities to a wide range of audiences. Karen comes from a background in engineering and has extensive experience in major event logistics. She is one of the Village Leads at the Physical Security Village, and works with the rest of the PSV team to teach how to recognize and fix security exploits to the community. Graphic design is her passion.
SpeakerBio: Matthew Cancilla, Physical Security Village
- ics Calendar file
Over the past two years, we have witnessed the emergence of a new class of attacks against LLM-powered systems known as Promptware.
Promptware refers to prompts (in the form of text, images, or audio samples) engineered to exploit LLMs at inference time to perform malicious activities within the application context.
While a growing body of research has already warned about a potential shift in the threat landscape posed to applications, Promptware has often been perceived as impractical and exotic due to the presumption that crafting such prompts requires specialized expertise in adversarial machine learning, a cluster of GPUs, and white-box access.
This talk will shatter this misconception forever.
In this talk, we introduce a new variant of Promptware called Targeted Promptware Attacks.
In these attacks, an attacker invites a victim to a Google Calendar meeting whose subject contains an indirect prompt injection.
By doing so, the attacker hijacks the application context, invokes its integrated agents, and exploits their permission to perform malicious activities.
We demonstrate 15 different exploitations of agent hijacking targeting the three most widely used Gemini for Workspace assistants: the web interface (www.gemini.google.com), the mobile application (Gemini for Mobile), and Google Assistant (which is powered by Gemini), which runs with OS permissions on Android devices.
We show that by sending a user an invitation for a meeting (or an email or sharing a Google Doc), attackers could hijack Gemini’s agents and exploit their tools to: Generate toxic content, perform spamming and phishing, delete a victim's calendar events, remotely control a victim's home appliances (connected windows, boiler, and lights), video stream a victim via Zoom, exfiltrate emails and calendar events, geolocate a victim, and launch a worm that tarets Gemini for Workspace clients.
Our demonstrations show that Promptware is capable to perform (1) inter-agent lateral movement (triggering malicious activity between different Gemini agents), and (2) inter-device lateral movement, escaping the boundaries of Gemini and leveraging applications installed on a victim's smartphone to perform malicious activities with physical outcomes (e.g., activating the boiler and lights or opening a window in a victim's apartment).
Finally, we assess the risk posed to end users using a dedicated threat analysis and risk assessment framework we developed.
Our findings indicate that 73% of the identified risks are classified as high-critical, requiring the deployment of immediate mitigations.
Speakers:Ben Nassi,Or "oryair1999" Yair,Stav CohenDr. Ben Nassi (https://www.linkedin.com/in/ben-nassi-phd-68a743115/) is a Black Hat board member (Asia and Europe), a cybersecurity expert, and a consultant. Ben specializes in AI security, side channel attacks, cyber-physical systems, and threat analysis and risk assessment. His work has been presented at top academic conferences, published in journals and Magazines, and covered by international media. Ben is a frequent speaker at Black Hat (6), RSAC (2), and DEFCON (3) events and won the 2023 Pwnie Award for the Best Crypto Attack for Video-based Cryptanalysis.
SpeakerBio: Or "oryair1999" YairOr Yair (@oryair1999) is a security research professional with seven years of experience, currently serving as the Security Research Team Lead at SafeBreach. His primary focus lies in vulnerabilities in the Windows operating system’s components, though his past work also included research of Linux kernel components and some Android components. Or's research is driven by innovation and a commitment to challenging conventional thinking. He enjoys contradicting assumptions and considers creativity as a key skill for research. Or frequently presents his vulnerability and security research discoveries internationally at top conferences he speaks at such as Black Hat, DEF CON, RSAC, SecTor, and many more.
SpeakerBio: Stav CohenStav Cohen is a Ph.D. student at the Technion – Israel Institute of Technology who investigates Cyber-Physical Systems (CPS) that integrate GenAI methodologies and feature Human-in-the-loop interactions, with a specific emphasis on their security and operational aspects. He conducts detailed analyses of GenAI models with the aim of identifying potential vulnerabilities and devising effective strategies to mitigate them. Additionally, he takes a proactive approach by exploring how GenAI methodologies can be utilized to improve both the security and operational efficiency of Cyber-Physical Systems.
- ics Calendar file
Forget the noise.
Get to JustHacking.com!
2 Mini-Workshops
Only 15 Minutes Each
Talk to Your “Things” with MQTT
Learn device comms in a virtual smarthome
Router Ruh Roh!
Find clues of an attack in OpenWRT firmware
No Schedule! Just sit down & start learning!
- ics Calendar file
Attendees will receive a complimentary signed copy of our brand new book and have the opportunity for some exclusive swag.
- ics Calendar file
Satellites are constantly orbiting the planet and beaming information back to us. Some of the most interesting information is weather images. As it turns out, it is very easy and cheap to pick up those signals and get a real-time view of your current location. In this talk I will go over what is out there, what you need to get, and the open source software stack to generate amazing images.
Some of the earliest weather satellites were launched in the 50's. Since that time, technology has come a long ways from simple images of clouds, with new payloads that can see through the clouds and give information like ocean wave heights, ground temperatures, wind speed and direction, and other interesting information.
The even better part of this is that all this information is being sent in the clear, continuously, meaning if you can receive it and decode it, you can view and use the data. Be your own weather forecaster! Hardware needed to accomplish this is as simple as a dipole antenna on a tripod and a $30 SDR dongle.
On the software side, there are many different programs you can use to collect the signal. Some, like SatDump, even do everything all in one place: tune, decode, and assemble the output all in a single click. It's even possible to setup a schedule and fully automate collecting imagery.
Moving beyond the simple APT data, you can get even higher resolution data if you build a simple dish antenna. While it is entirely possible to just hand-hold the antenna with a cell phone strapped to the back to show you where to point, it's just as easy to buy a cheap used dish rotator and have the same software automatically track it for you.
Once you get into decoding weather data, it's just a simple hop, skip and a jump to learning how to send signals to amateur radio satellites or even the ISS. And all you need is a Technician license!
SpeakerBio: Steve "hamster" BallI'm Steve Ball, KD5WGW. I love building antennas and being frustrated when they don't work. Ham radio has tons of fun rabbit holes to jump into and I am always finding something exciting to play with.
- ics Calendar file
Extended Berkeley Packet Filter (eBPF) has revolutionized Linux kernel programmability, but its complex verification and JIT compilation mechanisms present a significant attack surface. This talk provides a technical deep-dive into discovering and exploiting vulnerabilities in the eBPF subsystem, with three key contributions: state-aware fuzzing methodologies specifically designed for eBPF, focusing on verifier state tracking bugs, JIT compiler flaws, and helper function validation bypasses. These techniques go beyond traditional fuzzing by incorporating knowledge of the verifier's internal state machine.
Systematic approach to weaponizing verifier bypasses into practical kernel exploits, including converting bounds calculation errors into arbitrary read/write primitives, bypassing KASLR via targeted information leaks, and achieving privilege escalation through carefully constructed memory corruption.
Security architecture of eBPF and provide concrete recommendations for hardening the subsystem against these attacks, including improvements to the verifier's state tracking, JIT compiler security, and runtime validation.
References:
Dr. Agostino "van1sh" Panico is a seasoned offensive security expert with over 15 years of experience specializing in advanced red teaming, exploit development, product security testing, and deception tactics. He is one of the few hundred globally to hold the prestigious GSE (GIAC Security Expert) certification. Driven by a passion for uncovering vulnerabilities, Agostino actively contributes to the security community as an organizer for BSides Italy, fostering collaboration and innovation.
- ics Calendar file
Whether you access the phone network over your cell phone, an SIP trunk, or via an old-school POTS line, the PSTN is an essential part of your day-to-day life and is a longstanding interest of the hacker community. Despite this interest, the regulatory and technical structures underlying this network are poorly understood, deliberately opaque, and dominated by large corporations.
This talk will demystify the network, starting with a brief overview of the history of the PSTN, followed by a deep dive into the inner functioning of the network. After this, the session will detail the regulatory structures that govern the network, and the technologies it employs. Next, the talk will continue with a practical guide detailing how anyone can form a full local exchange carrier to provide service to their community, covering the entire formation process through first-hand experience: regulatory approval, building interconnect with the PSTN, voice network design, and most importantly, user security and privacy.
With this knowledge in hand, the talk will briefly cover a range of exploits in the network, detailing how STIR/SHAKEN can be trivially bypassed, numbers can be hijacked, and how telecom fraud is monetized. The talk will conclude with a discussion of the future of the PSTN, and potential future issues.
References:
Enzo Damato is a Rice University researcher and lifelong hacker with over 7 years of experience with telecommunications, network administration, and security. He founded Rice Telecom Corporation, a facilities-based CLEC, to further research telecommunications security and robocall mitigation. Enzo has also worked extensively with mainframe systems, winning a best session award at the SHARE conference for his presentation on DIY mainframe acquisition, installation, and configuration. Following this, he has developed and is currently teaching Rice University's first course on mainframe computing. In addition, Enzo manages AS25944, an IX-peered ASN providing connectivity for his extensive personal lab.
- ics Calendar file
- ics Calendar file
Defeat the Keysight CTF challenge for a change to win a Riscuberry IoT hacking training kit that comes with a picoscope, a bus pirate, and much more!
See one of the Keysight staff for details.
- ics Calendar file
Four years ago, Chris found a vulnerability with a murder for hire site on the dark net. He could exploit that vulnerability to intercept the murder orders that were being placed: names, addresses, pattern of life information, photos, and, in some cases, bitcoin payments. He reached out to Carl for help, and a small team was built in secret to intercept and triage these orders. However, after their warnings to the police fell on deaf ears, they ultimately decided to warn the targets on the kill list directly. After an initial series of successes, the investigation expanded rapidly and they formed a global cooperation with the FBI and police forces around the world, resulting over 175 murder orders being disclosed, 34 arrests 28 convictions and over 180 years of prison time being sentenced. This talk will be about those years: about the dangers and threats the team had to navigate, the times of isolation when the police wouldn’t take them seriously, about raids in Romania to uncover the cyber-criminal gang running the site and the psychological impact of racing against time to try to stop people getting murdered.
References:
Carl Miller is a technologist, journalist and writer. He is the founder of the Centre for the Analysis of Social Media at Demos and the information integrity lab CASM Technology, a Visiting Fellow at the Department of War Studies, King’s College London, a Senior Fellow at the Institute for Strategic Dialogue and a Senior Research Fellow at RAND Europe. He is the author of the The Death of the Gods: The New Global Power Grab which won the Transmission Prize, and is the co-writer and host of the podcast Kill List, which reached #1 in seven countries. It was named the Guardian’s best podcast of 2024, named Podcast of the Year 2025 by the Broadcast Press Guild Awards and was nominated for an Aria and Ambie
SpeakerBio: Chris MonteiroChris is a dark web investigator, ethical hacker and systems administrator for a major company based in London.
- ics Calendar file
On Friday through Sunday, we have a non-competitive learning run, where you can go through the Kubernetes CTF scenario from a previous year. It has an available "cheat sheet" that shows you how to run through, start to finish! You can do this without the "cheat sheet" if you want a puzzle.
Each team/individual gets a Kubernetes cluster that contains a set of flags.
This is open to up to 30 teams and is available from Friday 12pm to Sunday 12pm Pacific.
We will support DEF CON players in the contest area during the following times: - Friday: 12:00-17:00 - Saturday: 10:00-17:00 - Sunday: 10:00-12:00
- ics Calendar file
This is your last chance to pickup your drives whether they're finished or not. Get here between 10:00am and 11:00am on Sunday as any drives left behind are considered donations.
- ics Calendar file
OWASP Cornucopia is a card game to assist software development teams identify security requirements in agile, conventional, and formal software development processes. It is language, platform, and technology agnostic. Having celebrated its 10th anniversary last year, Cornucopia has been refreshed including an updated full version of the game, a new Website App Edition updated with the OWASP ASVS 4.0 mapping and a Mobile App Edition with the OWASP MASVS 2.0 mapping for mobile development.
- ics Calendar file
Purple Teaming has become a critical component of modern cybersecurity programs, but its definition and application vary widely across organizations. This presentation introduces a refined, regimented, and repeatable methodology for running Purple Team engagements, developed and battle-tested for over a decade. As the term 'Purple Team' means different things to different people— a methodology, a team of people, a program, an assessment, or even a state of mind—and as Purple Team engagements themselves come in all shapes and sizes, the speaker will begin by aligning recommended definitions and applications of common Purple Team terminology. The presentation will explain how to apply an Assumed Compromise approach to Purple Teams. Any organization can be vulnerable at any point in time. This style of Purple Team testing follows the adversary through the entire life cycle of an attack, from Initial Access to Impact, assuming vulnerabilities exist to instead focus on the visibility of security tools. This is a powerful method of identifying ways to improve detection and prevention capabilities at each layer of an organization’s defense in depth. The speaker will include real world examples and specific instructions. The presentation will conclude with broader applications of this style of Purple Team. This will include how to collect and analyze the engagement results and apply these results to drive improvement to an organization’s resilience to common threats. This talk is ideal for security professionals, both Red and Blue Team, who are looking to elevate the way they perform Purple Team engagements.
SpeakerBio: Sarah Hume, Purple Team Service Lead at Security Risk AdvisorsSarah leads the Purple Team service at Security Risk Advisors (SRA). She has led hundreds of Threat Intelligence-based Purple Team exercises for organizations in the Fortune 500 and Global 1000 over the past 7 years. Her background is in offensive security, primarily internal network, OT/ICS, and physical security penetration testing. Sarah also has experience in external network penetration testing, web application assessments, OSINT, phishing/vishing campaigns, vulnerability management, and cloud assessments. Sarah graduated Summa Cum Laude from Penn State with a B.S. in Cybersecurity. She is a Certified Red Team Operator (CRTO), Certified Information Systems Security Professional (CISSP), Google Digital Cloud Leader, AWS Certified Cloud Practitioner, and Advanced Infrastructure Hacking Certified. She lives in Philadelphia with her dog, Paxton.
- ics Calendar file
Knowing how to use the Linux command line is a critical skill for any good security practitioner. This trainer will have 10+ problems covering some of the most fundamental Linux commands. This trainer is for people new to field and for those who want to hone their Linux command line-fu.
- ics Calendar file
Everyone knows not to trust pickle files, but what about .onnx, .h5, or .npz? This talk explores how trusted file formats used in AI and large language model workflows can be weaponized to deliver reverse shells and stealth payloads. These attacks rely solely on the default behavior of widely used machine learning libraries and do not require exploits or unsafe configuration.
The presentation focuses on formats that are not typically seen as dangerous: ONNX, HDF5, Feather, YAML, JSON, and NPZ. These formats are commonly used across model sharing, training pipelines, and inference systems, and are automatically loaded by tools such as onnx, h5py, pyarrow, and numpy. A live demo will show a healthcare chatbot executing code silently when these formats are deserialized, with no user interaction and no alerts. This is a demonstration of how trusted data containers can become malware carriers in AI systems. Attendees will leave with a clear understanding of the risks introduced by modern ML workflows, and practical techniques for payload delivery, threat detection, and hardening against this type of tradecraft.
References:
Cyrus Parzian is an AI Red Team Lead with over a decade of experience in offensive security, red teaming, and AI risk testing. He has led AI red team assessments targeting model serialization abuse, data leakage prevention, prompt injection, and LLM jailbreak resistance. Cyrus has created standardized reporting frameworks, built payload testing infrastructure, and designed internal training focused on exploitation of AI-powered systems. He has conducted over 100 offensive operations across internal networks, cloud environments, and LLM-integrated applications. His work includes large-scale phishing campaigns, persistent C2 infrastructure, and exploitation of automation platforms like Power Automate. Cyrus shares his research on iRedTeam.ai, where he focuses on weaponizing trusted model formats and exposing blind spots in AI-driven systems. He has spoken at ArcticCon and served as organizer of Fiestacon.
- ics Calendar file
Loong Community is Landing at DEFCON 33! Co-Hosted by Hong Kong & Singapore Crew!
Get ready to explore the cutting edge of hardware hacking & infosec tools at Loong Village in #DEFCON33!
