defcon 2014 Aug. 7, 2014 to Aug. 10, 2014, las vegas,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
DEF CON 101 - The Talk Pyr0 , Lockheed , Highwiz , Roamer , Lost DEF CON 101 is the Alpha to the closing ceremonies' Omega. It's the place to ...
Protecting SCADA From the Ground Up Aaron Bayles Industrial Control Systems (ICS) and SCADA are everywhere, whether you know it or not. Not ...
DEF CON the Mystery, Myth and Legend Panel It's hard to throw a stone these days without hitting a security/hacking conference. But, when ...
AWS for Hackers Seth Van Ommen What tool does every hacker need in their toolset? The entire goddamn giant that is ...
Detecting Bluetooth Surveillance Systems Grant Bugher Departments of Transportation around the United States have deployed "little white boxes" -- Bluetooth detectors ...
Dropping Docs on Darknets: How People Got Caught Adrian Crenshaw Most of you have probably used Tor before, but I2P may be unfamiliar. Both are ...
Hacking 911: Adventures in Disruption, Destruction, and Death Christian “quaddi” Dameff , Jeff “r3plicant” Tully , Peter Hefley Ever wonder what you would do if the people you needed most on the worst ...
How to Disclose an Exploit Without Getting in Trouble Tod Beardsley , Jim Denaro You have identified a vulnerability and may have developed an exploit. What should you do ...
Reverse Engineering Mac Malware Sarah Edwards Dynamic malware reverse engineering helps forensic analysts and reverse engineers gather quick data points such ...
NSA Playset: PCIe Joe Fitzpatrick , Miles Crabill Hardware hacks tend to focus on low-speed (jtag, uart) and external (network, usb) interfaces, and ...
Oh Bother, Cruising The Internet With Your Honeys, Creating Honeynets For Tracking Criminal Organizations Terrence “tuna” Gareau , Mike Thompson Bandwidth, computing power, and software advancements have empowered hackers to quickly scan for and exploit ...
The Monkey in the Middle: A pentesters guide to playing in traffic. Anch Prank your friends, collect session information and passwords, edit traffic as it goes by.. become ...
Investigating PowerShell Attacks Ryan Kazanciyan , Matt Hastings Over the past two years, we've seen targeted attackers increasingly utilize PowerShell to conduct command-and-control ...
Is This Your Pipe? Hijacking the Build Pipeline. Kyle Kelley , Greg Anderson As developers of the web, we rely on tools to automate building code, run tests, ...
Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter! Jake Kouns , Carsten Eiram Everywhere you turn it seems that companies are having serious problems with security, and they ...
Home Alone with localhost: Automating Home Defense Chris Littlebury Home automation is everywhere, and so are their exploits. This presentation will go over a ...
Meddle: Framework for Piggy-back Fuzzing and Tool Development Geoff Towards simplifying the vulnerability fuzzing process, this presentation introduces a moddable framework called Meddle that ...
Instrumenting Point-of-Sale Malware: A Case Study in Communicating Malware Analysis More Effectively Wesley Mcgrew The purpose of this talk is to promote the adoption of better practices in the ...
One Man Shop: Building an effective security program all by yourself Medic At past DEF CON events, including DEF CON 101, most of the attendees we’ve encountered ...
RF Penetration Testing, Your Air Stinks John "DaKahuna" Fulmer , Rick Mellendick The purpose of this talk is to discuss the effective radio frequency (RF) tools, tactics, ...
Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin Grifter , Metacortex This is an introduction level talk. The talk itself will cover the basics of Tor, ...
USB for all! Mickey Shkatov , Jesse Michael USB is used in almost every computing device produced in recent years. In addition to ...
ShareEnum: We Wrapped Samba So You Don’t Have To Lucas Morris , Michael Mcatee CIFS shares can tell you a lot about a network, including file access, local administrator ... IncludeThinkstScapes
An Introduction to Back Dooring Operating Systems for Fun and Trolling Nemus So you want to setup a back door? Have you ever wondered how its done ...
