Defcon 2017 July 27, 2017 to July 30, 2017, las vegas,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Untrustworthy Hardware and How to Fix It 0ctane Modern computing platforms offer more freedom than ever before. The rise of Free and Open ...
Evading next-gen AV using artificial intelligence Hyrum Anderson Much of next-gen AV relies on machine learning to generalize to never-before-seen malware. Less well ...
Dealing the perfect hand - Shuffling memory blocks on z/OS Ayoul3 Follow me on a journey where we p0wn one of the most secure platforms on ...
BITSInject Dor Azouri Windows' BITS service is a middleman for your download jobs. You start a BITS job, ...
Unboxing Android: Everything you wanted to know about Android packers Avi Bashan , Slava Makkaveev To understand the Android ecosystem today, one must understand Android packers. Whether used for protecting ...
Microservices and FaaS for Offensive Security Ryan Baxendale There are more cloud service providers offering serverless or Function-as-a-service platforms for quickly deploying and ...
Jailbreaking Apple Watch Max Bazaliy On April 24, 2015, Apple launched themselves into the wearables category with the introduction of ...
Starting the Avalanche: Application DoS In Microservice Architectures Scott Behrens , Jeremy Heffner We'd like to introduce you to one of the most devastating ways to cause service ...
The call is coming from inside the house! Are you ready for the next evolution in DDoS attacks? Jason Jones , Steinthor Bjarnason The second half of 2016 saw the rise of a new generation of IoT botnets ...
Abusing Certificate Transparency Logs Hanno Böck The Certificate Transparency system provides public logs of TLS certificates. While Certificate Transparency is primarily ...
Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science Lee Holmes , Daniel Bohannon Attackers, administrators and many legitimate products rely on PowerShell for their core functionality. However, its ...
Game of Drones: Putting the Emerging "Drone Defense" Market to the Test Francis Brown , David Latimer When you learned that military and law enforcement agencies had trained screaming eagles to pluck ...
How we created the first SHA-1 collision and what it means for hash security Elie Bursztein In February 2017, we announced the first SHA-1 collision. This collision combined with a clever ...
XenoScan: Scanning Memory Like a Boss Nick Cano XenoScan is the next generation in tooling for hardcore game hackers. Building on the solid ...
Weaponizing the BBC Micro:Bit Damien Cauquil In 2015, BBC sponsored Micro:Bit was launched and offered to one million students in the ...
Ghost in the Droid: Possessing Android Applications with ParaSpectre Chaosdata Modern Android applications are large and complex, and can be a pain to analyze even ...
Inside the "Meet Desai" Attack: Defending Distributed Targets from Distributed Attacks Trey Forgety In October of 2016, a teenage hacker triggered DTDoS attacks against 9-1-1 centers across the ...
WSUSpendu: How to hang WSUS clients Romain Coltel , Yves Le Provost You are performing a pentest. You just owned the first domain controller. That was easy. ...
D0 No H4RM: A Healthcare Security Conversation Joshua Corman , Jay Radcliffe , Christian quaddi Dameff , Jeff r3plicant Tully , Beau Woods , Suzanne Schwartz , Michael C. Mcneil Previously a free-flowing, fast moving conversation between old friends and new colleagues in a dimly ...
Breaking Bitcoin Hardware Wallets Josh Datko , Chris Quartier The security of your bitcoins rests entirely in the security of your private key. Bitcoin ...
DEF CON 101 Panel Highwiz , Roamer , Wiseacre , Malware , Niki7a , Shaggy The DEF CON panel is the place to go to learn about the many facets ...
Panel: DEF CON Groups Jeff ( Dark Tangent ) Moss , Major Malfunction , Grifter , Jun Li , Jayson E. , Brent White , Waz , S0ups Do you love DEF CON? Do you hate having to wait for it all year? ...
From Box to Backdoor: Using Old School Tools and Techniques to Discover Backdoors in Modern Devices Patrick Desantis Stringing together the exploitation of several seemingly uninteresting vulnerabilities can be a fun challenge for ...