This year, Loong is a powerhouse HK-SG collaboration focused on showcasing the vibrancy and talent of the Asian infosec community with tools all arouund the world! 🇸🇬🤝🇭🇰
Dive into hands-on mini-stations featuring: - 📡 SDR Playground (Signalens Pro, Kraken SDR, HackRF, RTL SDR. RF Explorer H Loop Antenna etc.) - ⌨️ BadUSB (Hak5 Rubber Ducky, USB Ninja, O.MG Cables) - 🔑 RFID/NFC Exploration (Proxmark3 RDV4.01, Flipper Zero, Signalens Pro) - 🌐 Network Pentest Tools (Wifi Pineapple, Cynthia, DualComm Network Tap, ScreenCrab) - 🎫 Exclusive Off-by-One (Singapore) Badges (available for purchase!) - Drone FPV simulator, VR/MR, Neo
- ics Calendar file
If you find something that seems to have been lost, please take that item to the nearest NFO Node. The item will enter the DEF CON Lost & Found system.
If you've lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in room LVCC - L2 - W238. You may also call Lost & Found at +1 (702) 477-5019.
The Lost & Found department plans to be open Thursday - Saturday, during all hours that the conference operates. On Sunday, the Lost & Found department will open with the venue at 08:00, but will close at the beginning of DEF CON 33 Closing Ceremonies (15:00). Shortly thereafter, all remaining lost items will be transferred to the LVCC. If you need to reach LVCC's Lost & Found, you may call LVCC Dispatch at +1 (702) 892-7400.
- ics Calendar file
As IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices and ensure these devices are secure. This course teaches security professionals and hackers how to identify and exploit security vulnerabilities in IoT devices. Participants will learn to interact with hardware debug capabilities, communicate with memory devices, and virtualize and analyze firmware. The course also covers various hardware attacks including glitching and side channel attacks, as well as diving into communications protocols, including Bluetooth, Zigbee, Thread and Matter. Participants will gain hands-on experience with industry tools and techniques. This course is suitable for security professionals, penetration testers, and hackers with basic programming and computer system knowledge, and equips them with skills to discover new vulnerabilities in IoT devices.
SpeakerBio: Loudmouth Security, Loudmouth SecurityThe Loudmouth Security team consists of renowned security consultants and researchers with extensive experience in the cybersecurity industry. Collectively, they bring decades of expertise, with team members holding prestigious Black Badges from the IoT CTF at DEF CON 26. Several team members have been regular contributors to IoT Village and are now founders of the new Embedded Systems Village, where they continue to push the boundaries of security research.
The team excels at explaining complicated technical findings to executive management teams and has spent years mentoring younger hackers entering the field. Their teaching abilities stem from a shared passion for cybersecurity and dedication to continuous learning. They constantly seek out new information and insights, which they incorporate into their courses to provide the most up-to-date and relevant training possible.
Loudmouth Security's experts bring diverse specializations to the table. The team includes accomplished PCB designers with extensive hardware knowledge, professionals with backgrounds in IT administration for industrial and manufacturing companies, and specialists in the virtualization of embedded devices. Key team members have performed research on some of the most unusual and advanced embedded systems, discovering and disclosing significant bugs in the process.
As highly skilled trainers, the Loudmouth team is always eager to share their collective knowledge and experience, helping organizations stay ahead of the latest cyber threats.
- ics Calendar file
As IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices and ensure these devices are secure. This course teaches security professionals and hackers how to identify and exploit security vulnerabilities in IoT devices. Participants will learn to interact with hardware debug capabilities, communicate with memory devices, and virtualize and analyze firmware. The course also covers various hardware attacks including glitching and side channel attacks, as well as diving into communications protocols, including Bluetooth, Zigbee, Thread and Matter. Participants will gain hands-on experience with industry tools and techniques. This course is suitable for security professionals, penetration testers, and hackers with basic programming and computer system knowledge, and equips them with skills to discover new vulnerabilities in IoT devices.
SpeakerBio: Loudmouth Security, Loudmouth SecurityThe Loudmouth Security team consists of renowned security consultants and researchers with extensive experience in the cybersecurity industry. Collectively, they bring decades of expertise, with team members holding prestigious Black Badges from the IoT CTF at DEF CON 26. Several team members have been regular contributors to IoT Village and are now founders of the new Embedded Systems Village, where they continue to push the boundaries of security research.
The team excels at explaining complicated technical findings to executive management teams and has spent years mentoring younger hackers entering the field. Their teaching abilities stem from a shared passion for cybersecurity and dedication to continuous learning. They constantly seek out new information and insights, which they incorporate into their courses to provide the most up-to-date and relevant training possible.
Loudmouth Security's experts bring diverse specializations to the table. The team includes accomplished PCB designers with extensive hardware knowledge, professionals with backgrounds in IT administration for industrial and manufacturing companies, and specialists in the virtualization of embedded devices. Key team members have performed research on some of the most unusual and advanced embedded systems, discovering and disclosing significant bugs in the process.
As highly skilled trainers, the Loudmouth team is always eager to share their collective knowledge and experience, helping organizations stay ahead of the latest cyber threats.
- ics Calendar file
Kit cost $80
- ics Calendar file
At Malvynox, we run a series of advanced Capture the Flag (CTF) competitions designed to push the boundaries of telecom network security research and skills development, we are coming up with the details very soon
- ics Calendar file
- ics Calendar file
The DEF CON Memorial Chamber serves as a sacred space within our community — a place where we pause to honor those hackers whose brilliance and dedication have elevated not just our craft, but the entire security ecosystem. Here we remember figures whose generous spirit and willingness to coordinate security fixes demonstrated that true hacking greatness lies in collaboration. We are here because DEF CON has been the beating heart of the hacker community for over three decades, growing from 100 people in 1993 to the world's largest hacker conference. As Jeff Moss envisioned, DEF CON is what we make of it, this memorial space represents our commitment to ensuring that the legacy of those we've lost continues to inspire future generations of hackers to pursue knowledge, build community, and use their gifts to make the world better.
- ics Calendar file
Join us for the closing ceremonies and awards to the winners and top 3 teams ranked in the MHV CTF.
SpeakerBio: Duncan Woodbury, Maritime Hacking Village
- ics Calendar file
In this session, Tobias Diehl will demonstrate a critical vulnerability in Microsoft’s CoPilot AI, exposing how data voids can be hijacked to manipulate AI-generated responses. By exploiting CoPilot’s reliance on limited data sources, Tobias will show how attackers can inject persistent malicious content, associating it with legitimate Microsoft topics, and how AI fails to validate key terms. The presentation will cover the mechanics of key term association attacks, data void exploitation, and their real-world implications, including the risk of CoPilot delivering dangerous installation instructions for command-and-control (C2) beacons for initial access. Using a proof-of-concept from Microsoft’s Zero Day Quest event, attendees will see how the hijacking process works in practice, how threat actors can target enterprise users, and how AI systems can be tricked into guiding users toward compromised actions.
References:
SpeakerBio: Tobias "ItsSixtyNein" DiehlTobias Diehl is a security researcher and offensive security engineer with a background spanning red team operations, penetration testing, cloud security, and adversarial AI research. Over the past decade, he has worked across both private and public sectors, supporting enterprise defense teams and developing offensive tooling used to uncover high-impact vulnerabilities in modern systems. He is recognized as a Microsoft Most Valuable Researcher (MVR) for his continued contributions to vulnerability discovery and responsible disclosure across Microsoft platforms.
- ics Calendar file
Learn game scripting languages through fun minecraft puzzles
- ics Calendar file
Join Jason haddix as he hosts a panel with the Basi group, the notorious Ai model jailbreak group led by Pliny the prompter. No model is safe, and usually jailbroken with hours, not days. Join us as we discuss war stories, techniques, and opportunities to get into AI hacking for profit.
Speakers:Jason "jhaddix" Haddix,Basi Team Six (BT6)Jason has had a distinguished 20-year career in cybersecurity, previously serving as CISO of Buddobot, CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin.
He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis.
Jason is a hacker, bug hunter, and is currently ranked 57th all-time on Bugcrowd's bug bounty leaderboards. Currently, he specializes in recon, web application analysis, and emerging technologies.
Jason has also authored many talks for world-renowned conferences like DEF CON, Bsides, Black Hat, RSA, OWASP, Nullcon, SANS, IANS, BruCon, ToorCon, and many more.
Jason Haddix AKA jhaddix is the CEO and “Hacker in Charge” at Arcanum Information Security. Arcanum is a world class assessment and training company.Jason has had a distinguished 20-year career in cybersecurity previously serving as CISO of Buddobot, CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason is a hacker, bug hunter and currently ranked 57st all-time on Bugcrowd’s bug bounty leaderboards. Currently, he specializes in recon, web application analysis, and emerging technologies. Jason has also authored many talks on offensive security methodology, including speaking at cons such as DEFCON, Besides, BlackHat, RSA, OWASP, Nullcon, SANS, IANS, BruCon, Toorcon and many more.
SpeakerBio: Basi Team Six (BT6)
- ics Calendar file
Capture the Flag (CTF) events featuring mobile application security challenges at varying levels of difficulty, also providing a ranking system to evaluate and compare participants’ skills.
This beginner-friendly mobile app CTF contest will include challenges across various categories, including:
Dynamic Code Instrumentation Reversing Native Code Code Obfuscation/Deobfuscation Exploiting app components Malware Analysis Mobile Forensics Bypassing Security Mechanisms Exploiting WebViews
- ics Calendar file
Mobile game hacking workshop for mobile gamers
- ics Calendar file
Cyber attacks have become a powerful extension of modern warfare and some of the most sophisticated threat actors out there are backed by nation-states. This panel dives into how attackers are using cyberspace to conduct espionage, disrupt critical systems, and wage silent wars. the panel will explore who these actors are, what motivates them, and how their operations are changing the global threat landscape. Whether you're defending networks or just curious about how cyber attacks fits into modern conflict, this discussion will unpack the realities behind the headlines.
Speakers:Gordon "Fizzle" Boom,Bret Fowler,Rob Mendoza,Joe Head,Gregory CarpenterLt Col Gordon Boom helps run the 567th Cyberspace Operations Group out of Joint Base San Antonio-Lackland, where he leads over 500 cyber operators across four squadrons conducting full-spectrum defensive cyber operations. His teams protect critical Air Force and DoD infrastructure, support combat-ready forces, and defend U.S. interests across four Combatant Commands. Fizzle is a cyber warfare officer who commissioned in 2009 after earning a Computer Science degree from the Air Force Academy. In 2022, he completed a fellowship at MIT Lincoln Laboratory. He’s also a graduate of the USAF School of Advanced Air and Space Studies and of the USAF Weapons School. Fizzle has served in key leadership roles with the Cyber National Mission Force, AFCENT, USCYBERCOM, and NSA. He’s got extensive operations experience that spans the full range of computer network exploitation, information warfare, offensive and defensive cyberspace operations – including defending the 2018 U.S. midterm elections from foreign interference and Command of the 833d Cyberspace Operations Squadron which deploys National Cyber Protection Teams worldwide to execute Hunt Forward Operations.
SpeakerBio: Bret Fowler, Chief Executive Officer at STAG, MSGT (Ret)Brett Fowler is a nationally recognized cybersecurity expert and the CEO of STAG, a rapidly growing cybersecurity firm with a global reach and an exponential growth rate of 230% in 2020. A lifelong technology ambassador, Brett began his journey in middle school and has since advised Congressional and Senatorial leaders, while also supporting national efforts, including securing U.S. election systems. Under his leadership, STAG is transforming advanced analytics into accessible web applications, filling critical market gaps.
A former U.S. Air Force Cyber Warfare Operator with over 3,000 hours of cyber operations experience, Brett combines deep technical expertise with agile leadership, driving innovation and resilience in both government and industry. He is a trusted voice on national advisory boards and a frequent lecturer at the University of Texas at San Antonio, where he teaches courses on cybersecurity and entrepreneurship. Brett holds an M.S. in Computer Science from Utica College and lives in San Antonio, TX, with his wife and children.
SpeakerBio: Rob Mendoza, Co-Chair at Canadian Association of Professional Intelligence Analysts (CAPIA)Rob Mendoza is the Co-Chair of the Canadian Association of Professional Intelligence Analysts (CAPIA), a position that he has held for four years. CAPIA is a Government of Canada association formed in 2003 to set the standard for professional development in the intelligence analysis community in Canada. Its membership represents 34 departments and agencies in Canada’s Security & Intelligence community (S&I community). Rob is responsible for hosting monthly meetings based out of the Prime Minister's Office with lead Representatives of Canada’s S&I community where he also hosts professional development sessions for intelligence practitioners. Rob is the lead organizer for two major national security workshops per year based out of the Canadian Security and Intelligence Service headquarters. Rob has been heavily involved with raising awareness for the professionalization and standardization of intelligence analysis. He has led efforts to enhance awareness and remove barriers between policy, operational and analytical practitioners in Canada’s S&I community. He has also led efforts to bring together practitioners from Canada's intelligence community with academia, in order to foster and improve debate on critical national security issues facing Canada and Canadian interests. Rob is also a Senior Advisor with the Government of Canada at the Department of National Defence and sits on the Board of Directors for the Canadian Intelligence Network (CIN). Over the last 14 years, Rob has worked throughout the S&I community and was part of a Special Advisory group on national security to the Chief of Defence Staff and to the Deputy Minister of National Defence; he was the Chief of Staff to the Deputy Commissioner of the Canadian Coast Guard; Senior Policy Advisor to the Director General of National Strategies at the Canadian Coast Guard; Intelligence Policy Advisor at Public Safety Canada; Legal Officer at the Office of the Assistant Deputy Attorney General of Canada; and Rob is also a former Federal Investigator.
SpeakerBio: Joe Head, CTO at Intrusion Inc.Over 40 years in network security. Joe’s expertise has focused on understanding flow and communicants to discern between normal and abnormal traffic – and to use detailed traffic analysis to uncover previously unseeable compromises. Joe has found a number of major compromises, but never announced any of them publicly, ever. Security professionals that leak customer issues can’t be trusted. The goal of analysis is learning how to automatically prevent and defeat compromises automatically. Several patents and patents pending related to innovations in wire speed traffic analysis, endpoint protection, detection and prevention of East-West internal propagation of compromises (inside lateral spread) at both the detection and prevention levels. Work now has expanded to defending OT as well as IT. Degree in Electrical Engineering from Texas A&M University. Expertise in both offensive and defensive information operations. Created and run the largest continual inventory of the Internet since 2001 – which is one of the inputs to Shield Threat Intelligence. Cofounder of Optical Data Systems in 1983 (first fiber optic and TEMPEST networking hardware) which went public and became Intrusion Inc. (network security products and services). Worked on EMP hardened fiber optic components and communications gear beginning in 1981. Currently support wide range of projects: producing monthly Internet inventory, specialty databases for Cyber community, specialized investigations. Serves as CTO at the company he cofounded in 1983. Joe has been a licensed pilot since high school (solo at 16 and licensed at 17) and is instrument rated, enjoys sailing, scuba diving and skiing. Summer vacations with the family are often in Ouray Colorado where the family enjoys hiking and Jeeping the abundant 4 wheel drive only mountain passes. Sponsor of Bible translations and enjoys study. Has a bride of 35 years and 3 kids 27, 24 & 21.
SpeakerBio: Gregory Carpenter, Principal Partner at CW PENSEC, DrPHDr. Carpenter is an expert in submolecular information security, specializing in medical IoT, and DNA/nano-tech security, with extensive experience in deception, information warfare, and electronic warfare. His background includes work at the NSA and three decades in government, he has led numerous operations combatting cybercrime, adversarial activity, and counterexploitation theory. A recognized leader in counter-deception, psychological operations, and the application of advanced security techniques, Dr. Carpenter has spoken at numerous international conferences, including several DEFCON villages, Le Hack, Victoria International Privacy and Security Summit, Hack in Paris, Hacker Halted and Cyber Chess. Dr. Carpenter is a member of the Special Operations Medical Association and the Royal Society of Arts, leveraging these networks to advance the integration of security into emerging technologies. With a focus on defending the digital infrastructure at the molecular level, Dr. Carpenter’s work encompasses the intersection of cybersecurity and biological systems, ensuring that both digital and physical infrastructures remain secure against evolving threats.
- ics Calendar file
Come join us for morning meditation. This workshop is inclusive of all bodies. EveryBODY is Welcome here. Meditation can help quiet the mind, manage stress, and enhance overall emotional well-being, making it a great way to start the day.
SpeakerBio: Megan AllenHi, I’m Megan Allen.