Panel - Diversity in Information Security Vyrus , Jennifer , Sandy “mouse” Clark , Kristin Paget , Jolly , Scott Martin Discussion from the point of view of a diverse panel of leading representatives currently in ...
Android Hacker Protection Level 0 Tim Strazzere , Jon Sawyer Obfuscator here, packer there - the Android ecosystem is becoming a bit cramped with different ...
Standing Up an Effective Penetration Testing Team Wiseacre Many talks give you information on how to be a better penetration tester. The majority ...
Data Protection 101 - Successes, Fails, and Fixes Peter Teoh Don't be a Target! How do you protect your organization's data assets? If you're dealing ...
Anatomy of a Pentest; Poppin' Boxes like a Pro Pushpin Are you excited about hacking and want to be a pentester in the next few ...
Blinding The Surveillance State Christopher Soghoian We live in a surveillance state. Law enforcement and intelligence agencies have access to a ...
Bug Bounty Programs Evolution Nir Valtman Bug bounty programs have been hyped in the past 3 years, but this concept was ...
Practical Foxhunting 101 Adam Wirth The basic skills needed to quickly locate wireless emitters are easy to learn and no ...
Client-Side HTTP Cookie Security: Attack and Defense David Wyde HTTP cookies are an important part of trust on the web. Users often trade their ...
The Making of DEFCOIN Seth Van Ommen , Jeff Thomas , Mike Guthrie If the Juggalos can do it why can't we? We will discuss what it took ...
Paging SDR... Why should the NSA have all the fun? Jeff Thomas , Jason Malley Remember pagers? Those things the dealers used in the first season of The Wire? Did ...
Bypass firewalls, application white lists, secure remote desktops under 20 seconds Zoltan Balazs In theory, post-exploitation after having remote access is easy. Also in theory, there is no ...
PropLANE: Kind of keeping the NSA from watching you pee Russ Rogers , Ryan Clarke , Rob Bathurst , Mark Carey No one likes to be watched, especially on the Internet. Your Internet…habits are only for ...
Getting Windows to Play with Itself: A Hacker's Guide to Windows API Abuse Brady Bloxham Windows APIs are often a blackbox with poor documentation, taking input and spewing output with ...
Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog Gene Bransfield WarKitteh: In my job I have to deliver frequent Information Security briefings to both technical ...
Through the Looking-Glass, and What Eve Found There Luca "kaeso" Bruno , Mariano "emdel" Graziano Traditionally, network operators have provided some kind of public read-only access to their current view ...
Summary of Attacks Against BIOS and Secure Boot Yuriy Bulygin , Andrew Furtak , Oleksandr Bazhaniuk , John Loucaides A variety of attacks targeting platform firmware have been discussed publicly, drawing attention to the ...
I am a legend: Hacking Hearthstone with machine learning Elie Bursztein , Celine Bursztein Want to become a legend at Hearthstone -- Blizzard's new blockbuster collecting card game -- ...
The Secret Life of Krbtgt Christopher Campbell A tale of peril and woe, Krbtgt is the domain account that you just can't ...
The $env:PATH less Traveled is Full of Easy Privilege Escalation Vulns Christopher Campbell 15 years after APT was released for Linux, Microsoft is finally going to ship Windows ...
Hacking US (and UK, Australia, France, etc.) traffic control systems Cesar Cerrudo Probably many of us have seen that scene from "Live Free or Die Hard" (Die ...
The Cavalry Year[0] & a Path Forward for Public Safety Joshua Corman , Nicholas J Percoco At DEF CON 21, The Cavalry was born. In the face of clear & present ...
NSA Playset: DIY WAGONBED Hardware Implant over I2C Teddy Reed , Josh Datko In this talk we present an open source hardware version of the NSA's hardware trojan ...
Abuse of Blind Automation in Security Tools Eric Davisson , Ruben Alejandro It is impossibly overwhelming for security personnel to manually analyze all of the data that ...