Koadic C3 - Windows COM Command & Control Framework Sean Dillon , Zach Harding Koadic C3, or COM Command & Control, is a Windows post-exploitation tool similar to other ...
Next-Generation Tor Onion Services Roger Dingledine Millions of people around the world use Tor every day to protect themselves from surveillance ...
$BIGNUM steps forward, $TRUMPNUM steps back: how can we tell if we're winning? Cory Doctorow Is Net Neutrality on the up or down? Is DRM rising or falling? Is crypto ...
Breaking the x86 Instruction Set Christopher Domas A processor is not a trusted black box for running code; on the contrary, modern ...
Welcome to DEF CON 25 The Dark Tangent The Dark Tangent welcomes everyone to DEF CON 25, our silver anniversary!
Dark Data Andreas Dewes , Svea Eckert A judge with preferences for hard core porn, a police officer investigating a cyber-crime, a ...
Panel - An Evening with the EFF Kurt Opsahl , Eva Galperin , Nate Cardozo , Shabid Buttar , Kit Walsh Relax and enjoy in an evening lounge while you get the latest information about how ...
Attacking Autonomic Networks Omar Eissa Autonomic systems are smart systems which do not need any human management or intervention. Cisco ...
Demystifying Windows Kernel Exploitation by Abusing GDI Objects. 5a1f Windows kernel exploitation is a difficult field to get into. Learning the field well enough ...
Panel: Meet The Feds Andrea m. Matwyshyn , Suzanne Schwartz , Terrell Mcsweeny , Leonard Bailey , Lisa Wiswell Fellow, Center for Strategic and International Studies Making legal and policy progress on security is ...
Panel - Meet the Feds (who care about security research) Allan Friedman , Leonard Bailey , Nick Leiserson , Amélie E , Kimber Dowsett Security research is no longer a foreign concept in Washington, DC. A growing number of ...
Secure Tokin' and Doobiekeys: How to roll your own counterfeit hardware security devices Joe Fitzpatrick , Michael Leibowitz Let's face it, software security is still in pretty bad shape. We could tell ourselves ...
Secret Tools: Learning about Government Surveillance Software You Can't Ever See Peyton Engel Imagine that you're accused of a crime, and the basis of the accusation is a ...
Backdooring the Lottery and Other Security Tales in Gaming over the Past 25 Years Gus Fritschie , Evan Teitelman In this talk Gus and Evan will discuss the recent Hot Lotto fraud scandal and ...
MEATPISTOL, A Modular Malware Implant Framework Josh ‘fuzzynop’ Schwartz , John Cramb Attention Red Teamers, Penetration Testers, and Offensive Security Operators, isn't the overhead of fighting attribution, ...
Call the plumber - you have a leak in your (named) pipe Gil Cohen The typical security professional is largely unfamiliar with the Windows named pipes interface, or considers ...
I Know What You Are by the Smell of Your Wifi Denton Gentry Existing fingerprinting mechanisms to identify client devices on a network tend to be coarse in ...
Introducing HUNT: Data Driven Web Hacking & Manual Testing Jason Haddix What if you could super-charge your web hacking? Not through pure automation (since it can ...
Opt Out or Deauth Trying !- Anti-Tracking Bots Radios and Keystroke Injection Weston Hecker It's hard not to use a service now days that doesn't track your every move ...
Tracking Spies in the Skies Jason Hernandez , Sam Richards , Jerod Macdonald-evoy Law enforcement agencies have used aircraft for decades to conduct surveillance, but modern radio, camera, ...
Get-$pwnd: Attacking Battle-Hardened Windows Server Lee Holmes Windows Server has introduced major advances in remote management hardening in recent years through PowerShell ...
Bypassing Android Password Manager Apps Without Root Stephan Huber Fraunhofer , Siegfried Rasthofer Fraunhofer Security experts recommend using different, complex passwords for individual services, but everybody knows the issue ...