My work focuses on a holistic approach to health; moving the body’s natural energy into alignment with Earth and the seven chakras. I practice integrative wellness - honoring a person's emotional, mental, physical and spiritual well-being. I provide intuitive healing sessions and work with clients to relax the mind, increase body awareness and balance energy flow.
I also facilitate community wellness workshops, ceremonies and transformational group programs inviting participants to disconnect from their busy lives, turn inward and tap into the present to restore and maintain the body’s energetic balance and cultivate self-love, empowerment and sovereignty.
I inspire people to activate their highest potential in alignment with their wise hearts and to promote healing from within. I tailor my sessions to reflect this; using techniques from my healing disciplines as well as my love for Traditional Chinese Medicine, holistic aromatherapy, crystals and essential oils, tarot, animal medicine cards and a deep reverence for nature.
Nature is one of my greatest teachers. It constantly teaches me about grounding, stability, resilience, boundaries, growth, and stillness.
- ics Calendar file
The Network-OS workshop will take you into the mysterious world which underpins modern computing and allows people to talk across the globe. This of course being the network itself. In this workshop you will familiarize yourself with the command line of network devices. Step by step, you will configure devices to talk to each other, share information about the computers connected to them, and relay their network information and traffic between each other. No experience needed, know how to type and copy/paste.
- ics Calendar file
Pick a topic, talk about whatever you want, or just come and chill in the Nix Vegas space for the Unconference.
- ics Calendar file
Ongoing AMA booth with volunteers and speakers answering all your DEF CON and cyber questions
- ics Calendar file
Not sure where something is? Our Buddies will help you find it. Look for the folks in the pink safety vests. We're here to help.
- ics Calendar file
Noob-friendly CTF by MetaCTF, 100s of prizes, ticket for each challenge completed, raffle on Sunday at noon, helpers in the village
- ics Calendar file
Talks, AMA, CTF, and more
- ics Calendar file
NoPrompt is a lightweight testing tool that helps uncover where Microsoft Entra ID (formerly Azure Active Directory) allows password-only authentication—granting access without triggering Multi-Factor Authentication (MFA) or Conditional Access policies. In many real-world environments, device-based Conditional Access rules or misconfigurations can unintentionally permit full access with just a username and password, especially from desktop platforms or legacy agents. NoPrompt simulates authentication requests from a variety of user agents—like Windows, Linux, Android, and iPhone—to identify where MFA is silently bypassed across critical Microsoft APIs such as Microsoft Graph, AAD Graph, and Azure Service Management. This lab session will demonstrate how red teamers can use NoPrompt to identify stealthy access vectors and how defenders can validate their Conditional Access enforcement across device types. Attendees will walk away with practical insight into modern identity attack surfaces and a free, open-source tool to test their own environments.
SpeakerBio: Saksham AgrawalSenior Security Consultant at NotSoSecure where I dive into cloud penetration testing, audits, and red teaming across platforms like Azure and AWS. I love helping organizations uncover hidden gaps in their cloud defenses and build stronger, more resilient systems. My journey into security started back in high school with a curious fascination for hacking—I was that kid endlessly testing and learning. That passion led me into the professional world: I kicked things off as an AWS administrator, moved on to consulting at Payatu, and in 2024 landed at NotSoSecure. Along the way, I’ve developed cloud-focused labs, contributed to research, and picked up certifications like AZ‑500 and AZ‑104. What really drives me? Building tools and workflows that streamline the messy, real-world challenges of red teaming in the cloud. I’m always on the lookout for new attack routes and clever ways to turn them into learning opportunities. I’m excited to bring “NoPrompt” to DEF CON 33 and share how it can help streamline cloud-based operations for security professionals.
- ics Calendar file
NPM Imposters is a fast, team-based game where players must spot malicious NPM packages hiding in plain sight. Each team gets a deck of cards mimicking real npmjs.com pages — some show metadata like stars, downloads, and maintainers; others reveal parts of the package code, like index.js or package.json. The challenge? Identify which packages are safe, suspicious, or outright malicious. Once teams decide, they flip each card to reveal the truth, with a quick explanation based on real-world attacks like event-stream and ua-parser-js. It’s a fun, hands-on way to learn how supply chain attacks happen, and how easily trust can be exploited
SpeakerBio: Mackenzie Jackson
- ics Calendar file
Welcome to the resistance. As a new recruit in the Order of the White Tentacle, you must train to master the elements and restore balance to a world on the brink of chaos. This is a beginner & family-friendly adventure that will test your wisdom, bravery, and teamwork as you bend the elements to solve puzzles, complete missions, and rise through the ranks. Whether you walk the path of fire, water, earth, or air, only those who embrace the balance of all will prove themselves worthy. Will you answer the call and bring harmony to DEF CON 33?
Phone with a camera will be required to play.
No.
- ics Calendar file
- ics Calendar file
A series of OSINT Challenges to teach techniques useful in various Cybersecurity related areas.
Speakers:Alex Ackerman,Lee McWhorter,Sandra Stibbards00101010
SpeakerBio: Lee McWhorterLee McWhorter, Owner & Chief Geek at McWhorter Technologies, has been involved in IT since his early days and has over 30 years of experience. He is a highly sought after professional who first learned about identifying weaknesses in computer networks, systems, and software when Internet access was achieved using a modem. Lee holds an MBA and more than 20 industry certifications in such areas as System Admin, Networking, Programming, Linux, IoT, and Cybersecurity. His roles have ranged from the server room to the board room, and he has taught for numerous universities, commercial trainers, and nonprofits. Lee works closely with the Dark Arts Village at RSAC, Red Team Village at DEFCON, Texas Cyber Summit, CompTIA, and the CompTIA Instructor Network as a Speaker, SME, and Instructor.
SpeakerBio: Sandra StibbardsSandra Stibbards opened her investigation agency, Camelot Investigations, in 1996. Currently, she maintains a private investigator license in the state of California. Sandra specializes in financial fraud investigations, competitive intelligence, counterintelligence, business and corporate espionage, physical penetration tests, online vulnerability assessments, brand protection/IP investigations, corporate due diligence, and Internet investigations. Sandra has conducted investigations internationally in five continents and clients include several Fortune 500 and international companies. Sandra has been providing training seminars and presentations on Open Source Intelligence (OSINT) internationally since 2010 to federal governments and corporations.
- ics Calendar file
We’re all being watched — in our homes, on our devices, in every digital footprint we leave behind. But what if you could flip the lens? What if you could detect the detectors and reclaim your privacy anywhere in the world?
We can. Using only OSINT, we can enable our very own mobile counter-surveillance system that will move as we move locally and globally. We can track the trackers, not for malice, but to answer the deep-rooted question: “Who’s watching me?”
Your personal surveillance detection resource will alert you instantly when your data, email, IP, name, alias, etc, appears in a threat actor forum or social media platform.
In a world of "Access Everywhere," this flips the script, giving you visibility into your exposure. You’ll learn how to automate monitoring across the open internet, dark web, and device search engines using the very tools used by those who surveil us. Let’s go ghost mode for real with the power of live detection as we take hold of our privacy and awareness.
With over 15 years of global experience across all domains of information security, she is a trusted leader in cybersecurity architecture, cloud adoption, DFIR, and threat intelligence. Her work emphasizes proactive defense—prioritizing prevention, early detection, and rapid response across hybrid environments. As a Principal Consultant with Quantum Mergers, she has guided highly regulated organizations through cloud deployments, DFIR engagements, and the design of advanced cybersecurity frameworks that integrate offensive and defensive strategies. Her expertise spans securing APIs, blockchain platforms, and AI/ML systems, aligning innovation with risk-based security. A member of the Forbes Business Council, she contributes strategic insights that help global enterprises build trust, scale securely, and outpace threats through intelligence-driven security. She serves as a board advisor to several organizations and is a philanthropic supporter of nonprofit initiatives focused on women’s rights and global education. A passionate advocate for equity and opportunity, she balances her professional pursuits with family time, a love for live music, the arts, her three pets, and a nomadic lifestyle that reflects her identity as a global citizen.
- ics Calendar file
This one’s for the chapter leads, the regulars, the new folks, and everyone who makes OWASP what it is. Join us at DEFCON 33 for a meetup made to foster connection between OWASP chapters. It’s a chance to share wins, swap challenges, build relationships, and spark ideas that reach beyond our local scenes. Whether you’re repping your city or just curious about how others are building community, pull up. The global OWASP family is real—and this is where we get to feel it.
- ics Calendar file
Use machine learning with Python to detect attacks in network packets including DNS tunneling, FTP brute force, and HTTP scanning. We will be using various Python tools such as iPython notebooks, scapy, and scikit-learn. Some Python experience is recommended, but if you don’t know Python, come prepared to start with our Python tutorial!
- ics Calendar file
Looking to upgrade your skills or see how you would fare in Capture The Packet? Come check out what Packet Detective has to offer! A step up in difficulty from Packet Inspector, Packet Detective will put your network hunting abilities to the test with real-world scenarios at the intermediate level. Take the next step in your journey towards network mastery in a friendly environment still focused on learning and take another step closer to preparing yourself for the competitive environment of Capture The Packet
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: kampfWith nearly two decades of experience as a college radio DJ on Nerd Show, and as the music director for SomaFM’s Fluid and Vaporwaves, kampf has waded long and deep through the muddied waters of electronic music. Long-time DEF CON Chillout Lounge, DC801, ACK Stage, and Packet Hacking Village DJ during DEF CON.
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: tavooDisciple of the darker electronic textures; devoted to the mastery of technology, science & sound in the studio and beyond.
- ics Calendar file
The perfect introduction to network analysis, sniffing, and forensics. Do you want to understand the techniques people use to tap into a network, steal passwords and listen to conversations? Packet Inspector is the place to develop these skills! For well over a decade, the Wall of Sheep has shown people how important it is to use end-to-end encryption to keep sensitive information like passwords private. Using a license of the world famous Capture The Packet engine from Aries Security, we have created a unique way to teach hands-on skills in a controlled real-time environment.
- ics Calendar file
Lots of us can look back on a time in our IT or cybersecurity careers and think about a select person or group of people that helped us immensely when we were younger to get on the right track. However, there are others that may not have had that opportunity to have a mentor or community instill a purpose in the world of tech. Making these communities or finding a good mentor can be a difficult task for many of us, so we wanted to host a discussion panel to discuss the various methods that we have been able to utilize.
Our major goal is to give back to the communities that helped us grow in our careers and personal lives. At our school district we’ve been very fortunate to build a culture of learning, security, and community. We’ve been able to successfully start and grow various clubs and opportunities for students to learn cool things with like minded people. In the panel we will talk about growing student helpdesk programs, eSports clubs, creating a tech savvy culture, and much more. Please come join us, bring questions, bring your experiences, and let’s help each other build up the next generation of hackers!
Speakers:Sam Comini,Navaar Johnson
- ics Calendar file
Over the past three years, passkeys have gained widespread adoption among major vendors like Apple, Google, and Microsoft, aiming to replace passwords with a more secure authentication method. However, passkeys haven't yet faced the extensive scrutiny that passwords have endured over decades. As they become central to enterprise identity, it's crucial to examine their resilience.
This presentation demonstrates how attackers can proxy WebAuthn API calls to forge passkey registration and authentication responses. We'll showcase this using a browser extension as an example, but the same technique applies to any website vulnerable to client-side script injection, such as XSS or misconfigured widgets. The extension serves merely as a controlled means to proxy credential flows and manipulate the WebAuthn process.
We'll delve into the underlying theory, present the exploit code, and provide a live demonstration of an attack that succeeds on sites relying on passkeys without enforcing attestation or metadata checks—a common scenario among vendors. If you’re relying on passkeys, this is the side of the flow you don’t usually get to see.
References:
Shourya Pratap Singh is responsible for building SquareX's security-focused extension and conducts research on countering web security risks. As a rising figure in cybersecurity, Shourya has presented his work on global stages including the DEFCON main stage, Recon Village, and Adversary Village, as well as at Black Hat Arsenal EU. He has also delivered several workshops at prestigious events such as the Texas Cyber Summit. Shourya earned his bachelor's degree from IIIT Bhubaneswar and holds a patent. His professional interests focus on strengthening the security of browser extensions and web applications.
SpeakerBio: Jonny LinJonny Lin is a frontend engineer on the extension team at SquareX, where he works on browser security challenges like data loss prevention and detecting web-based vulnerabilities. Before joining SquareX, he was a founding engineer at Velt (YC W23), building collaborative frontend infrastructure for real-time apps. He holds a computer science degree from Santa Clara University and has a strong interest in browsers and pushing the limits of what's possible on the frontend.
SpeakerBio: Daniel SeetohDaniel Seetoh currently works on the development of SquareX's browser extension and web app. With a focus on the frontend, Daniel brings a versatile skillset that augments his approach towards cybersecurity. He has earned his degrees from Nanyang Technological University, and enjoys building out products and providing value to users.
- ics Calendar file
Follow real world password attack steps against a mock target in order to better understand how to protect yourself and improve the security of your passwords!
- ics Calendar file
Con la creciente adopción de modelos de lenguaje como GPT-4 en sectores críticos, los sistemas de inteligencia artificial se han convertido en una nueva superficie de ataque. Esta charla, titulada "Pentesting AI – Hacking the GPTs", explora cómo adaptar metodologías ofensivas clásicas al contexto moderno de IA generativa, revelando vulnerabilidades que pueden comprometer tanto la lógica de negocio como la integridad del modelo.x000D x000D Se iniciará con un repaso a los fundamentos de IA, incluyendo machine learning, deep learning y procesamiento de lenguaje natural (NLP), seguido por una explicación del funcionamiento interno de los LLMs (Large Language Models), sus aplicaciones industriales y sus principales limitaciones: bias, alucinaciones, y falta de interpretabilidad.x000D x000D A partir de esto, se abordará el OWASP Top 10 para LLMs, introduciendo técnicas ofensivas como prompt injection (directo e indirecto), AI jailbreaks, evasión de filtros y manipulación creativa de entradas. Se mostrarán ejemplos de explotación y cómo estas técnicas pueden utilizarse para alterar la salida del modelo, extraer información sensible o evadir mecanismos de seguridad.x000D x000D La charla incluirá una breve demostración pregrabada utilizando herramientas como Garak (framework ofensivo de red teaming para LLMs) y LLMFuzzer (fuzzer para APIs que integran modelos generativos).x000D x000D Se concluirá con recomendaciones para mitigar riesgos,, y reforzar los controles aplicados sobre modelos integrados en aplicaciones. Adicionalmente se compartirá una serie de recursos que han sido publicados durante el ultimo año para poder familiarizarse con este tipo de vulnerabilidades y como explotarlas. x000D x000D Outline:x000D Introducción y contexto del pentesting en IA_x000D_ x000D Fundamentos técnicos: ML, DL, NLP y LLMs_x000D_ x000D Aplicaciones prácticas y limitaciones actuales_x000D_ x000D Técnicas de ataque: Prompt Injection, Jailbreaks, Hallucinations_x000D_ x000D Herramientas ofensivas: Garak ( Demo pregrabado)x000D x000D Buenas prácticas y contramedidas_x000D_ x000D Recomendaciones finales y recursos x000D x000D PwnedCR Video: https://www.youtube.com/watch?v=3esRoJ3dRts_x000D_ x000D PwnedCR Slide Deck (Por Actualizar) : https://docs.google.com/presentation/d/1vur62uGai6RSUtLv9KM2VRP8iMmQMINL/edit?slide=id.p36#slide=id.p36
SpeakerBio: Luis Diego Raga, Senior Penetration Tester, X-Force Red IBMLuis Diego Raga es un Senior Hacker del equipo de X-Force Red de IBM, especializado en Penetration Testing de aplicaciones web y aplicaciones que hacen uso de IA. Cuenta con más de 15 años de experiencia en ciberseguridad. Anteriormente, desempeñó el rol de Arquitecto de Soluciones de Seguridad en la Nube, acumulando una vasta experiencia como coach, mentor y líder de equipos técnicos. Además, es uno de los líderes de la comunidad de Ethical Hackers DC11506, donde contribuye significativamente al desarrollo y fortalecimiento de la comunidad de hackers éticos de Costa Rica. Luis también es Embajador de Hack the Box, donde regularmente coordina y dirige reuniones para la comunidad.
