DefCon26LasVegas 2018 Aug. 9, 2018 to Aug. 12, 2018, Las Vegas, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
ThinSIM-based Attacks on Mobile Money Systems Rowan Phipps Phone-based mobile money is becoming the dominant paradigm for financial services in the developing world ...
Pwning "the toughest target": the exploit chain of winning the largest bug bounty in the history of ASR program Guang Gong , Wenlin Team , Jianjun Dai In recent years, Google has made many great efforts in exploit mitigation and attack surface ...
Ring 0/-2 Rootkits: bypassing defenses Alexandre Borges Advanced malware such as TDL4, Rovnix, Gapz, Omasco, Mebromi and others have exposed in recent ...
A Journey Into Hexagon: Dissecting a Qualcomm Baseband Seamus Burke Hacker Mobile phones are quite complicated and feature multiple embedded processors handling wifi, cellular connectivity, bluetooth, ...
WAGGING THE TAIL—COVERT PASSIVE SURVEILLANCE AND HOW TO MAKE THEIR LIFE DIFFICULT Agent X , Si In this modern digital age of technically competent adversaries we forget that there may still ...
Building the Hacker Tracker Seth Law , Whitney Champion In 2012, back when DEF CON still fit in the Riviera (RIP), I recognized a ...
DEF CON 101 Panel Jericho , Roamer , Wiseacre , Shaggy , Highwiz Founder , Nikita , Chris "suggy" Sumner Ten years ago, DEF CON 101 was founded by HighWiz as a way to introduce ...
Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework Joe Rozner Fuzzers have played an important role in the discovery of reliability and security flaws in ...
De-anonymizing Programmers from Source Code and Binaries Rachel Greenstadt , Dr. Aylin Caliskan Many hackers like to contribute code, binaries, and exploits under pseudonyms, but how anonymous are ...
Securing our Nation's Election Infrastructure Jeanette Manfra Fair elections are at the core of every democracy and are of paramount importance to ...
Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems M010ch_ Hacker Knox Boxes, along with other rapid entry systems are increasing in popularity, as they allow ...
NSA Talks Cybersecurity Rob Joyce The National Security Agency (NSA) has authorities for both foreign intelligence and cyber security. This ...
Lora Smart Water Meter Security Analysis Jun Li , Lin Huang , Yingtao Zeng To avoid the tedious task of collecting water usage data by go user's home _ ...
Vulnerable Out of the Box: An Evaluation of Android Carrier Devices Angelos Stavrou , Ryan Johnson Pre-installed apps and firmware pose a risk due to vulnerabilities that can be pre-positioned on ...
Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out! Orange Tsai We propose a new exploit technique that brings a whole-new attack surface to defeat path ...
Who Controls the Controllers—Hacking Crestron IoT Automation Systems Ricky "headlesszeke" Lawshae While you may not always be aware of them or even have heard of them, ...
Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear Zenofex The Teddy Ruxpin is an iconic toy from the 1980's featuring an animatronic teddy bear ...
Compromising online accounts by cracking voicemail systems Martin Vigo Voicemail systems have been with us since the 80s. They played a big role in ...
Finding Xori: Malware Analysis Triage with Automated Disassembly Rich Seymour , Amanda Rousseau In a world of high volume malware and limited researchers we need a dramatic improvement ...
One-Click to OWA William j. Martin With the presense of 2FA/MFA solutions growing, the attack surface for external attackers that have ...
You can run, but you can't hide. Reverse engineering using X-Ray. George Tarnovsky Most of us have knowledge of PCB construction. In the past reversing someone's design was ...
Dragnet—Your Social Engineering Sidekick Truman Kain First, Dragnet collects dozens of OSINT data points on past and present social engineering targets. ...
Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller Peng Liu , Feng Xiao , Jianwei Huang Software-Defined Networking (SDN) is now widely deployed in production environments with an ever-growing community. Though ...
Fasten your seatbelts: We are escaping iOS 11 sandbox! Xiaolong Bai , Min (spark) Zheng Apple's sandbox was introduced as "SeatBelt" in macOS 10.5 which provided the first full-fledged implementation ...
GOD MODE UNLOCKED: Hardware Backdoors in [redacted] x86 CPUs Christopher Domas Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems ...
4G—Who is paying your cellular phone bill? Dr. Silke Holtmanns , Isha Singh Cellular networks are connected with each other through a worldwide private, but not unaccessible network, ...
Revolting Radios Michael Ossmann , Dominic Spill There are many Software Defined Radios (SDRs) available, with a great deal of time and ...