Elevator Hacking - From the Pit to the Penthouse Deviant Ollam , Howard Payne Throughout the history of hacker culture, elevators have played a key role. From the mystique ...
Why Don’t You Just Tell Me Where The ROP Isn’t Suppose To Go David Dorsey Using a ROP chain to bypass operating system defenses is commonplace and detecting this technique ...
Steganography in Commonly Used HF Radio Protocols Paul Drapeau , Brent Dukes Imagine having the capability to covertly send messages to an individual or a larger audience, ...
Saving Cyberspace by Reinventing File Sharing Eijah Internet access is a basic human right, due to its unparalleled capacity to deliver content ...
Empowering Hackers to Create a Positive Impact Keren Elazari In March 2014 I spoke at the annual TED conference about why hackers are a ...
Just What The Doctor Ordered? Shawn Merdinger , Scott Erven You have already heard the stories of security researchers delivering lethal doses of insulin to ...
Logging ALL THE THINGS Without All The Cost With Open Source Big Data Tools </buzzwords> Zack Fasel Many struggle in their job with the decision of what events to log in battle ...
Check Your Fingerprints: Cloning the Strong Set Richard Klafter , Eric Swanson The web of trust has grown steadily over the last 20 years and yet the ...
Shellcodes for ARM: Your Pills Don't Work on Me, x86 Svetlana Gaivoronski , Ivan Petrov Despite that it is almost 2014, the problem of shellcode detection, discovered in 1999, is ...
Blowing up the Celly - Building Your Own SMS/MMS Fuzzer Brian Gorenc , Matt Molinyawe Every time you hand out your phone number you are giving adversaries access to an ...
Mass Scanning the Internet: Tips, Tricks, Results Robert Graham , Dan Tentler , Paul Mcmillan Scanning the net -- the entire net -- is now a thing. This talk will ...
Deconstructing the Circuit Board Sandwich: Effective Techniques for PCB Reverse Engineering Joe ( Kingpin ) Grand Printed Circuit Boards (PCBs), used within nearly every electronic product in the world, are physical ...
Saving the Internet (for the Future) Jason Healey Saving the Internet (for the Future): Last year, the Dark Tangent wrote in the DC ...
Burner Phone DDOS 2 dollars a day : 70 Calls a Minute Weston Hecker Phone DDOS research. Current proof of concept is dealing with Samsung SCH-U365 QUALCOMM prepaid Verizon ...
Hack All The Things: 20 Devices in 45 Minutes Amir ( zenofex ) Etemadieh , Cj Heres , Mike Baker , Hans Nielsen When we heard “Hack All The Things,” we took it as a challenge. So at ...
What the Watchers See: Eavesdropping on Municipal Mesh Cameras for Giggles (or Pure Evil) Dustin Hoffman , Thomas Kinsey Municipalities across the nation are deploying IP-based 802.11 wireless mesh networks for city-wide services, including ...
Stolen Data Markets: An Economic and Organizational Assessment Tom Holt , Olga Smirnova , Yi-ting Chua Since the TJX corporation revealed a massive data breach in 2007, incidents of mass data ...
Raspberry MoCA - A recipe for compromise Andrew Hunt Media over Coax Alliance (MoCA) is a protocol specification to enable assured high-bandwidth connections for ...
Girl… Fault-Interrupted. Maggie Jauregui GFCI's (Ground Fault Circuit Interrupts) are a practically unnoticeable part of our daily lives, except ...
Extreme Privilege Escalation On Windows 8/UEFI Systems Xeno Kovah , Corey Kallenberg It has come to light that state actors install implants in the BIOS. Let no ...
Secure Random By Default Dan Kaminsky As a general rule in security, we have learned that the best way to achieve ...
Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring. Ryan Lackey , The Grugq , Marc Rogers Sometimes, hiding the existence of a communication is as important as hiding the contents of ...