- ics Calendar file
PhishOps like an APT es una charla técnica enfocada en cómo los equipos de Red Team pueden ejecutar campañas de phishing inspiradas en técnicas reales utilizadas por grupos APT para obtener acceso inicial a una organización, con el objetivo de validar la eficacia real de los controles de seguridad, más allá del simple clic.x000D x000D Basada en experiencias reales de operaciones ofensivas, esta sesión muestra cómo campañas bien diseñadas pueden superar filtros antispam, explotar debilidades en la autenticación y comprometer activos clave, incluso en entornos corporativos con controles modernos.x000D x000D Se presentarán técnicas actuales como:x000D x000D HTML Smuggling y entrega de malware mediante archivos LNK y ZIP.x000D x000D Robo de credenciales mediante AiTM, MFA Fatigue, Dynamic Device Code, códigos QR maliciosos y fake captchas.x000D x000D Ingeniería social avanzada, incluyendo la suplantación de departamentos internos como TI y el uso de vishing para aumentar la credibilidad del ataque.x000D x000D Diseño de infraestructura ofensiva segura y resiliente para ejecutar campañas sin comprometer al atacante.x000D x000D También se discutirá la importancia de realizar ejercicios de phishing avanzados como parte de operaciones de Red Team y simulaciones adversarias, destacando su valor para evaluar controles técnicos y exposición real.x000D x000D Esta charla es ideal para Red Teamers, defensores y líderes de seguridad que buscan entender cómo operan los atacantes modernos y cómo simular esos vectores para fortalecer la postura organizacional.
SpeakerBio: Gerardo Mejia, Red TeamerEs especialista en ciberseguridad ofensiva, con enfoque en operaciones de red teaming, purple teaming, pruebas de penetración, campañas avanzadas de phishing y ataques dirigidos a entornos de Active Directory. Actualmente forma parte del equipo regional de seguridad ofensiva de GBM, donde diseña y ejecuta ejercicios de simulación de adversarios para fortalecer la resiliencia de las organizaciones ante amenazas sofisticadas.x000D x000D Cuenta con certificaciones destacadas, como CRTO, CRTP, OSCP, PNPT, eWPT, CR (HTB Ambassador), C-ADPenX y eCCPT.x000D x000D Ha sido conferencista en eventos internacionales como PWNEDCR en Costa Rica, BSides Panamá, Dojo Conf Panamá, HackConRD en República Dominicana y Ekoparty en Argentina.
- ics Calendar file
The Physical Security Village explores the world of hardware bypasses and techniques generally outside of the realm of cyber-security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself.
We'll be covering the basics, like the under-the-door-tool and latch slipping attacks, as well as an in depth look at more complicated bypasses. Learn about elevator hacking, attacking alarm systems at the sensor and communication line, and cut-away and display models of common hardware to show how it works on the inside.
Looking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!
And new this year we have safe cracking exhibits, a physical security challenge and more! Come swing by and say hi!
- ics Calendar file
In 2020, Jazmine Sullivan instructed us to unapologetically move on from the things that do not serve us. While toxic professional relationships can fall into that category, the underlying unjust baggage and biased perspectives of cybersecurity professionals are equally damaging as they can lead to poor and untimely decision-making. Consequences include investing in unnecessary or inadequate security controls, limiting talent acquisition sources, and not soundly understanding your attack surface.
This presentation will review the logical fallacies and cognitive biases that manifest in cyber threat intelligence (CTI) and the adverse outcomes they introduce. It will then explore structured analytic techniques that analysts and leaders can apply to move beyond biases and objectively assess threats. Finally, the presentation will draw parallels between subjectivity and its unfavorable effects on holistic threat assessments and the oppressive attacks on diversity, equity, and inclusion programs throughout 2025, which are highly likely to introduce disparity in cybersecurity and the broader information technology field. After attending this talk, the audience will understand how bias can negatively affect CTI analysis and reporting and misguide cybersecurity judgments and strategy, impacting attendees' ability to identify, articulate, and correct concerns regarding subjective practices. Attendees will also learn how biases in recruiting and decision-making can adversely affect the cybersecurity of their respective organizations.
SpeakerBio: Brett Alexander TolbertBrett Tolbert is a Principal Cyber Threat Intelligence (CTI) Analyst based in the Baltimore metropolitan area. He has over ten years of experience in cybersecurity, beginning his career in the U.S. intelligence community before taking CTI roles at Morgan Stanley and NBCUniversal, which focused on tracking financially motivated threat actors and threat intelligence engineering. Brett teaches undergraduate cybersecurity courses at Bowie State University and has previously spoken at SANS’ CTI Summit and MITRE ATT&CKcon. He enjoys playing monster hunter games, knitting for charity, and baking in his spare time.
- ics Calendar file
Let’s face it — traditional HTTP C2 is burning out. Between aging domains, TLS cert management, sandbox fingerprinting, and blue teams getting smarter at categorizing traffic and infrastructure, your “custom C2” feels less covert and more like a liability. Red teams and threat actors alike are shifting toward living off legitimate services — AWS, GitHub, Box, Notion, whatever blends in — but building solutions that are custom to a single C2 framework? Let’s stop doing that. Let’s share the fun!
C4 (Cross-Compatible Command & Control) is here to change that. It’s a modular toolkit of WASM-powered plugins that makes external C2 easy to implement, regardless of your implant's language or target OS. Whether you’re writing in C, Rust, Go, Python, C#, or something else entirely, C4 plugins can be loaded directly into your implant and run on Windows, macOS, or Linux.
But the real game-changer? C4 provides a single, centralized collection of numerous fully-documented, operationally-ready external C2 modules — not just proof-of-concepts, but production-level integrations with trusted sites that fly under the radar. No more hunting through GitHub repos, hand-rolling fragile API calls, or hacking together glue code for every new environment.
Stop reinventing external C2 and start planting some C4 in your implants!
SpeakerBio: Scott "ScottCTaylor12" Taylor, Senior Red Team Operator at Sony's Global Threat EmulationScott Taylor is a Senior Red Team Operator on Sony's Global Threat Emulation team. Scott has previously worked at the MITRE Corporation and T. Rowe Price focused on emulating adversary behaviors. While Scott has been a technical professional for a decade, only the second half was focused on offensive security. He started as a Linux system administration intern where he learned to build before later learning to break. Scott leverages his system administration background in his offensive security career where he passionately researches command and control (C2) infrastructure for red team operations. Open-source publications by Scott include custom C2 channels for popular C2 frameworks, leveraging cloud services for C2, and automating red team infrastructure deployment.
- ics Calendar file
The main goal of this booth is to introduce you to Matter, the ""open-source, royalty-free smart home connectivity standard."" We have designed seven ways for you to discover and play with the Matter technology: - Home Assistant - Apple Home - Google Home -Ubuntu/Linux - macOS - Node.js - Python
Once you are familiar with the basics, solve some challenges and control the IoTrain!
SpeakerBio: Zoltan "zh4ck" Balazs, Principal Vulnerability Researcher at CUJO AIZoltan (@zh4ck) is a Principal Vulnerability Researcher at CUJO AI, a company focusing on smart home security. Previously he worked as a CTO for an AV Tester company, as an IT Security expert in the financial industry, and as a senior IT security consultant. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes, and is partially “responsible” for an IoT botnet infecting 600K devices.
I am a big fan of offsec certs, currently holding OSEP, OSED, OSCE, OSCP, and OSWP.
- ics Calendar file
Welcome to the world’s worst let’s-play: if you’ve ever wanted to get yourself or your friends banned from a game: Stick around. We explore how modern anti-cheat systems work, and practically show how to get banned in the most innovative and hilarious ways possible—all without launching a single real cheat.
We also dive into Hardware ID bans, and how machine ‘fingerprints’ are collected and enforced. With this knowledge at hand, we demonstrate how to remotely poison innocent machines — capturing a target’s HWID, spoofing it, and getting it burned. BIOS flashing, RAM SPD rewriting, and other fun tricks included. Join our masterclass in making yourself and others appear guilty online.
References:
Sam is a PhD research student studying at the University of Birmingham UK with an interest in attacks and defences in the Man-At-The-End-Scenario found in anti-cheat systems. He also works in teaching reverse engineering and binary analysis via game hacking. As part of this he developed an impossible to beat multiplayer video game for undergraduate students to hack as coursework. During his research he has been banned from every competitive shooter title and will happily offer this as a service for anyone who plays too much Fortnite and would like to stop.
SpeakerBio: Marius MuenchMarius Muench is an assistant professor at the University of Birmingham. His research interests cover (in-)security of embedded systems, binary & microarchitectural exploitation, and defenses. He obtained his PhD from Sorbonne University in cooperation with EURECOM and worked as a postdoctoral researcher at the Vrije Universiteit Amsterdam. He developed and maintains avatar2, a framework for analyzing embedded systems firmware, and FirmWire, an emulation and fuzzing platform for cellular basebands. Throughout his career, Marius publicly shared his findings and presented at venues such as Black Hat, Reverse.io, REcon, and Hardwear.io.
SpeakerBio: Tom Chothia, Professor in Cyber Security at School of Computer Science, University of BirminghamTom Chothia is a Professor of Cyber Security at the University of Birmingham, UK. His research involves the development of new mathematical analysis techniques, and the application of these techniques to real world cyber security problems. His past work on the security of EMV, ApplePay, banking apps, pacemakers and video game cheats have all received widespread media coverage.
- ics Calendar file
PortSwigger will present the inaugural Top 10 Vulnerability Research Awards from 2024 inside the Bug Bounty Village. In this session, PortSwigger will recognize ten outstanding researchers for their impactful vulnerability discoveries and research contributions over the past year. As most winners are unable to attend in person, the presentation will briefly introduce each winner and highlight their work. This marks the first time these awards are presented live at DEF CON, celebrating the creativity and dedication of the global security research community.
SpeakerBio: Portswigger
- ics Calendar file
This hands-on workshop dives into real-world AWS misconfigurations that attackers actively exploit to gain privilege escalation and access sensitive data. You’ll step into the shoes of an adversary and learn how common oversights like loose IAM roles, misconfigured Cognito identity pools, or exposed metadata endpoints can be chained into full-blown breaches.
Key Takeaways:
Built for all skill levels, this lab gives security engineers, DevOps teams, and developers a safe space to break things, fix them, and come out with a sharper eye for spotting these risks before attackers do.
Speakers:Bhagavan Bollina,Deepak,Jainil MalaviyaBhagavan Bollina is a passionate security researcher who loves building and breaking things in the cloud. Parallelly he also dabbles in web, network and mobile security. Bhagavan was a core member of the cloud security R&D and testing team at Appsecco. When not building and breaking stuff in the cloud, he enjoys bug bounty hacking and CTFs. He loves training his dog as well in his spare time, but the dog weirdly seems to not like cloud security.
SpeakerBio: DeepakDeepak is a security engineer with a strong foundation in web security and a deep curiosity for new technologies such as the intersection of AI and cybersecurity. He has worked as a penetration tester to break systems but is now interested in building secure systems. He loves anything that mentally challenges him . Outside of work, you’ll likely find him on a hiking trail, working on puzzles or playing soccer(P.S. don't ask him about his favourite soccer team. They haven't won anything in a while)
SpeakerBio: Jainil MalaviyaJainil Malaviya is a red team enthusiast and cybersecurity learner who enjoys diving deep into web and network penetration testing. He is currently a co-op at the Global Network Engineering Lab at Nokia Canada Inc and pursuing his master’s degree at Northeastern University. Jainil actively sharpens his offensive security skills by playing Capture The Flag (CTF) challenges on platforms like Hack The Box and TryHackMe. When he's not exploring vulnerabilities or simulating real-world attacks, Jainil is equally fascinated by the world of entrepreneurship, often watching startup podcasts, studying case studies, and thinking about how great companies are built. Outside of tech, he enjoys traveling and cherishes spending quality time with his family.
- ics Calendar file
- ics Calendar file
- ics Calendar file
Queercon’s mission is to raise awareness and promote acceptance of LGBTQIA+ individuals in the IT and infosec industries. We create space for queer people to meet, engage, and network through our badges, puzzle challenges, and meet-up events - all designed to help queer people find community where they are not alone. The Queercon Community Lounge is a place to find community anew, or return to familiar faces. Keep an eye on Hacker Tracker or queercon.org for our schedule of meetups and challenges!
- ics Calendar file
In many organizations, deploying applications on Kubernetes clusters using pre-configured packages provided by the vendor is assumed to be secure. However, our research, which includes systematic GitHub code analyses, shows that even official Helm charts can expose workloads to complete cluster takeover. In this session, we will present how we identified previously undocumented attack chains caused by misconfigurations and demonstrate how attackers exploit them to compromise entire the cluster and the underlying cloud account. We will summarize common pitfalls and provide actionable strategies to ensure your configurations do not replicate these critical mistakes.
Speakers:Michael Katchinskiy,Yossi WeizmanMichael Katchinskiy is a Security Researcher at Microsoft Defender for Cloud. His work focuses on researching and analyzing new attack vectors in cloud-native environments, specializing in Kubernetes and integrating CNAPP data to detect and prevent attacks.
SpeakerBio: Yossi WeizmanYossi Weizman is a Principal Security Research Manager at Microsoft. He leads the Security Research team focused on cloud-native threats and container security.
- ics Calendar file
In this game capture the flag you will be presented with real configurations of real wireless and radio technologies to attack. Practice your skill and learn new ones from Radio Frequency IDentification (RFID) through Software Defined Radio (SDR) and up to Bluetooth and WiFi. There may even be Infrared, if you have the eye for it.
RF Hackers Sanctuary is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 32. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.
We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester's determination, and $0 to $$$$$ worth of special equipment. Our virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.
This game doesn't let you sit still either, as there are numerous fox hunts, testing your skill in tracking various signals. If running around the conference looking for WiFi, Bluetooth, or even a Tire Pressure Monitoring System (TPMS) device sounds like fun, we are your source of a higher step count.
There will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what's happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.
- ics Calendar file
In addition to the CTF and talks, which are elsewhere on the schedule, the RF Village is also a place to hang out and chat with like minded folks who share your interests.
- ics Calendar file
Step into the world of Industrial Control System (ICS) security with Red Alert ICS CTF, a competition built by hackers, for hackers. Hosted by the RedAlert Lab of NSHC Security, this contest is all about pushing the limits—breaking through layers of security in a real Operational Technology (OT) environment until you seize full control of ICS components.
Since its debut at DEF CON 26, Red Alert ICS CTF has been a must-attend event, growing bigger and tougher each year. Now recognized as a Black Badge contest at DEF CON 32, DEF CON 31, and DEF CON 26, it’s the ultimate proving ground for those who thrive in the high-stakes world of ICS hacking.
What makes this CTF unique? Live ICS hardware from top industry vendors, simulating real-world critical infrastructure. Participants will interact with actual devices, manipulate industrial processes, and exploit vulnerabilities in real time. This isn’t just another CTF—this is a full-scale ICS cyber battleground.
Are you ready to test your skills, outsmart industrial defenses, and dominate the ICS arena? The challenge awaits.
Bring your laptop and a network adapter (if your laptop lacks one). Refresh your knowledge of ICS protocols and processes to stay ahead in the competition.
Any specialized hardware required will be provided by the contest organizers.
No
- ics Calendar file
Offensive security is meant to improve defenses, but what happens when hostile nation-states start learning from us too? This talk explores how Russian intelligence services and advanced persistent threat (APT) groups have adopted and adapted techniques developed by Red Teamers, sometimes within weeks of public disclosure. These campaigns involve taking newly disclosed exploits, tools, and tricks to exploit modern enterprise systems, such as Microsoft 365 services, Windows features, software development systems, authentication systems, and cloud infrastructure. Throughout the talk, detection engineering and threat hunting tips shall be provided to offer attendees a technique for detecting and preventing these types of attacks.
For Red Teamers, this talks is a wake-up call: the same tools and tradecraft used to test enterprise security are increasingly turning up in real-world espionage campaigns, sometimes targeting the very governments and public services we rely on. For Blue Teamers, this talk is a reminder to pay close attention to the cutting edge of offensive tooling.
SpeakerBio: Will Thomas, Senior Threat Intel Advisor at Team CymruCurrently working as a Senior Threat Intel Advisor at Team Cymru. Previously I was a CTI Researcher and Threat Hunter at the Equinix Threat Analysis Center (ETAC). Prior to this, I worked for Cyjax, a UK-based CTI vendor. My other main commitment is as the co-author of the SANS FOR589: Cybercrime Intelligence course. I have also volunteered my spare time to being the co-founder and main organiser of the Curated Intelligence trust group and Bournemouth 2600.