Amateur Digital Archeology Matt Joyce Hacker Digital Archeology' is actually the name of a Digital Forensics text book. But what if ...
(Un)Fucking Forensics: Active/Passive (i.e. Offensive/Defensive) memory hacking/debugging. K2 How to forensic, how to fuck forensics and how to un-fuck cyber forensics. Defense: WTF ...
Hacking Democracy Sean Kanuck Are you curious about the impact of fake news and influence operations on elections? Are ...
Hacking Democracy: A Socratic Dialogue Sean Kanuck In the wake of recent presidential elections in the US and France, "hacking" has taken ...
Hacking Smart Contracts Konstantinos Karagiannis It can be argued that the DAO hack of June 2016 was the moment smart ...
The Brain's Last Stand Garry Kasparov Former world chess champion Garry Kasparov has a unique place in history as the proverbial ...
Horror stories of a translator and how a tweet can start a war with less than 140 characters El Kentaro Translators are invisible, when they are present it is assumed that they know the language ...
Radio Exploitation 101: Characterizing, Contextualizing, and Applying Wireless Attack Methods Marc Newlin , Matt Knight What do the Dallas tornado siren attack, hacked electric skateboards, and insecure smart door locks ...
Persisting with Microsoft Office: Abusing Extensibility Options William Knowles One software product that red teamers will almost certainly find on any compromised workstation is ...
Cisco Catalyst Exploitation Artem Kondratenko On March 17th, Cisco Systems Inc. made a public announcement that over 300 of the ...
The Adventures of AV and the Leaky Sandbox Itzik Kotler , Amit Klein Everyone loves cloud-AV. Why not harness the wisdom of clouds to protect the enterprise? Consider ...
DC to DEF CON: Q&A with Congressmen James Langevin and Will Hurd James Langevin , Will Hurd Ever wondered if there was such thing as a “hacker-friendly” member of Congress? We found ...
The spear to break the security wall of S7CommPlus Cheng Ics , Zhang Yunhai In the past few years, attacks against industrial control systems (ICS) have increased year over ...
Uncovering useful and embarrassing info with Maltego Andrew Macpherson The talk has two sections - useful and embarrassing. In the 'useful' section of this ...
Controlling IoT devices with crafted radio signals Caleb Madrigal In this talk, we'll be exploring how wireless communication works. We'll capture digital data live ...
Real-time RFID Cloning in the Field Dennis Maldonado Ever been on a job that required you to clone live RFID credentials? There are ...
Twenty Years of MMORPG Hacking: Better Graphics, Same Exploits Manfred In theme with this year's DEF CON this presentation goes through a 20 year history ...
Malicious CDNs: Identifying Zbot Domains en Masse via SSL Certificates and Bipartite Graphs Dhia Mahjoub , Thomas Mathew Prior research detailing the relationship between malware, bulletproof hosting, and SSL gave researchers methods to ...
Trojan-tolerant Hardware & Supply Chain Security in Practice Dan Cvrcek , Vasilios Mavroudis The current consensus within the security industry is that high-assurance systems cannot tolerate the presence ...
Where are the SDN Security Talks? Jon Medina Software Defined Networking is no longer a fledgling technology. Google, Amazon, Facebook, and Verizon all ...
Exploiting 0ld Mag-stripe information with New technology Salvador Mendoza A massive attack against old magnetic stripe information could be executed with precision implementing new ...
"Tick, Tick, Tick. Boom! You're Dead." — Tech & the FTC Whitney Merrill , Terrell Mcsweeny The Federal Trade Commission is a law enforcement agency tasked with protecting consumers from unfair ...
Friday the 13th: JSON attacks! Alvaro Muñoz , Oleksandr Mirosh 2016 was the year of Java deserialization apocalypse. Although Java Deserialization attacks were known for ...
CableTap: Wirelessly Tapping Your Home Network Chris Grayson , Marc Newlin , Logan Lamb We discovered a wide array of critical vulnerabilities in ISP-provided, RDK-based wireless gateways and set-top ...