Panel: Ephemeral Communications: Why and How? Ryan Lackey , Jon Callas , Elissa Shevinsky Possibly more to come..... Ephemeral communications applications are increasingly popular ways, especially among younger users, ...
NinjaTV - Increasing Your Smart TV’s IQ Without Bricking It Felix Leder Smart TVs are growing in popularity. Set-top boxes like Apple TV, Roku, or WD TV ...
Dark Mail Stephen Watt , Ladar Levison Data privacy and anonymity have long been cornerstone interests of the computer security world, but ...
Oracle Data Redaction is Broken David Litchfield The Oracle data redaction service is a new feature introduced with Oracle 12c. It allows ...
Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What's Running on Your System Shane "k2" Macaulay Windows7 & Server 2008R2 and earlier kernels contain significant executable regions available for abuse. These ...
Catching Malware En Masse: DNS and IP Style Thibault Reuille , Dhia Mahjoub , Andree Toonk The Internet is constantly growing, providing a myriad of new services both legitimate and malicious. ...
Old Skewl Hacking: Porn Free! Major Malfunction Having cut his teeth (and scarred his mind) on hotel Infra-Red controlled TV systems, spent ...
RFIDler: SDR.RFID.FTW Zac Franken , Major Malfunction Software Defined Radio has been quietly revolutionising the world of RF. However, the same revolution ...
Attacking the Internet of Things using Time Paul Mcmillan Internet of Things devices are often slow and resource constrained. This makes them the perfect ...
Open Source Fairy Dust John Menerick Over the past 30 years, the Internet and open source software have worked in tandem. ...
A Survey of Remote Automotive Attack Surfaces Chris Valasek , Charlie Miller Automotive security concerns have gone from the fringe to the mainstream with security researchers showing ...
Learn how to control every room at a luxury hotel remotely: the dangers of insecure home automation deployment Jesus Molina Have you ever had the urge to create mayhem at a hotel? Force every hotel ...
Generating ROP payloads from numbers Alexandre Moneger Is it possible to generate a ROP payload whilst using as few gadgets from the ...
DEF CON Comedy Jam Part VII, Is This The One With The Whales? James Arlen , David Mortman , Rich Mogull , Chris Hoff , Rob Graham , Dave Maynor , Alex Rothman , Larry “@haxorthematrix” Pesce Weeeeeeeeee're baaaaaack. Bring out your FAIL. It's the most talked about panel at DEF CON! ...
Panel: Ask the EFF: The Year in Digital Civil Liberties Kurt Opsahl , Eva Galperin , Yan Zhu , Mark Jaycox , Nate Cardozo N/A
The NSA Playset: RF Retroreflectors Michael Ossmann Of all the technologies revealed in the NSA ANT catalog, perhaps the most exotic is ...
VoIP Wars: Attack of the Cisco Phones Fatih Ozavci Many hosted VoIP service providers are using Cisco hosted collaboration suite and Cisco VoIP solutions. ...
Panel — Surveillance on the Silver Screen- Fact or Fiction? Kevin Bankston , Nicole Ozer , Timothy Edgar Join ACLU and others for a fun-filled surveillance tour of the movies - from Brazil ...
Playing with Car Firmware or How to Brick your Car Paul Such , Florian Gaultier A lot of papers have already been done/produced on hacking cars through ODB2/CanBus. Looking at ...
Measuring the IQ of your Threat Intelligence feeds Kyle Maxwell , Alex Pinto Threat Intelligence feeds are now being touted as the saving grace for SIEM and log ...
Secure Because Math: A Deep Dive On Machine Learning-Based Monitoring Alex Pinto We could all have predicted this with our magical Big Data analytics platforms, but it ...
Abusing Software Defined Networks Gregory Pickett Software Defined Networking (SDN) transfers all forwarding decisions to a single controller and provides the ...