- ics Calendar file
The Red Team Capture the Flag (CTF) competition at DEF CON is a challenging and exciting event that tests the skills of participants in offensive security. The objective of the Red Team CTF is for teams to successfully complete challenges faced by Red Teams.
The Red Team CTF is designed to simulate real-world scenarios in which attackers attempt to penetrate the security of a network or system. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities in the target network.
Teams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities in the target network, while also evading detection and countermeasures put in place by the Blue Team.
The Red Team CTF at DEF CON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants' technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.
Participants are required to bring a laptop with the ability to connect to DEF CON WiFi or other internet connection.
There is no pre-qualifier for the event.
- ics Calendar file
Regular Expressions or RegEX are used everywhere! If you aspire to be a Pentester, Threat Hunter, Programmer, Network Engineer, DevOps or really anything in technology today, RegEx is a skill all the greats have and the majority of the industry are terrible at. Come learn or brush up on your RegEx skills in on our live trainer.
- ics Calendar file
Choose your side!
Blue Team You are assigned to the Cybersecurity Team servicing four Regional Airports within the IG Labs Regional Airport System. The shift this evening started with routine checking status boards, reviewing threat alerts, and checking for any newly identified vulnerabilities that may have an impact on the system from both Information Technology (IT) and Operational Technology (OT) vectors.
Around midnight, chaos ensues! Runway lighting is turning off at your airport and others nearby, planes are circling waiting to land or diverting to other locations. You must regain access to your systems, find the problem, and restore operation to the Runway Lighting Control System quickly and ensure that the other regional airports your team is responsible for do not lose control of their systems and operations are able to continue without interruption.
Red Team(s) Cybersecurity Teams are often heavily focused on securing Information Technology (IT) systems and devices but may not consider securing Operational Technology (OT) systems and devices. While OT systems and devices may be connected to IT systems, the type of data and protocols are different.
You start your day exploring OT system vulnerabilities and consider what chaos you could create. You see a report that the runway lighting system at one of the IG Labs Regional Airports has been compromised. You start researching to learn more about the attack and the IG Labs Regional Airport System. Satisfied that you have learned enough to add to the madness that has been created at La Valoria, you decide to launch an attack of your own.
Success will be determined by the ability to disrupt the control and operations of the Runway Lighting Systems for the IG Labs Regional Airports at the OT level. DoS and DDoS attacks are not permitted as the intent is to demonstrate an understanding of OT systems, their functionality, and protocols.
- ics Calendar file
Final results of RF CTF announced!
SpeakerBio: RF Hackers
- ics Calendar file
Practical security is the foundation of any security model. Beyond firewalls and network hardening, government and enterprise alike must consider how security infrastructure safeguards digital, material, and human assets. Physical security is foundational to the ability to resist unauthorized access or malicious threat.
In this training developed by world-renowned access-control expert Babak Javadi, students will be immersed in the mysteries of PACS tokens, RFID credentials, readers, alarm contacts, tamper switches, door controllers, and back-haul protocols that underpin Physical Access Control Systems (PACS) across the globe. The course provides a holistic and detailed view of modern access control and outlines common design limitations that can be exploited. Penetration testers will gain a practical understanding of what PACS looks like in the field, and how to intercept, clone, downgrade, replay, and bypass one's way through the system. Defenders, designers, and directors will come with away with best practices and techniques that will resist attacks.
Participation will include hands-on practical experience with tools, exploits, and refined methods for compromising modern Physical Access Control Systems.
Speakers:Deviant Ollam,Bryan Black,Babak JavadiWhile paying the bills as a physical penetration specialist with The CORE Group and the Director of Education for Red Team Alliance, Deviant Ollam also sat on the Board of Directors of the US division of TOOOL -- The Open Organisation Of Lockpickers -- for 14 years... acting as the the nonprofit's longest-serving Boardmember. His books Practical Lock Picking and Keys to the Kingdom are among Syngress Publishing's best-selling pen testing titles. In addition to being a lockpicker, Deviant is also a SAVTA certified Professional Safe Technician, a GSA certified Safe and Vault Inspector, member of the International Association of Investigative Locksmiths, a Life Safety and ADA consultant, and an NFPA Fire Door Inspector. At multiple annual security conferences Deviant started Lockpick Village workshop areas, and he has conducted physical security training sessions for Black Hat, the SANS Institute, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, Los Alamos National Lab, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point.
In his limited spare time, Deviant enjoys loud moments with lead acceleration and quiet times with podcasts. He arrives at airports too early and shows up at parties too late, but will promptly appear right on time for tacos or whiskey.
SpeakerBio: Bryan Black, Red Team AllianceBryan Black is a seasoned physical security professional and esteemed assessment specialist with a comprehensive expertise spanning various facets of site security. His areas of specialization encompass video surveillance, intrusion detection/prevention, access control, network infrastructure, and penetration testing. With an illustrious track record of over a decade, he has collaborated closely with local and state law enforcement, federal and intelligence agencies, as well as prominent private sector corporations. Through these partnerships, he has been instrumental in advising clients and businesses on navigating the constantly evolving threat landscape. He is frequently acknowledged for his discerning critique of prevailing installations and practices within the industry. During his leisure hours, he leverages his engineering background and personal maker space to engage in product development. His endeavors encompass the meticulous design and refinement of innovative tools and procedures aimed at optimizing the efficiency and efficacy of both red and blue team engagement protocols.
SpeakerBio: Babak Javadi, Red Team AllianceBabak Javadi is the President and Founder of The CORE Group, and one of the original co-founding Directors of TOOOL, The Open Organisation of Lockpickers. As a keystone member of the security industry, he is well-recognized expert in professional circles hacker community. Babak's expertise extends to a wide range of security disciplines ranging from high security mechanical cylinders to alarm systems & physical access control systems. Over the past fifteen years Babak has presented and provided trainings a wide range of commercial and government agencies, including Black Hat, The SANS Institute, the USMA at West Point, and more.
- ics Calendar file
Practical security is the foundation of any security model. Beyond firewalls and network hardening, government and enterprise alike must consider how security infrastructure safeguards digital, material, and human assets. Physical security is foundational to the ability to resist unauthorized access or malicious threat.
In this training developed by world-renowned access-control expert Babak Javadi, students will be immersed in the mysteries of PACS tokens, RFID credentials, readers, alarm contacts, tamper switches, door controllers, and back-haul protocols that underpin Physical Access Control Systems (PACS) across the globe. The course provides a holistic and detailed view of modern access control and outlines common design limitations that can be exploited. Penetration testers will gain a practical understanding of what PACS looks like in the field, and how to intercept, clone, downgrade, replay, and bypass one's way through the system. Defenders, designers, and directors will come with away with best practices and techniques that will resist attacks.
Participation will include hands-on practical experience with tools, exploits, and refined methods for compromising modern Physical Access Control Systems.
Speakers:Deviant Ollam,Bryan Black,Babak JavadiWhile paying the bills as a physical penetration specialist with The CORE Group and the Director of Education for Red Team Alliance, Deviant Ollam also sat on the Board of Directors of the US division of TOOOL -- The Open Organisation Of Lockpickers -- for 14 years... acting as the the nonprofit's longest-serving Boardmember. His books Practical Lock Picking and Keys to the Kingdom are among Syngress Publishing's best-selling pen testing titles. In addition to being a lockpicker, Deviant is also a SAVTA certified Professional Safe Technician, a GSA certified Safe and Vault Inspector, member of the International Association of Investigative Locksmiths, a Life Safety and ADA consultant, and an NFPA Fire Door Inspector. At multiple annual security conferences Deviant started Lockpick Village workshop areas, and he has conducted physical security training sessions for Black Hat, the SANS Institute, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, Los Alamos National Lab, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point.
In his limited spare time, Deviant enjoys loud moments with lead acceleration and quiet times with podcasts. He arrives at airports too early and shows up at parties too late, but will promptly appear right on time for tacos or whiskey.
SpeakerBio: Bryan Black, Red Team AllianceBryan Black is a seasoned physical security professional and esteemed assessment specialist with a comprehensive expertise spanning various facets of site security. His areas of specialization encompass video surveillance, intrusion detection/prevention, access control, network infrastructure, and penetration testing. With an illustrious track record of over a decade, he has collaborated closely with local and state law enforcement, federal and intelligence agencies, as well as prominent private sector corporations. Through these partnerships, he has been instrumental in advising clients and businesses on navigating the constantly evolving threat landscape. He is frequently acknowledged for his discerning critique of prevailing installations and practices within the industry. During his leisure hours, he leverages his engineering background and personal maker space to engage in product development. His endeavors encompass the meticulous design and refinement of innovative tools and procedures aimed at optimizing the efficiency and efficacy of both red and blue team engagement protocols.
SpeakerBio: Babak Javadi, Red Team AllianceBabak Javadi is the President and Founder of The CORE Group, and one of the original co-founding Directors of TOOOL, The Open Organisation of Lockpickers. As a keystone member of the security industry, he is well-recognized expert in professional circles hacker community. Babak's expertise extends to a wide range of security disciplines ranging from high security mechanical cylinders to alarm systems & physical access control systems. Over the past fifteen years Babak has presented and provided trainings a wide range of commercial and government agencies, including Black Hat, The SANS Institute, the USMA at West Point, and more.
- ics Calendar file
Join your friends to chat about the software supply chain! SBOM isn’t going away, but there’s still tons to learn and build. We’ll talk about SBOM regulations around the world, the state of open source tools, some interesting research, and the research yet to be done. What does SBOM mean for AI-generated code and AI systems? This informal meetup will be a chance to share your thoughts, ask questions, and get to know others in the space.
Speakers:Erez Yalon,Allan FriedmanVP of Security Research at Checkmarx | Co-Founder of DEF CON's AppSec Village | Co-Leader of OWASP API Security Project
SpeakerBio: Allan Friedman, Adjunct Professor of Informatics at the Luddy School of Informatics, Computing, and Engineering at Indiana UniversityDr. Allan Friedman is internationally recognized for leading the global Software Bill of Materials (SBOM) movement, transforming it from a niche idea into a widely adopted pillar of cybersecurity policy and practice. Over his decade in public service, Friedman held senior roles at the Cybersecurity and Infrastructure Security Agency (CISA) and the National Telecommunications and Information Administration (NTIA), where he built and led groundbreaking efforts on SBOM, coordinated vulnerability disclosure, and IoT security. He has partnered with governments and regulators in Europe and Asia, and continues to advise public- and private-sector organizations on building trust and resilience into the systems that matter most.
Before his time in government, Friedman spent over a decade as a researcher and technologist, holding positions at Harvard University’s Computer Science department, the Brookings Institution, and George Washington University’s Engineering School.
- ics Calendar file
Microsoft Configuration Manager, better known as SCCM, has become my go-to target for red team operations. While multiple attack paths were uncovered recently, companies still struggle to close all security gaps. This is largely due to the solution's complexity and historical technical debt, which make it challenging to effectively address and mitigate all security vulnerabilities. Moreover, as it primarily manages computers, taking over an SCCM deployment often leads to the full compromise of the Active Directory, with less hassle than traditional attack paths.
In this talk, I'll be sharing insights gained from my research on the solution that led to the discovery of multiple 0 Day vulnerabilities, such as CVE-2024-43468, an unauthenticated SQL injection. After introducing key concepts, I'll delve into various techniques for performing reconnaissance, tips for understanding the hierarchy and tricks for bypassing certain security boundaries. The session will also cover the discovered vulnerabilities that can lead to the compromise of the deployment.
After showcasing post-exploitation techniques from database access, I'll introduce a battle-tested open-source tool that implements them. And for those interested in persistence, a technique for installing a backdoor as a legitimate servicing endpoint will be shared.
SpeakerBio: Mehdi "kalimer0x00" ElyassaI'm a red team operator working at Synacktiv, a French firm dedicated to offensive information security. With over 7 years of experience, I've started my journey on the blue team before transitioning to an offensive role. Today, I conduct adversary simulation engagements for large companies in France, as well as international organizations.
- ics Calendar file
Come learn about and try our Micropython and microcontroller workshop, and learn about the secure boot tools for compute modules.
- ics Calendar file
The workshop will begin with brief presentation about cryptocurrency, exchanges, hardware wallets, hot wallets, cold wallets, and other introductory information needed to begin cryptocurrency transactions. Participants will be given a sample wallet for practice purposes only. Participants will be guided through the opening of a wallet, with a detailed discussion on public and private keys and the different types of wallets available for self custody and the different security features of wallets. The discussion will delve into hot security topics, including the importance of randomized seeds and consider a couple of case scenarios where wallets have been hacked due to a lack of security, followed by a discussion on how to prevent these types of security defects. Next, participants will create hot and a cold wallet, each with a twelve word seed. After completing set up of the cold wallet, participants will be required to simulate a lost/stolen/destroyed wallet and wipe the wallet and re-set up the wallet.
SpeakerBio: HalFinneyIsMyHomeBoy
- ics Calendar file
SESNSploit is a dedicated red team exploitation tool targeting AWS Simple Email Service (SES) and Simple Notification Service (SNS) misconfigurations. While existing frameworks like Pacu offer minimal or no coverage for these services, SESNSploit fills this gap by providing comprehensive attack scenarios. This includes enumerating regions, listing topics and identities, sending unauthorized emails or messages, and simulating misconfiguration exploitation. The tool is designed for red teamers, security researchers, and cloud security professionals to assess and identify potential security weaknesses in AWS SES and SNS setups.
We have added few of the following key features:
Enumeration of active SES and SNS regions.
Identification of SES identities and SNS topics.
Unauthorized message and email sending simulations.
Menu-driven interface for easy navigation.
Supports state-saving for efficient testing and resumption.
SESNSploit offers functionalities that major AWS exploitation frameworks like Pacu currently lack. It specifically focuses on SES and SNS, which are often overlooked in security assessments but can be critical entry points if misconfigured.
Github link : https://github.com/harekrishnarai/SESNSploit
Speakers:Hare Krishna Rai,Gaurav Joshi,Mohd. ArifHare Krishna Rai is a security researcher and red teamer with over three years of experience in software supply chain security, cloud exploitation, and offensive security tooling. He was volunteer at cloud village in RSA Conf 2025, he has presented at top-tier conferences including Black Hat Europe, Blackhat asia, DEF CON, c0c0n, and NullCon.
Gaurav Joshi is a security engineer with a strong focus on cloud and network security. He has experience in threat modeling, secure development practices, and hardening misconfigured cloud services. As a co-developer of SESNSploit, he contributes to identifying and operationalizing real-world misconfigurations in AWS environments
SpeakerBio: Gaurav Joshi
- ics Calendar file
Nation-state hackers pose a formidable threat to critical infrastructure, compromising national security, intellectual property, and public safety. This presentation will delve into the tactics, techniques, and procedures (TTPs) employed by nation-state actors, providing a core understanding essential for developing effective defense strategies. Through an in-depth analysis of three real-world case studies, we will expose the implications of nation-state attacks on laboratory, critical infrastructure, and industrial systems. We will examine how these attacks exploit human vulnerabilities, such as social engineering and insider threats, as well as system weaknesses, including misconfiguration and software vulnerabilities. Drawing from recent breaches in research laboratories and industrial manufacturing facilities, we will identify the root causes of these incidents, including human error, malicious insider actions, and inadequate security controls. This presentation aims to provide attendees with a comprehensive understanding of nation-state attack patterns, enabling them to strengthen their organization’s defenses against these sophisticated threats.
Speakers:Nathan Case,Jon McCoyNathan Case is a cybersecurity engineer and strategist with over two decades of experience defending critical infrastructure, building secure cloud systems, and leading incident response at the highest levels. His career spans roles at Amazon Web Services, McKesson, and defense-focused startups, where he has architected platforms for healthcare, government, and national security missions. Known for his ability to bridge technical depth with real-world impact, Nathan has led global security teams, supported cyber operations across multiple countries, and advised both enterprise executives and government leaders on risk, resilience, and transformation.
SpeakerBio: Jon McCoy, Security Architect at OWASPSoftware security architect, Jon McCoy brings over 20 years of experience in software development and cybersecurity to the forefront. With a strong foundation in .NET development, Jon transitioned into security, driven by a passion for proactive defense strategies and secure coding practices.
A dedicated contributor to the OWASP community, Jon has shared his expertise at numerous industry events, including OWASP Global AppSec. His recent presentation on "Lessons Learned from Past Security Breaches" highlighted critical takeaways for strengthening AppSec efforts before and after incidents.