DNS - Devious Name Services - Destroying Privacy & Anonymity Without Your Consent Jim Nitterauer You've planned this engagement for weeks. Everything's mapped out. You have tested all your proxy ...
Linux-Stack Based V2X Framework: All You Need to Hack Connected Vehicles Duncan Woodbury , Nicholas Haltmeyer Vehicle-to-vehicle (V2V) and, more generally, vehicle-to-everything (V2X) wireless communications enable semi-autonomous driving via the exchange ...
Weaponizing Machine Learning: Humanity Was Overrated Anyway Dan "altf4" Petro , Ben Morris At risk of appearing like mad scientists, reveling in our latest unholy creation, we proudly ...
Teaching Old Shellcode New Tricks Josh Pitts Metasploit x86 shellcode has been defeated by EMET and other techniques not only in exploit ...
Popping a Smart Gun Plore Smart guns are sold with a promise: they can be fired only by authorized parties. ...
Digital Vengeance: Exploiting the Most Notorious C&C Toolkits Professor Plum Every year thousands of organizations are compromised by targeted attacks. In many cases the attacks ...
The Internet Already Knows I'm Pregnant Cooper Quintin , Kashmir Hill Women's health is big business. There are a staggering number of applications for Android to ...
From "One Country - One Floppy" to "Startup Nation" - the story of the early days of the Israeli hacking community, and the journey towards today's vibrant startup scene Inbar Raz , Eden Shochat The late 80's and early 90's played a pivotal role in the forming of the ...
PEIMA (Probability Engine to Identify Malicious Activity): Using Power Laws to address Denial of Service Attacks Redezem Denial of service. It requires a low level of resources and knowledge, it is very ...
An ACE Up the Sleeve: Designing Active Directory DACL Backdoors Will Schroeder , Andy Robbins Active Directory (AD) object discretionary access control lists (DACLs) are an untapped offensive landscape, often ...
Using GPS Spoofing to control time David Robinson GPS is central to a lot of the systems we deal with on a day-to-day ...
Wiping out CSRF Joe Rozner CSRF remains an elusive problem due to legacy code, legacy frameworks, and developers not understanding ...
The Black Art of Wireless Post Exploitation Gabriel Ryan Most forms of WPA2-EAP have been broken for nearly a decade. EAP-TTLS and EAP-PEAP have ...
Taking Windows 10 Kernel Exploitation to the next level - Leveraging write-what-where vulnerabilities in Creators Update Morten Schenk Since the release of Windows 10 and especially in the Anniversary and Creators Updates, Microsoft ...
Social Engineering The News Michael Schrenk It might be called "fake news" but at it's heart, it's the latest wave of ...
Total Recall: Implanting Passwords in Cognitive Memory Tess Schrodinger What is cognitive memory? How can you "implant" a password into it? Is this truly ...
Open Source Safe Cracking Robots - Combinations Under 1 Hour! (Is it bait? Damn straight it is.) Nathan Seidle We've built a $200 open source robot that cracks combination safes using a mixture of ...
Man in the NFC Haoqi Shan , Jian Yuan NFC (Near Field Communication) technology is widely used in security, bank, payment and personal information ...
Driving down the rabbit hole Mickey Shkatov , Oleksandr Bazhaniuk , Jesse Michael Over the past few years, cars and automotive systems have gained increasing attention as cyber-attack ...
Here to stay: Gaining persistency by abusing advanced authentication mechanisms Marina Simakov , Igal Gofman Credentials have always served as a favorite target for advanced attackers, since these allow to ...
Abusing Webhooks for Command and Control Dimitry Snezhkov You are on the inside of the perimeter. And maybe you want to exfiltrate data, ...
Phone system testing and other fun tricks "snide" Owen Phone systems have been long forgotten in favor of more modern technology. The phreakers of ...
Hacking travel routers like it's 1999 Mikhail Sosonkin Digital nomads are a growing community and they need internet safety just like anyone else. ...