NSA Playset : GSM Sniffing Pierce , Loki A5/1, as implemented in GSM, was broken wide open in 2003, yet GSM is still ... IncludeThinkstScapes
Cyberhijacking Airplanes: Truth or Fiction? Phil Polstra , Captain Polly There have been several people making bold claims about the ability to remotely hack into ...
Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance Phil Polstra Is someone spying on you? This talk will present several low-tech ways that you can ...
Detecting and Defending Against a Surveillance State Robert Rowley This talk is based on semi-recent reported leaks that detail how state-actors could be engaging ...
Acquire current user hashes without admin privileges Anton Sapozhnikov If an attacker has only user level access to an infected machine inside corporate internal ...
You're Leaking Trade Secrets Michael Schrenk Networks don't need to be hacked for information to be compromised. This is particularly true ...
Veil-Pillage: Post-exploitation 2.0 Will Schroeder The Veil-Framework is a project that aims to bridge the gap between pentesting and red ...
From Raxacoricofallapatorius With Love: Case Studies In Insider Threat Tess Schrodinger Espionage, honey pots, encryption, and lies. Clandestine meetings in hotels. The naïve girl seduced by ...
Don't DDoS Me Bro: Practical DDoS Defense Blake Self , Shawn Burrell Layer 7 DDoS attacks have been on the rise since at least 2010, especially attacks ...
Hacking the FBI: How & Why to Liberate Government Records Ryan Noah Shapiro After narrowly avoiding a lengthy activism-related prison sentence, I began PhD work at MIT in ...
Advanced Red Teaming: All Your Badges Are Belong To Us Eric Smith , Josh Perrymon By definition ”Red Teaming” or Red Team testing originated from the military whereby describing a ...
The Internet of Fails: Where IoT Has Gone Wrong and How We're Making It Right Zach Lanier , Mark Stanislav This presentation will dive into research, outcomes, and recommendations regarding information security for the "Internet ...
"Around the world in 80 cons” - A Perspective Jayson E. After spending 15 years in the hacker / InfoSec community, I thought it was time ...
I Hunt TR-069 Admins: Pwning ISPs Like a Boss Shahar Tal Residential gateway (/SOHO router) exploitation is a rising trend in the security landscape - ever ...
The Only Way to Tell the Truth is in Fiction: The Dynamics of Life in the National Security State Richard Thieme Over a decade ago, a friend at the National Security Agency told Richard Thieme that ...
A Journey to Protect Points-of-sale Nir Valtman Many point-of-sale breaches occurred in the past year and many organizations are still vulnerable against ...
Impostor — Polluting Tor Metadata Charlie Vedaa , Mike Larsen Just using Tor can bring the cops to your door. While the security community was ...
Domain Name Problems and Solutions Paul A. Vixie Spammers can't use dotted quads or any other literal IP address, since SpamAssassin won't let ...
Optical Surgery; Implanting a DropCam Patrick Wardle , Colby Moore Video Monitoring solutions such as DropCam aim to provide remote monitoring, protection and security. But ...
Manna from Heaven: Improving the state of wireless rogue AP attacks Ian De Villiers , Dominic White The current state of theoretical attacks against wireless networks should allow this wireless world to ...
The Open Crypto Audit Project Matthew Green , Kenneth White Join us for the story of the origins and history of the Open Crypto Audit ...
Practical Aerial Hacking & Surveillance Glenn Wilkinson The coupling of unmanned aerial vehicles (UAVs) with hacking & surveillance devices presents a novel ...
From root to SPECIAL: Pwning IBM Mainframes Philip Young 1.1 million transactions are run through mainframes every second worldwide. From your flight to your ...
PoS Attacking the Traveling Salesman Alex Zacharis , Tsagkarakis Nikolaos Our work presents a re-vamped Point-of-Sales (POS) attack targeting the transportation sector and focusing mainly ...
How To Get Phone Companies To Just Say No To Wiretapping Phil Zimmermann Phil is going to talk about his latest projects, which are helping several mobile carriers ...