- ics Calendar file
With billions of users worldwide, mobile messaging apps like WhatsApp and Signal have become critical for personal and professional communication. While these platforms promise security and privacy, our research uncovers two significant vulnerabilities that expose users to stealthy tracking and security degradation.
First, we reveal how delivery receipts --commonly used to confirm message delivery-- can be exploited to track a user's online status, screen activity, and device usage without their knowledge. This technique enables passive surveillance, draining a target's battery and data allowance while remaining entirely invisible to them.
Second, we demonstrate a novel attack on WhatsApp's implementation of the Signal Protocol, specifically targeting its Perfect Forward Secrecy (PFS) mechanism. By depleting a victim's stash of ephemeral encryption keys, an attacker can weaken message security, disrupt communication, and exploit flaws in the prekey refilling process.
Both attacks require nothing more than the victim's phone number and leverage fundamental design choices in these widely used platforms.
This talk will provide an in-depth analysis of these vulnerabilities, their implications, and potential mitigations -- challenging the security assumptions of modern encrypted messaging.
References: - Careless Whisper: Exploiting End-to-End Leakage in Mobile Instant Messengers, Gabriel K. Gegenhuber, Maximilian Günther, Markus Maier, Aljosha Judmayer, Florian Holzbauer, Philipp É. Frenzel, Johanna Ullrich; link - Prekey Pogo: Investigating Security and Privacy Issues in WhatsApp's Handshake Mechanism, USENIX WOOT 2025, Gabriel K. Gegenhuber, Philipp É. Frenzel, Maximilian Günther, Aljosha Judmayer; link
Speakers:Gabriel Gegenhuber,Maximilian GüntherGabriel is a PhD candidate at the University of Vienna, Austria. He received a bachelor's degree in Software & Information Engineering and a master's degree in Software Engineering & Internet Computing at the TU Wien. Gabriel is conducting research in the area of cellular and mobile networks. This includes Internet measurement technologies, traffic classification systems (e.g., deep packet inspection) and technical measures that are used to detect net neutrality and privacy violations. Furthermore, he's working on improving the MobileAtlas measurement platform for cellular networks.
SpeakerBio: Maximilian GüntherMax Guenther is master student at University of Vienna. He is a cybersecurity nerd and part-time full stack engineer at Intigriti. Previously, he was security analyst at Austrian Power Grid and security researcher at the Austrian Armed Forces.
- ics Calendar file
The rapid proliferation of consumer IoT devices has introduced new attack vectors beyond traditional exploitation. One overlooked risk lies in firmware persistence in returned devices—an issue that could enable mass surveillance, botnet propagation, or backdoor persistence at scale. This research investigates whether major retailers properly reset IoT firmware before reselling returned products, exposing critical gaps in supply chain security.
In this experiment, commercial IoT devices are purchased, modified with custom firmware embedding a simple callback, and then returned to the store. The devices are later repurchased and analyzed to determine if retailers performed proper firmware resets or if malicious code remained intact. Findings from this research reveal inconsistencies in retailer sanitization policies, with some major retailers failing to properly wipe and reflash firmware before resale. This talk will demonstrate examples of persistent firmware modifications, discuss the potential for IoT-based supply chain attacks, and propose real-world mitigation strategies for manufacturers, retailers, and consumers.
Attendees will leave with a deeper understanding of how IoT firmware sanitization failures create a new class of attack vectors—and how threat actors could exploit this to build persistent IoT botnets, data-exfiltration implants, or unauthorized surveillance tools.
SpeakerBio: Matei Josephs, Senior Penetration Tester at HappeningMatei Josephs breaks things for a living - especially if they beep, blink, or pretend to be "smart". Printers, kiosks, routers, and random IoT junk live in fear when he's nearby. He's a Senior Penetration Tester at Happening, he discovered 9 CVEs and loves hacking at scale. In this talk, "Smart Devices, Dumb Resets? Testing Firmware Persistence in Commercial IoT", Matei reveals how threat actors can implant persistent backdoors in smart devices, then return them for resale through legitimate retailers. Because factory reset processes often fail to wipe firmware-level compromises, attackers can exploit the trust users place in brand-name resellers—turning returned devices into credible, persistent attack vectors.
- ics Calendar file
See who won in our village! During this time weíll present the SECVC and BOTB winners, as well as the much-coveted Dundies!
- ics Calendar file
Welcome to our last day at DEF CON!
- ics Calendar file
Every watt and bit tells a story.
The concept of "smart grids" dates back to the 1970s with automatic meters, but the term emerged with the Energy Independence and Security Act of 2007. Since 2012, the integration of smart grids and Cloud computing has been a topic at IEEE meetings. This raises key questions: How do we assess risks to physical and virtual infrastructure? What are the impacts of a breach? Where does digital forensics fit in?
Since 2017, the Cloud Forensics Workshop has introduced security professionals to core Cloud forensics concepts. The latest Smart Grid Edition explores the relationship between smart grids, Cloud computing, and digital forensics. Participants will engage in hands-on labs using open-source tools to identify indicators of compromise (IoCs), acquire forensically sound artifacts, and apply AI and automation in investigations. Registered students will download sample data before the workshop and apply their skills in a live tabletop exercise.
SpeakerBio: Kerry "Professor Kilroy" HazeltonKerry Hazelton - also known as "Professor Kilroy" - has been involved in the technology and security industry for over twenty-five years crafting his own version of "Protection Against the Dark Arts" with an extensive knowledge of information systems, data center operations, Cloud computing, digital forensics, and incident response.
Ever the security enthusiast and a sucker for movie references, combined with a deep passion for teaching and mentoring; Mr. Hazelton created the Cloud Forensics Workshop and CTF Challenge in 2017, which is a technical workshop that focuses on learning about the science of Cloud forensics and its real-world applications, followed by a Capture-the-Flag competition to gauge his students’ comprehension and critical-thinking skills by solving multiple forensic puzzles in a race against each other within the allotted amount of time.
He can be found posting his random thoughts on gaming, hacking, or life in general somewhere on the medium known as the Internet.
- ics Calendar file
This workshop provides an in-depth, hands-on experience in the creation and analysis of malicious applications, focusing on the techniques used by attackers to compromise mobile devices. Participants will learn how to manipulate Android applications using tools such as Android Studio, APKTool, Burp Suite, and Metasploit to inject payloads, bypass security mechanisms, and establish remote access. Through step-by-step demonstrations, they will explore methods for obfuscation, privilege escalation, and persistence, gaining a clear understanding of how adversaries exploit vulnerabilities in mobile environments.
Beyond offensive techniques, the workshop emphasizes defensive strategies, equipping attendees with skills to detect, analyze, and mitigate mobile threats. Using malware analysis and reverse engineering, students will learn how security professionals track, neutralize, and prevent attacks. Real-time lab exercises will reinforce these concepts, ensuring that participants leave with practical expertise applicable to ethical hacking, penetration testing, and security research. This session is ideal for cybersecurity professionals, developers, and researchers looking to deepen their knowledge of mobile security and ethical hacking methodologies.
SpeakerBio: HackeMate, Offensive Cybersecurity EngineerHackeMate is the YouTube channel where Gianpaul Custodio, a Offensive Cybersecurity Engineer, shares his expertise in ethical hacking, as well as offensive and defensive security. With over 28,000 subscribers engaged in the world of cybersecurity, he has established himself as a key figure in the community through challenges, technical analyses, and hands-on demonstrations.
Professionally, he holds Red Team certifications such as the eLearnSecurity Junior Penetration Tester (eJPT) and Web Penetration Tester (eWPT), along with Blue Team certifications like Microsoft Azure Fundamentals (AZ-900) and Microsoft Security, Compliance, and Identity Fundamentals (SC-900). He is also a Google Product Expert for Google Drive, contributing his knowledge in cloud security and optimization.
- ics Calendar file
This hands-on technical training dives deep into the mechanics and mitigation of signal jamming—an increasingly critical threat in both civilian and military communication systems. Attendees will explore the electromagnetic spectrum, modulation techniques, and the physical principles that enable signal jamming. We will analyze common types of jammers, their circuitry, and how they disrupt RF communications. Participants will also gain insight into detection methods, spectrum analysis, and counter-jamming strategies using SDRs and directional antennas. The course balances theory and practice, with live demonstrations and dissection of real-world jamming scenarios. Prior familiarity with RF fundamentals and basic electronics is helpful but not required. To get the most from this session, attendees are encouraged to review basic electromagnetic theory and brush up on SDR tools like GNU Radio or SDR# ahead of time. This session is ideal for cybersecurity professionals, drone operators, RF engineers, and technical hobbyists seeking to understand and combat one of the most disruptive tools in electronic warfare.
SpeakerBio: Preston Zen, 1337sheets.comPreston Zen is a OSCE3 Cybersecurity Certified maker and breaker of all things technology from custom electronics to bespoke software. Humanitarian volunteer in Ukraine since 2022 in logistics and engineering as well as one of the leading innovators of field implemented technology use cases
- ics Calendar file
Real threats leave behind real artifacts — and in this hands-on workshop, we’ll combine malware development and analysis by safely recreating and dissecting a custom malware based on Lumma Stealer, one of today’s most active malware families. This approach is designed to support adversary emulation efforts by replicating real-world TTPs in a controlled environment, while also teaching participants how to detect and analyze each technique. Whether you're on a red or purple team looking to simulate attacker behavior, or on a blue team aiming to strengthen detection capabilities, this workshop delivers practical skills grounded in real-world threats.
Speakers:Sebastian Tapia,Ricardo SanchezSebastian breaks things to understand them—and sometimes to teach others how to do it better. He’s spent years in red teaming, malware reversing, and purple team exercises—learning how attackers think, and how defenders can think better. These days, he builds labs, breaks code, and shares what he learns so others can level up, too.
SpeakerBio: Ricardo SanchezRicardo Sanchez is an accomplished cybersecurity professional with a passion for empowering others through knowledge sharing. As a Security Architect at one of Peru's leading insurance companies, he specializes in designing innovative technology strategies for threat intelligence, detection engineering, and threat hunting to combat evolving cyber threats. Committed to lifelong learning, Ricardo thrives on analyzing malware and staying at the forefront of cybersecurity advancements.
- ics Calendar file
EMMC is a common flash memory format for more complex embedded devices and the Ball Grid Array (BGA) is a popular format for EMMC modules. BGA modules can be intimidating to hardware hackers since the pins are not exposed and are instead underneath the chip. This workshop will demonstrate and allow you to practice removing EMMC modules from an inexpensive circuit board using flux and a hot air station. The module will contain a Linux operating system and a Raspberry Pi. Workshop participants will learn how to image the removed EMMC. Mount and change the Linux filesystem in order to backdoor the image and gain access, and then learn how to copy the image to a new EMMC. Participants will then learn how to attach the module to a BGA carrier board with hot air.
A basic understanding of soldering is all that is required to be successful in this workshop. An understanding of the Linux filesystem is also helpful, but not required. We will have step by step instructions and will also have a small prize for the participant who comes up with and demonstrates the most clever Linux backdoor on their Raspberry Pi.
At the end of this workshop, participants will have an understanding of: How to remove, clean and image BGA modules Basics of offline Linux filesystem hacking How to image and reattach BGA EMMC modules
SpeakerBio: Patrick "Gigstorm" Kiley, Principal Red-Team Consultant at Mandiant/GooglePatricck is a Principal Red Team Consultant at Mandiant with over 20 years of information security experience working with both US Govt and private sector employers. Patrick has spoken at DEF CON, BlackHat, Bsides and RSA. Patrick can usually be found in the Car Hacking or Aerospace village where he volunteered for several years. His passion is embedded systems security and has released research in Avionics, embedded systems and even bricked his own Tesla while trying to make it faster.
- ics Calendar file
Tired of legacy ICS systems? Attend this workshop to hack the next generation of Industrial Control Systems,! No more Modbus, no more standard PLC, no more Purdue model! This workshop is designed to show what the future might look like for Industrial Control Systems, with a focus on ML & AI!
We’ll bring a realistic ICS setup that features all the fancy current and future trends: SD-WAN and Zero Trust, OPC-UA, MQTT, Digital Twin, Edge devices and soft-PLCs to control a small-scale industrial process simulation. This year, we’ll also add some machine learning and LLM challenges! Will you be able to trick the ICS virtual assistant into giving you access to the production systems?
After a short introduction, we’ll get into hacking! We will walk you through a CTF-style exercise to go from 0 to full industrial process hacking! The CTF will be guided so that everyone learns something and gets a chance to get most flags!
Speakers:Arnaud Soullié,Alexandrine TORRENTSArnaud Soullié is a Senior Manager at Wavestone, a global consulting company. For 15 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He has spoken at numerous security conferences on ICS topics, including: BlackHat Europe, BruCon, 4SICS, BSides Las Vegas, and DEFCON. He is also the creator of the DYODE project, an open source data diode aimed at ICS. He has taught ICS cybersecurity trainings since 2015.
SpeakerBio: Alexandrine TORRENTS, Senior Manager at WavestoneAlexandrine Torrents is a Senior Manager at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.
- ics Calendar file
Did you ever wanted to hack an IoT device but did not know how to start? Having UART is nice, but does not help in many cases.
For a complete analysis of an IoT device, it is required to look at the firmware itself. In most cases this means that the firmware, data or encryption keys need to be extracted from the device memory. Many researchers are hesitant to do that as there is a high risk of destroying the device or leaving it in an inoperable state. In this workshop we will look at different flash memory types (EEPROM, SPI flash, NAND flash, eMMC flash) and how to extract the information from them.
We will show that you do not need very expensive hardware to archive your goal and that it is not as complicated as everyone believes. See which tools might be useful for your own lab!
Participants will have the opportunity to work in groups and being provided different kinds of IoT devices (e.g. smart speakers). After a tear-down, you can use different chip-off methods (e.g. Hot air, IR soldering) to remove the flash chip and read it out. Optionally, the tools re-ball and re-solder the IC will be available after the workshop. In the end, each team should have the data and a functional device again.
Bonus: If you brick the device, you can keep the parts as a souvenir or can wear them as badges.
Speakers:Dennis Giese,Braelynn LuedtkeDennis Giese is a researcher with the focus on the security and privacy of IoT devices. While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices. His most known projects are the documentation and hacking of various vacuum robots. He calls himself a "robot collector" and his current vacuum robot army consists of over 80 different models from various vendors. He talked about his research at the Chaos Communication Congress, REcon, HITCON, NULLCON, and DEFCON.
SpeakerBio: Braelynn Luedtke, Security ResearcherBraelynn is a security consultant at Leviathan Security Group where she conducts security assessments of products for startups, Fortune 500 companies, and everything in between. She enjoys partaking in CTFs and researching the security anything that piques her curiosity. She has previously presented this research at conferences such as Chaos Communication Congress, HITCON and DEFCON.
- ics Calendar file
Join our hands-on workshop to master TLSNotary! Dive into multi-party-TLS (not man-in-the-middle) and learn to prove and verify online data authenticity to a third-party verifier while ensuring privacy. We’ll start with small examples and build up to custom plugins to prove and verify private user data.
Bring your laptop, bring a friend, and learn together. Get ready to unlock and compose web data in innovative ways.
Speakers:AtHeartEngineer,SinuAtHeartEngineer has been building and breaking things since the 90s, nearly setting his parents’ garage on fire while learning about mains voltage. He previously lead engineering at Privacy and Scaling Explorations, a non-profit focused on building privacy-preserving technologies using programmable cryptography tools like zero-knowledge proofs, and is now exploring what is next.
SpeakerBio: Sinu, Technical Lead of TLSNotary at Privacy and Scaling ExplorationsSinu is a neutral systems maxi, a cryptography engineer, and the technical lead of TLSNotary.
- ics Calendar file
Launch into the thrilling world of cybersecurity, specifically designed for space systems! Learn the fundamentals to safeguard ground stations, communication links, and spacecrafts.
Engage in an immersive and fun CTF scenario. Apply your cybersecurity skills in real-time and see the direct impact of your decisions on our Space Systems Demonstrator. In this high-stakes scenario, you'll align with the Aurora Alliance in their critical mission to thwart Count Viktor Thunderclaw and the notorious Nebula Syndicate. The Syndicate threatens to destroy historic monuments around the world with their Space Laser unless their demands are met. Do you have what it takes to dismantle their malevolent plans?