Genetic Diseases to Guide Digital Hacks of the Human Genome: How the Cancer Moonshot Program will Enable Almost Anyone to Crash the Operating System that Runs You or to End Civilization... John Sotos The human genome is, fundamentally, a complex open-source digital operating system (and set of application ...
Exploiting Continuous Integration (CI) and Automated Build systems Spaceb0x Continuous Integration (CI) systems and similar architecture has taken new direction, especially in the last ...
Breaking Wind: Adventures in Hacking Wind Farm Control Networks Jason Staggs Wind farms are becoming a leading source for renewable energy. The increased reliance on wind ...
Hacking the Cloud Sean Metcalf , Gerald Steere You know the ins and outs of pivoting through your target's domains. You've had the ...
Rage Against the Weaponized AI Propaganda Machine Chris Sumner Psychographic targeting and the so called "Weaponized AI Propaganda Machine" have been blamed for swaying ...
Porosity: A Decompiler For Blockchain-Based Smart Contracts Bytecode Matt Suiche Ethereum is gaining a significant popularity in the blockchain community, mainly due to fact that ...
Game of Chromes: Owning the Web with Zombie Chrome Extensions Tomer Cohen On April 16 2016, an army of bots stormed upon Wix servers, creating new accounts ...
When Privacy Goes Poof! Why It's Gone and Never Coming Back Richard Thieme "Get over it!" as Scott McNeeley said - unhelpfully. Only if we understand why it ...
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) Chris Thompson Windows Defender Advanced Threat Protection will soon be available for all Blue Teams to utilize ...
DOOMed Point of Sale Systems Trixr4skids In response to public security breaches many retailers have begun efforts to minimize or completely ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! Orange Tsai We propose a new exploit technique that brings a whole-new attack surface to bypass SSRF ...
A Picture is Worth a Thousand Words, Literally: Deep Neural Networks for Social Stego Michael T. Raggo , Philip Tully Images, videos and other digital media provide a convenient and expressive way to communicate through ...
Are all BSDs are created equally? A survey of BSD kernel vulnerabilities. Ilja van Sprundel In this presentation I start off asking the question "How come there are only a ...
The Last CTF Talk You'll Ever Need: AMA with 20 years of DEF CON Capture-the-Flag organizers Chris Eagle , Caezar , Vulc@n Difensiva , Hawaii John , Invisigoth , Myles Today there is practically a year-round CTF circuit, on which teams hone their skills, win ...
Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server Patrick Wardle Creating a custom command and control (C&C) server for someone else's malware has a myriad ...
Death By 1000 Installers; on macOS, it's all broken! Patrick Wardle Ever get an uneasy feeling when an installer asks for your password? Well, your gut ...
If You Give a Mouse a Microchip... It will execute a payload and cheat at your high-stakes video game tournament Mark Williams , Rob Stanley The International, a recent esports tournament, had a 20 million dollar prize pool with over ...
See no evil, hear no evil: Hacking invisibly and silently with light and sound Matt Wixey Traditional techniques for C2 channels, exfiltration, surveillance, and exploitation are often frustrated by the growing ...
Assembly Language is Too High Level Xlogicx Machine Do you have a collection of vulnerable programs that you have not yet been able ...
There's no place like 127.0.0.1 - Achieving reliable DNS rebinding in modern browsers Luke Young Most people lock their doors at night, however if you walk into someone's home you ...
25 Years of Program Analysis Yan Shoshitaishvili Last year, DARPA hosted the Cyber Grand Challenge, the culmination of humanity's research into autonomous ...
CITL and the Digital Standard - A Year Later Sarah Zatko A year ago, Mudge and I introduced the non-profit Cyber ITL at DEF CON and ...
All Your Things Are Belong To Us Zenofex , 0x00string , Cj_000 , Maximus64 Get out your rollerblades, plug in your camo keyboard, and fire up your BLT drive. ...
macOS/iOS Kernel Debugging and Heap Feng Shui Xiangyu Liu , Spark Zheng Kernel bug is always very difficult to reproduce and may lead to the entire system ...