Our beginner-level CTF kicks off as soon as the village opens—no pre-registration necessary. Just bring your laptop to access the CTF platform and your favorite packet decoding software (i.e. Wireshark). Expect the CTF to take you less than 1 hour to complete. Team collaboration is encouraged, and if you encounter obstacles, numerous hints are available to guide you. Excel in the challenge, and you could walk away with a CT Cubed SAO, an exclusive prize while supplies last.
- ics Calendar file
Spotter is a groundbreaking open-source tool or solution designed to secure Kubernetes clusters throughout their lifecycle. Built on the native tooling of Kubernetes by leveraging CEL (Common Expression Language) for policy definitions, we can define unified security scanning across development, CLI, CI/CD, Admission Controllers, deployments, runtime, and continuous monitoring. Its unique approach enables both enforcement and monitoring modes, ensuring that policies can be applied consistently and mapped directly to industry standards such as CIS, MITRE ATT&CK, etc.
Spotter provides extreamly high flexbility across all Kubernetes phases, providing an innovative approach that no other open-source or commercial solution can replicate. It seamlessly bridges security, DevOps, and platform teams, effectively solving the real-world challenges faced by day-to-day operations.
SpeakerBio: Madhu "madhuakula" Akula, Pragmatic Security LeaderMadhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud Native Security Architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). He holds industry certifications like CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), OSCP (Offensive Security Certified Professional), etc.
Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON 24, 26, 27, 28, 29 & 30, BlackHat 2018, 19, 21 & 22, USENIX LISA 2018, 19 & 21, SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, Github Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon 2018, 19, 21 & 22, SACON, Serverless Summit, null and multiple others.
His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVE’s, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.
- ics Calendar file
You may have heard tales of mainframe pentesting and exploitation before - mostly from us! Those stories often focused on the MVS/ISPF side of the IBM z/OS. But did you know that all those same tricks (and more!) can be pulled off in z/OS Unix System Services (OMVS) as well? I bet you didn't even know z/OS had a UNIX side!
Over the years we've discovered multiple unique attack paths when it comes to Unix on the mainframe. In this talk, we'll present live demos of real-world scenarios we've encountered during mainframe penetration tests. These examples will showcase what can happen with poor file hygiene leading to database compromises, inadequate file permissions enabling privilege escalation, lack of ESM resource understanding allowing for privileged command execution, and how dataset protection won't save you from these attacks. We'll also be demonstrating what can happen when we overflow the buffer in an APF authorized dataset.
Attendees will learn how to test these controls themselves using freely available open-source tools and how to (partially) detect these attacks. While privesc in UNIX isn't game over for your mainframe, it's pretty close. By the end, it will be clear that simply granting superuser access to Unix can be just as dangerous, if not more so, than giving access to TSO on the mainframe.
SpeakerBio: Philip "Soldier of FORTRAN" YoungPhilip Young, aka Soldier of FORTRAN, Director of Mainframe Penetration Testing Services at NetSPI is an oldschool hacker. He started out on with an Amiga 500 and a modem and never looked back, cutting his teeth on Datapac (the Canadian X.25 network) he eventually grew to searching the internet for interesting things. Later in his career he started taking a serious look at mainframe cybersecurity and realized how far behind mainframes had fallen when compared to their more open system (Windows/Linux). At that point he made it his lifes mission to raise awareness and produce tooling to aid in the testing of these critical resources to help keep them safe. Since then he has given talks around the world at places like BlackHat, DEFCON, RSA, has taught multiple workshops and was even under investigation by the Swedish secret police. In addition he has released countless opensources tools to pentest mainframes.
- ics Calendar file
Step into the IoT Village and challenge those eyes staring at you. Break open real hardware and dive in to uncover vulnerabilities.
Try your luck to emulate those devices. Whether you’re a hardware hacking pro of just a hardware wrecker, this hands-on experience is your change to push the limits of hardware hacking.
Ready to see what’s really watching you?
- ics Calendar file
Matthias Göhring is security consultant and penetration tester at usd AG, an information security company based in Germany with the mission #moresecurity. He is Head of usd HeroLab, the division of usd specialized in technical security assessments. In addition, he holds lectures at Technical University Darmstadt and University of Applied Sciences Darmstadt on ethical hacking and penetration testing. In previous scientific work, he focused on network and communication security as well as software security.
Previous publications: - Catching the Clones – Insights in Website Cloning Attacks, Risk Connect Conference, 2021 - Path MTU Discovery Considered Harmful, IEEE 38th International Conference on Distributed Computing Systems (ICDCS), 2018 - Tor Experimentation Tools, IEEE Security and Privacy Workshops, 2015 - On randomness testing in physical layer key agreement, IEEE 2nd World Forum on Internet of Things (WF-IoT), 2015
- ics Calendar file
Come stop by for our first offical event where we will have custom stickers for VX Underground, Skyhopper, and more!
- ics Calendar file
Join the AIxCC Organizers to discuss the competition strategy, building evaluations that scale, and the potential future state of the industry.
Speakers:David Brumley,Isaac Goldthwaite,Tim Allison,David Wank,Sierra Haex,Matt Turek
- ics Calendar file
Diana Initiative is excited to offer up a "Quiet Room". This room is a library vibes environment where people can calm down or recharge before going back out to experience more DEF CON, or even safely have a meltdown, stim, and take time to recenter. In our library area we will have fidget toys, coloring pages and more.
- ics Calendar file
In a competition where all the entrants are autonomous systems and the top prize is four million dollars, the biggest question usually is: "how can I watch?"
This talk will present different facets of the AI Cyber Challenge (AIxCC), specifically focusing on making them more understandable and visually intuitive. We'll go over a variety of aspects of the challenge, from the overall structure to replaying specific vulnerabilities and competitor submissions.
By focusing on making the ideas behind the competition accessible, this talk will help audiences of all levels come away with new ideas and understanding of the possibilities of AI capabilities.
SpeakerBio: Mark Griffin, Founder at Undaunted Development LLC
- ics Calendar file
In the age of hybrid and multi cloud environments, visibility and control over misconfigurations is critical. Budgets, time, and resources rarely scale as fast as infrastructure. This hands-on lab walks you through the realities of defending modern cloud environments, using real misconfigurations.
Participants will automate scans against multiple misconfigured environments, and learn to interpret findings in context using a set of open-source CSPM tools across simulated multi-cloud infrastructure.
The lab culminates in comparing tools using a Pugh Matrix. Attendees will compare tools based on coverage, usability, integration, and accuracy, equipping them with a repeatable evaluation framework tailored to organizational maturity, size, and resource constraints.
Core Focus Areas
Cloud Inventory & Visibility – Understand what’s deployed across providers and where misconfigurations hide.
Open-Source Tooling Deep Dive – Explore strengths and compare various CSPM tools like Prowler, Steampipe, Scout Suite.
Deployment Automation – Use automated scripts to spin up various tools and investigate findings.
Tool Evaluation Framework – Score each tool’s effectiveness using a weighted Pugh Matrix.
Security Strategy by Org Type – Decide when to build, buy, or adopt based on maturity, scale, and needs.
1) Kick-off & Cloud Risk Lens — 10 min
Clone lab repo, walkthrough of the fictional company’s multi-cloud architecture.
Discuss common multicloud misconfig scenarios and visibility gaps.
2) Baseline Tool Scan — 20 min
Automate running various CSPM tools based on deployed infrastructure.
Collect reports and note 3+ key findings per tool.
4) Pugh Matrix Evaluation — 20 min
Evaluate each tool on factors like detection depth, usability, integrations, and maintenance.
Fill out and weigh the Pugh Matrix collaboratively.
Speakers:Hari Pranav Arun Kumar,Ritvik AryaHP is a Security engineer and my job includes working on improving cloud, application and runtime security. I have worked with the cloud village team, developing CTF’s over the past two years. I love to tinker, participate in hackathons and eventually found my passion for security. Looking forward to connecting and collaborating with everyone!
SpeakerBio: Ritvik AryaRitvik is an Application Security Engineer. has experience working in securing cloud applications, threat modeling, and secure code reviews. He is also a bug bounty hunter and currently working on securing containers. Part of the cloud village team and work on setting up challenges for the CTF.
- ics Calendar file
The world of securing OT/ICS is changing FAST!
And we are not prepared.
Prior to the Colonial Pipeline incident in 2021, we focused on protecting against state adversaries.
Afterwards, we shifted to focusing on protecting against ransomware operators and hacktivists.
Now in 2025, we see more alignment between state adversaries, ransomware operators and hacktivists.
A significant shift in the landscape we are not ready for.
Advanced capabilities and tools in the hands of every day attackers with intermediate to no skill?
Are we prepared today for what's coming?
No.
But we can be.
And we'll talk about how.
SpeakerBio: Mike Holcomb, FlourMike Holcomb is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, one of the world’s largest engineering, procurement, and construction companies. His current role provides him with the opportunity to work in securing some of the world’s largest ICS/OT environments, from power plants and commuter rail to manufacturing facilities and refineries. As part of his community efforts, Michael founded the BSidesICS/OT and BSides Greenville conferences along with the UpstateSC ISSA Chapter. He has his Masters degree in ICS/OT cybersecurity from the SANS Technology Institute. Additionally, he maintains cyber security and ICS/OT certifications such as the GRID, CISSP, GICSP, ISA 62443, and more.
He posts regularly on LinkedIn and YouTube to help others learn more about securing ICS/OT and critical infrastructure.
- ics Calendar file
Operational Technology (OT) describes devices and protocols used to control real-world operations: factories, assembly lines, medical equipment, and so on.
For decades, this technology was isolated (more or less) from the wider world, using custom protocols and communications media. However, over the past 15 - 20 years, these devices have started using commodity protocols and media more and more. This means that these devices are now using the standard TCP/IP protocol suite, a concept referred to as "OT/IT convergence."
This convergence has obvious benefits, making these devices cheaper and more manageable. However, it also makes them more accessible to attackers, and their security posture has often not kept up.
As part of this convergence process, many devices are connected via protocol gateways. These gateways speak TCP/IP, and then translate communications to proprietary OT protocols (or simply provide a NAT-style private network within an OT device rack).
This talk discusses techniques for detecting devices on the "other side" of these gateways. It begins with a brief introduction to the history of OT, moving on to the OT/IT convergence phenomenon. It then discusses the issue of protocol translation and provides two practical examples of discovering assets across gateways: CIP (Common Industrial Protocol) message forwarding and DNP3 (Distributed Network Protocol, version 3) address discovery.
These techniques are provided as examples to illustrate the issue of OT device discovery, and to encourage the audience to perform further research in how these sorts of devices may be discovered on networks and, ultimately, protected.
SpeakerBio: Rob King, RunzeroRob King is the Director of Security Research at runZero. Over his career Rob has served as a senior researcher with KoreLogic, the architect for TippingPoint DVLabs, and helped get several startups off the ground. Rob helped design SC Magazine's Data Leakage Prevention Product of the Year for 2010, and was awarded the 3Com Innovator of the Year Award in 2009. He has been invited to speak at BlackHat, DEF CON, Shmoocon, SANS Network Security, and USENIX.
- ics Calendar file
Production halted. SCADA alarms blaring. The CEO demands answers. Your theoretical cyberattack? It just became reality. Point-in-time penetration tests are fundamentally inadequate against today's advanced persistent threats. This talk outlines a framework to build an intelligence-led, integrated attack and crisis simulation program, not just a reactive security strategy.
Drawing from our extensive experience (including hundreds of red team engagements for some of the world's largest organizations, with anonymized real-world case studies), we will unveil TotalTest – a revolutionary, metrics-driven framework that transforms breach simulations from isolated exercises into a continuous, strategic program for unparalleled organizational resilience.
SpeakerBio: Nebu Varghese, FTI Consulting LLP - Senior Director, EMEA Offensive Security LeaderNebu Varghese is a Senior Director in FTI Consulting’s Cybersecurity practice and is based in London. Mr. Varghese has more than 13 years of multi-functional cybersecurity experience, blending deep technical expertise with strong academic credentials. He has led global teams and complex matters across 28 countries, in sectors including Financial Services, Private Equity, TMT, Manufacturing, and Critical National Infrastructure. Mr. Varghese specialises in executing and managing the delivery of offensive security testing (ethical hacking or penetration testing) engagements for organisations across the globe. He serves on the UK National Cyber Security Centre (NCSC) Security Testing Expert Group, collaborating with industry experts to draft practical and valuable best practice guidance that informs and guides both the NCSC and the wider ICS industry.
- ics Calendar file
The implementation of Active Directory environments is, by essence, not unlike a command-and-control infrastructure allowing to centrally coordinate and control network assets. As an attacker, why not make it your own ?
As far as the C2 capabilities of Active Directory go, Group Policy Objects (GPOs) are a key functionality that can be leveraged by attackers for a surprisingly wide range of offensive actions. From enumeration, to persistence, to impactful privilege escalation in mature segmented environments, abusing GPOs amounts to abusing the C2 capabilities of Active Directory itself – a powerful attack primitive.
And yet, GPOs received comparatively little attention by the pentesting and research community. GPOs exploitation knowledge and tooling is scarce, whether because implementation may seem kind of obscure, or since exploitation can be seen as risky. Concerns that well-equipped attackers may not have to worry about.
This presentation aims at demonstrating the full extent of possibilities offered by Group Policy Objects. It will dive deep into GPOs implementation, enumeration potential and advanced exploitation techniques introduced or implemented by the speakers these last few years. It will also be accompanied by the release of two enumeration and exploitation tools developed by the speakers.
References:
Speakers:Quentin "quent0x1" Roland,Wilfried "wil_fri3d" BécardQuentin Roland is a 28-year-old pentester working for a bit more than 3 years for Synacktiv, a French firm dedicated to offensive information security.
He enjoys working on Active Directory, releasing open-source exploitation tools or enhancing existing tooling. He worked on known, trendy Active Directory exploitation primitives as well as on more obscure research topics.
A fun fact about him: he actually studied law and used to work as a lawyer, before turning to penetration testing.
SpeakerBio: Wilfried "wil_fri3d" BécardWilfried Bécard is a hacker and researcher working at Synacktiv. With a particular interest in Active Directory and Azure exploitation, his passion lies in uncovering new techniques to enhance cybersecurity in these areas. Constantly experimenting, testing, and collaborating with the security community, he aims at continuously improve his knowledge in these fields.
- ics Calendar file
Dealers are a vital part of the automotive industry – intentionally separate entities from the manufacturers, but highly interconnected. Most dealers use platforms built by the manufacturers that can be used to order cars, view/store customer information, and manage their day-to-day operations. Earlier this year, new vulnerabilities were discovered in a top automaker’s dealer platform that enabled the creation of a national admin account. This level of access, a privilege reserved for a select few corporate users, opened the door to a wide range of fun exploits.
Want to start a car? Forget VINs – all you needed was someone’s name. Access to the enrollment systems made it possible to reassign ownership of cars and access remote control functionality.
Want to find out who owns that sleek ride next to you? A quick glance at the VIN on the windshield was all you needed to pull down the owner’s personal information using the customer lookup tool.
Want to impersonate the owner of a dealership to gain full access to everything? A user impersonation function was uncovered that made this possible - negating all the two-factor authentication systems.
All of this and much more was made possible through API flaws in a centralized dealer system. A system used by more than 1,000 dealers in the USA that you didn’t even know existed. A system that you would never have thought would be the unexpected connection to your car. We break down the full exploit from recon to initial access, from viewing PII to the satisfying roar of an engine coming to life.
Speakers:Eaton Zveare,Roshan PiyushEaton is a senior security research engineer at Traceable by Harness. As a member of the ASPEN Labs team, he has contributed to the security of some of the world's largest organizations by finding and responsibly disclosing many critical vulnerabilities. He is best known for his high-profile security disclosures in the automotive space: 1, 2, 3.
SpeakerBio: Roshan Piyush, Security Research at Traceable by HarnessRoshan Piyush leads Security Research at Traceable by Harness, where he also oversees Aspen Labs — Harness's dedicated initiative for advancing modern application and API security. He is at the forefront of developing next-generation security platforms that deliver deep protection across the software lifecycle, from code to runtime.
With over a decade of experience in cybersecurity and a recent focus on API security, Roshan researches cutting-edge detection and prevention techniques across CI/CD pipelines, software supply chains, runtime environments, and cloud-native architectures. His work powers enterprise-grade security solutions that help organizations stay ahead of evolving threats.
An active contributor to the open-source security community, Roshan has been involved with projects like OWASP crAPI and Coraza WAF. He frequently shares his insights through technical talks, tools, and collaborations, helping drive progress across the broader AppSec ecosystem.
- ics Calendar file
IoT devices are ubiquitous, yet their security remains a critical concern. This talk explores over 50 real-world vulnerability cases in the IoT ecosystem, exposing systemic issues such as vendor-embedded backdoors, predictable credentials, and exploitable configuration consoles. We’ll dissect vulnerabilities like CVE-2024-48271 (CVSS 9.8) and CVE-2025-1143, favored by APT groups and scammers, that enable remote code execution and global device control. Drawing from our extensive research, we’ll reveal how even beginners can compromise critical infrastructure like ATMs and water treatment facilities by targeting poorly secured devices. Additionally, we’ll share the frustrating reality of reporting vulnerabilities to manufacturers, CNAs, and CERTs—stories of ignored reports, year-long delays, and denials despite severe risks. Attendees will gain actionable insights into vulnerability discovery, secure development practices, and responsible disclosure, empowering hackers, developers, and manufacturers to strengthen IoT security.
Speakers:Kai-Ching "Keniver" Wang,Chiao-Lin "Steven Meow" YuKai-Ching Wang (Keniver) is a Senior Security Researcher at CHT Security. He specializes in red team assessments and comprehensive security reviews, with a current focus on hacking IoT devices and cloud-native infrastructure. He has presented his research on the security of cloud-connected IoT camera systems at conferences such as SECCON in Japan and HITCON in Taiwan.
SpeakerBio: Chiao-Lin "Steven Meow" Yu, Senior Red Team Cyber Threat Researcher at Trend Micro TaiwanChiao-Lin Yu (Steven Meow) currently serves as a Senior Red Team Cyber Threat Researcher at Trend Micro Taiwan. He holds numerous professional certifications including OSCE³, OSEP, OSWE, OSED, OSCP, CRTP, CARTP, CESP-ADCS, LPT, CPENT, GCP ACE. Steven has previously presented at events such as HITCON Training 2025, Security BSides Tokyo 2023, and CYBERSEC 2024, 2025. He has disclosed 30+ CVE vulnerabilities in major companies like VMware, D-Link, and Zyxel. His expertise spans Red Team exercises, Web security, IoT security and Meow Meow security.
- ics Calendar file
In the space of months, we have seen AI move from a chat bot which writes funny limericks to an integral part of a developers workflow. AI coding assistants are now building entire apps and features as well as performing multi-repo refactoring, all whilst using MCP to interact with many other services.
In this round-table aimed at practitioners and developers, let's discuss how you have seen this in your own environments and how you have been able to both overcome the security challenges but also take advantage of capabilities which were not previously available.
SpeakerBio: Josh Grossman, Bounce Security at OWASPJosh Grossman has worked as a consultant in IT and Application Security and Risk for 15 years now, as well as a Software Developer. This has given him an in-depth understanding of how to manage the balance between business needs, developer needs and security needs which goes into a successful software security programme.
Josh is currently CTO for Bounce Security where he helps clients improve and get better value from their application security processes and provides specialist application security advice. His consultancy work has led him to work, speak and deliver training both locally and worldwide including privately for ISACA and Manicode and publicly for OWASP's Global AppSec conferences, NDC Security and Black Hat.
In his spare time, he co-leads the OWASP Application Security Verification Standard project and is on the OWASP Israel chapter board and the OWASP Events Committee. In 2025, OWASP recognised his contributions with a Distinguished Lifetime Membership award.
- ics Calendar file
Hands-on access to real voting systems
- ics Calendar file
Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
Speakers:Darren Meyer,Raphael SilvaDarren is a security research advocate and practitioner that has worked on every side of the AppSec world at some point in the past 20 years. He's passionate about making security work more accessible and less stressful.
SpeakerBio: Raphael SilvaRaphael Silva is a Security Researcher at Checkmarx, specializing in security research, SAST methodologies, and Supply Chain Security. Over the course of his career, he has presented at various conferences, as well as conducted a workshop at DEFCON30. In addition, he is experienced in vulnerability analysis, research, and disclosure, having reported multiple bugs to companies and open-source projects.
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
Come sit down and take a self guided journey to learn something hands on with us. We have an array of skills to learn including FleetDM, Linux, NetworkOS, Botnets, and others as well! We have people there to help answer your questions if things get a little dicey and make sure you have the best time while picking up something new.
- ics Calendar file
The fabled Wall Of Sheep…
- ics Calendar file
- ics Calendar file
AWS Systems Manager (SSM) is a powerful service for managing and automating your AWS and hybrid infrastructure. However, its very flexibility can be weaponized by attackers seeking to gain unauthorized access, execute malicious code, establish persistence, and disrupt operations. This talk demonstrates the practical malicious use of various SSM features, revealing how attackers can abuse benign functionalities.
We will dissect distinct attack vectors targeting SSM capabilities. Learn how Run Command can be leveraged for remote code execution at scale, turning your management tool into an attacker's playground. We'll explore the alarming potential of the SSM Agent being exploited as a persistent Remote Access Trojan (RAT), enabling stealthy cross-account control. Discover the risks lurking within publicly shared SSM Documents, exposing sensitive information to unintended eyes.
The session will further illuminate how Parameter Store, designed for secure configuration management, can be poisoned to compromise application logic and secrets. Understand how State Manager, intended for maintaining consistent configurations, can be twisted to establish persistent malicious states. We will also dissect the abuse of Session Manager for unauthorized interactive shell access, bypassing traditional network security controls and boundaries. The often-overlooked Patch Manager will be examined for its potential to disrupt patching cycles or, in specific scenarios, introduce malicious changes. Finally, we will explore how Distributor, a tool for software deployment, can be exploited to introduce and maintain a foothold of malicious packages across your fleet.
Crucially, this talk goes beyond simply identifying vulnerabilities. We will provide concrete and actionable hardening techniques and mitigation strategies for each abuse vector. Learn how to implement the principle of least privilege across SSM IAM permissions, establish robust monitoring and alerting mechanisms, and implement secure configuration practices for the Parameter Store and State Manager.
Attendees will understand the often-underestimated security risks associated with AWS SSM and acquire practical knowledge to fortify their AWS environments against these potential exploits. This session is essential for security professionals, cloud architects, DevOps engineers, and anyone responsible for the security and operational integrity of AWS infrastructures.
Outline with techniques we are going to present and discuss : 1. Abusing Run Command for Remote Code Execution: 2. Exploiting SSM Agent as a Remote Access Trojan (RAT) 3. Abusing Publicly Shared SSM Documents 4. Leveraging Parameter Store for Configuration Poisoning 5. Abusing State Manager for Persistent Configuration Drift 6. Abusing Session Manager for Unauthorized Interactive Access 7. Exploiting Patch Manager for Inconsistent or Malicious Patching 8. Weaponizing Software Distribution: Abusing AWS SSM Distributor
SpeakerBio: Rodrigo MontoroRodrigo Montoro has more than 25 years of experience in Information Technology and Computer Security. Most of his career worked with open source security software (firewalls, IDS, IPS, HIDS, log management, endpoint monitoring), incident detection & response, and Cloud Security. Currently, he is Director of Research at Clavis Security. Before that, he worked as Cloud Researcher at Tenchi Security, Head of Research and Development at Apura Cyber Intelligence, SOC/Researcher at Tempest Security, Senior Security Administrator at Sucuri, Researcher at Spiderlabs. Author of 2 patented technologies involving innovation in the detection field. One is related to discovering malicious digital documents. The second one is in how to analyze malicious HTTP traffic. Rodrigo has spoken at several opensource and security conferences (DEFCON Workshops, DEFCON Cloud Village, OWASP AppSec, SANS (DFIR, SIEM Summit & CloudSecNext), Toorcon (USA), H2HC (São Paulo and Mexico), SecTor (Canada), CNASI, SOURCE, ZonCon (Amazon Internal Conference), Blackhat Brazil, DEFCON Workshop, BSidesLV
- ics Calendar file
Bitdefender invites you to solve a few challenges that will get you familiar with the inner workings oof the Matter Protocol.
Smart home promises seamless living with lights, locks, sensors, and thermostats, all speaking the same language.
But behind the comfort of voice commands and automated routines lies a tangled web of wireless protocols and IoT standards like Matter.
Can you disrupt, decode of dominate the smart home?
- ics Calendar file
Kit cost $180
- ics Calendar file
DCs are organizations’ core. A successful DoS attack against them can break authentication and paralyze operations.
Following our LdapNightmare release, the first public DoS exploit for CVE-2024-49113, we found two new DoS-style attack surfaces on DCs: new critical DoS vulnerabilities, and creating a botnet harnessing public DCs for DDoS. Our goal: create the Win-DoS epidemic - infect DCs with Win-DoS and make them infect others, forming Win-DDoS.
Building on LDAPNightmare, we explored client-side targeting, often exposing weaker code. By turning DCs into LDAP clients via NetLogon RPC, using LDAP referrals, we redirected them to chosen domains/ports, matching our goals.
Moreover, we knew DDoS was powerful, but aimed to replicate its effect from a single machine. We focused on RPC servers - abundant in Windows with wide attack surfaces, especially those not requiring authentication. By abusing security gaps in RPC bindings, we hit the same RPC server relentlessly from one system, far surpassing standard concurrency limits! and WOW, found vulns crashing any Windows: servers and endpoints alike!
We present “Win-DoS Epidemic” - DoS tools exploiting four new Win-DoS and one Win-DDoS zero-click vulns! Crash any Windows endpoint/server, including DCs, or launch a botnet using public DCs for DDoS. The epidemic has begun
References:
Speakers:Or "oryair1999" Yair,Shahak MoragOr Yair (@oryair1999) is a security research professional with seven years of experience, currently serving as the Security Research Team Lead at SafeBreach. His primary focus lies in vulnerabilities in the Windows operating system’s components, though his past work also included research of Linux kernel components and some Android components. Or's research is driven by innovation and a commitment to challenging conventional thinking. He enjoys contradicting assumptions and considers creativity as a key skill for research. Or frequently presents his vulnerability and security research discoveries internationally at top conferences he speaks at such as Black Hat, DEF CON, RSAC, SecTor, and many more.
SpeakerBio: Shahak MoragShahak, Currently serving as the Research Lead at SafeBreach, with over seven years of experience in security research. My background includes extensive expertise in Linux kernel and embedded systems, with more than one year of focused research on Windows platforms.
- ics Calendar file
This training is a hands-on, immersive course designed to teach participants the art of crafting evasive Windows payloads while navigating and bypassing modern Endpoint Detection and Response (EDR) systems. Through a blend of theory and practical exercises, attendees will gain a deep understanding of payload development, focusing on techniques that enhance stealth, modularity, and effectiveness in offensive operations.
Key topics include payload formats, memory-resident execution, process injection, and advanced evasion strategies. Participants will explore the use of living off the land binaries (LOLBins), design modular implants with secure communication, and develop packers to obfuscate payloads and evade detection. By the end of the course, students will possess the knowledge and skills to craft realistic initial access vectors and deploy sophisticated payloads capable of evading modern defensive controls.
Speakers:Rey "Privesc" Bango,Kevin ClarkRey "Privesc" Bango is a Principal Cloud Advocate at Microsoft and a Security Consultant specializing in red teaming at BC Security. At Microsoft, he focuses on empowering organizations to leverage transformative technologies such as Artificial Intelligence and Machine Learning, prioritizing trust, security, and responsible use. He is an experienced trainer and speaker, presenting and teaching at cybersecurity conferences, including Black Hat and DEF CON. His work continues to bridge the gap between cutting-edge technological advancements and the critical need for secure, ethical implementation in today's world.
SpeakerBio: Kevin Clark, Red Team Instructor at BC SecurityKevin Clark is a Security Consultant with TrustedSec and a Red Team Instructor with BC Security, with a diverse background in software development, penetration testing, and offensive security operations. Kevin specializes in initial access techniques and Active Directory exploitation. He has contributed to open-source projects such as PowerShell Empire and developed custom security toolkits, including Badrats and Ek47. A skilled trainer and speaker, Kevin has delivered talks and conducted training sessions all over the country at cybersecurity conferences, including Black Hat and DEF CON, and authors a cybersecurity blog at https://henpeebin.com/kevin/blog.
- ics Calendar file
This training is a hands-on, immersive course designed to teach participants the art of crafting evasive Windows payloads while navigating and bypassing modern Endpoint Detection and Response (EDR) systems. Through a blend of theory and practical exercises, attendees will gain a deep understanding of payload development, focusing on techniques that enhance stealth, modularity, and effectiveness in offensive operations.
Key topics include payload formats, memory-resident execution, process injection, and advanced evasion strategies. Participants will explore the use of living off the land binaries (LOLBins), design modular implants with secure communication, and develop packers to obfuscate payloads and evade detection. By the end of the course, students will possess the knowledge and skills to craft realistic initial access vectors and deploy sophisticated payloads capable of evading modern defensive controls.
Speakers:Rey "Privesc" Bango,Kevin ClarkRey "Privesc" Bango is a Principal Cloud Advocate at Microsoft and a Security Consultant specializing in red teaming at BC Security. At Microsoft, he focuses on empowering organizations to leverage transformative technologies such as Artificial Intelligence and Machine Learning, prioritizing trust, security, and responsible use. He is an experienced trainer and speaker, presenting and teaching at cybersecurity conferences, including Black Hat and DEF CON. His work continues to bridge the gap between cutting-edge technological advancements and the critical need for secure, ethical implementation in today's world.
SpeakerBio: Kevin Clark, Red Team Instructor at BC SecurityKevin Clark is a Security Consultant with TrustedSec and a Red Team Instructor with BC Security, with a diverse background in software development, penetration testing, and offensive security operations. Kevin specializes in initial access techniques and Active Directory exploitation. He has contributed to open-source projects such as PowerShell Empire and developed custom security toolkits, including Badrats and Ek47. A skilled trainer and speaker, Kevin has delivered talks and conducted training sessions all over the country at cybersecurity conferences, including Black Hat and DEF CON, and authors a cybersecurity blog at https://henpeebin.com/kevin/blog.
- ics Calendar file
As surveillance becomes the norm, the development of privacy enhancing technologies is crucial in protecting individuals’ data. In this presentation, I will talk about Nym, a mixnet focused on protecting the metadata during end-to-end communication. I will go over how Nym works, what core features it uses, its tokenomics system, and patterns in node behaviors that I found from scraping all existing nodes’ data from the network explorer for 30 days.
SpeakerBio: Alexis CaoAlexis graduated from Johns Hopkins University with a Bachelor of Science degree in Computer Science this May. She is passionate about privacy technologies, and she has been doing research on mixnets. In the past, she has volunteered at Physical Security Village, Red Team Village, and AppSec Village at DEFCON. In her free time, she loves doing jiujitsu and she is a blue belt.
- ics Calendar file
As surveillance becomes the norm, the development of privacy enhancing technologies is crucial in protecting individuals’ data. In this presentation, I will talk about Nym, a mixnet focused on protecting the metadata during end-to-end communication. I will go over how Nym works, what core features it uses, its tokenomics system, and patterns in node behaviors that I found from scraping all existing nodes’ data from the network explorer for 30 days.
SpeakerBio: Alexis CaoAlexis graduated from Johns Hopkins University with a Bachelor of Science degree in Computer Science this May. She is passionate about privacy technologies, and she has been doing research on mixnets. In the past, she has volunteered at Physical Security Village, Red Team Village, and AppSec Village at DEFCON. In her free time, she loves doing jiujitsu and she is a blue belt.
- ics Calendar file
Getting started, Finding Roles, Interviewing, and everything inbetween
SpeakerBio: Mari Galloway, Founder at Women's Society of Cyberjutsu
- ics Calendar file
Everything you need to know to find your first CVE
SpeakerBio: Natan Morette, Senior Cyber Security AnalystNatan Morette is a Senior Cyber Security Analyst with over 15 years of experience in technology, specializing in Vulnerability Management, Attack Surface and Exposure Management, Endpoint Protection, Penetration Testing (PenTesting), Internal Network Security Assessments, Microsoft 365, Information Security Frameworks, Network Administration, Microsoft/Linux Server solutions, and Cloud Security Administration (GCP, Azure).
- ics Calendar file