Weaponizing Unicode: Homographs Beyond IDNs The Tarquin Most people are familiar with homograph attacks due to phishing or other attack campaigns using ...
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010 Gabriel Ryan Existing techniques for bypassing wired port security are limited to attacking 802.1x-2004, which does not ...
Privacy infrastructure, challenges and opportunities Yawnbox We started our own transit Internet Service Provider (ISP) to safely route anonymized packets across ...
Automated Discovery of Deserialization Gadget Chains Ian Haken Although vulnerabilities stemming from the deserialization of untrusted data have been understood for many years, ...
Your Peripheral Has Planted Malware—An Exploit of NXP SOCs Vulnerability Yuwei Zheng , Yunding Jian , Shaokun Cao , Mingchuang Qun There are billions of ARM Cortex M based SOC being deployed in embedded systems. Most ...
Practical & Improved Wifi MitM with Mana Singe In 2014, we released the mana rogue AP toolkit at DEF CON 22. This fixed ...
Your Voice is My Passport Azeem Aqil , _delta_zero Financial institutions, home automation products, and offices near universal cryptographic decoders have increasingly used voice ...
Your Bank's Digital Side Door Steven Danneman Why does my bank's website require my MFA token but Quicken sync does not? How ...
I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine Alex Levinson , Dan Borges Typically, the activities of a malware attack occur on an execution timeline that generally consists ...
The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask) Weld Pond , Space Rogue , John Tan , Dildog , Mudge , L0pht , Elinor Mills , Joe Grand (kingpin) , Silicosis 2018 is the 20th anniversary of the hacker think-tank L0pht Heavy Industries testimony before the ...
You may have paid more than you imagine—Replay Attacks on Ethereum Smart Contracts Yuwei Zheng , Zhenxuan Bai , Senhua Wang Kunzhe Chai Leader of PegasusTeam at 360 Radio Security Research Department, 360 TechnologyIn this paper, ...
Hacking PLCs and Causing Havoc on Critical Infrastructures Thiago Alves Programmable Logic Controllers (PLCs) are devices used on a variety of industrial plants, from small ...
Compression Oracle Attacks on VPN Networks Nafeez Security researchers have done a good amount of practical attacks in the past using chosen ...
Jailbreaking the 3DS through 7 years of hardening Smea The 3DS was one of Nintendo's first serious attempts at security, featuring a cool microkernel ...
Building Absurd Christmas Light Shows Rob Joyce Learn about the elements that go into a computerized light display and how you outfit ...
Tineola: Taking a Bite Out of Enterprise Blockchain Stark Riedesel , Parsia Hakimian Blockchain adaptation has reached a fever pitch, andthe community is late to the game of ...
You'd better secure your BLE devices or we'll kick your butts ! Damien "virtualabs" Cauquil Sniffing and attacking Bluetooth Low Energy devices has always been a real pain. Proprietary tools ...
Ridealong Adventures—Critical Issues with Police Body Cameras Josh Mitchell The police body camera market has been growing in popularity over the last few years. ...
One Step Ahead of Cheaters -- Instrumenting Android Emulators Nevermoe Commercial Android emulators such as NOX, BlueStacks and Leidian are very popular at the moment ...
In Soviet Russia Smartcard Hacks You Eric Sesterhenn The classic spy movie hacking sequence: The spy inserts a magic smartcard provided by the ...
Reaping and breaking keys at scale: when crypto meets big data Yolan Romailler , Nils Amiet Public keys are everywhere, after all, they are public. These keys are waiting to be ...
Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era Andrea Marcelli Given the high pace at which new malware variants are generated, antivirus programs struggle to ...
House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries Sanat Sharma Regarding ptmalloc2, many heap exploitation techniques have been invented in the recent years, well documented ...
The ring 0 façade: awakening the processor's inner demons Christopher Domas Your computer is not yours. You may have shelled out thousands of dollars for it. ...
Detecting Blue Team Research Through Targeted Ads 0x200b Hacker When my implant gets discovered how will I know? Did the implant stop responding for ...
Infecting The Embedded Supply Chain Alex , Zach With a surge in the production of internet of things (IoT) devices, embedded development tools ...
Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices Dennis Giese While most IoT accessory manufacturers have a narrow area of focus, Xiaomi, an Asian based ...
SMBetray—Backdooring and breaking signatures William j. Martin When it comes to taking advantage of SMB connections, most tools available to penetration testers ...
Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones Eduardo Izycki , Rodrigo Colli In his notorious book Leviathan, the XVII century English philosopher Thomas Hobbes stated that: we ...
Playing Malware Injection with Exploit thoughts Sheng-hao Ma In the past, when hackers did malicious program code injection, they used to adopt RunPE, ...
Sex Work After SESTA/FOSTA Maggie Mayhem Surveillance had been a fact of life for sex workers wherever they have faced prohibition. ...
Fire & Ice: Making and Breaking macOS Firewalls Patrick Wardle In the ever raging battle between malicious code and anti-malware tools, firewalls play an essential ...
Project Interceptor: avoiding counter-drone systems with nanodrones David Melendez Cano Antidrone system industries have arised. Due to several, and even classic, vulnerabilities in communication systems ...
All your math are belong to us Sghctoma First of all, it's math. Not meth. So everybody be cool, I'm not gonna touch ...
Reverse Engineering Windows Defender's Emulator Alexei Bulazel Windows Defender Antivirus's mpengine.dll implements the core of Defender's functionality in an enormous ~11 MB, ...
Booby Trapping Boxes Ladar Levison , Hon1nbo Ever worry about the hardware you leave behind? In a world where servers are co-located, ...
Outsmarting the Smart City Daniel "unicornfurnace" Crowley , Mauro Paredes , Jen "savagejen" Savage The term"smart city" evokes imagery of flying cars, shop windows that double as informational touchscreens, ...
All your family secrets belong to us—Worrisome security issues in tracker apps Stephan Huber , Dr. Siegfried Rasthofer , Dr. Steven Arzt Google Play Store provides thousands of applications for monitoring your children/family members. Since these apps ...
Inside the Fake Science Factory Dr Eckert) , Dr Suggy) , Professor Krause) Fake News has got a sidekick and it's called Fake Science. This talk presents the ...
The Road to Resilience: How Real Hacking Redeems this Damnable Profession Richard Thieme Two years ago Richard Thieme spoke on “Playing Through the Pain: The Impact of Dark ...
Relocation Bonus: Attacking the Windows Loader Makes Analysts Switch Careers Nick Cano The arbiters of defense wield many static analysis tools; disassemblers, PE viewers, and anti-viruses are ...
The Mouse is Mightier than the Sword Patrick Wardle In today's digital world the mouse, not the pen is arguably mightier than the sword. ...
Defending the 2018 Midterm Elections from Foreign Adversaries Joshua M Franklin , Kevin Franklin Election Buster is an open source tool created in 2014 to identify malicious domains masquerading ...
For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems Leigh-anne Galloway , Tim Yunusov These days it's hard to find a business that doesn't accept faster payments. Mobile Point ...
Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more. Josep Pi Rodriguez Extreme network's embedded WingOS (Originally created by Motorola) is an operating system used in several ...
Politics and the Surveillance State. The story of a young politician's successful efforts to fight surveillance and pass the nation's strongest privacy bills. Daniel Zolnikov Orwell's concept of 1984 has more to do with government misuse of technology than technology ...
Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits Zerosum0x0 MS17-010 is the most important patch in the history of operating systems, fixing remote code ...
Breaking Smart Speakers: We are Listening to You. Wu Huiyu , Qian Wenxiang In the past two years, smart speakers have become the most popular IoT device, Amazon_ ...
Last mile authentication problem: Exploiting the missing link in end-to-end secure communication Thanh Bui , Siddharth Rao With "Trust none over the Internet" mindset, securing all communication between a client and a ...
Attacking the macOS Kernel Graphics Driver Yu Wang Just like the Windows platform, graphic drivers of macOS kernel are complicated and provide a ...
Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities Ryan Speers , Matt Knight In this session, we introduce an open source hardware and software framework for fuzzing arbitrary ...
Trouble in the tubes: How internet routing security breaks down and how you can do it at home Lane Broadbent We all protect our home networks, but how safe is your data once it leaves ...
Man-In-The-Disk Slava Makkaveev Most of modern OS are using sandboxing in order to prevent malicious apps from affecting ...
Micro-Renovator: Bringing Processor Firmware up to Code Matt King The mitigations for Spectre highlighted a weak link in the patching process for many users: ...
barcOwned—Popping shells with your cereal box Michael West , Magicspacekiwi (colin Campbell) Barcodes and barcode scanners are ubiquitous in many industries and work with untrusted data on ...
Asura: A huge PCAP file analyzer for anomaly packets detection using massive multithreading Ruo Ando Recently, the inspection of huge traffic log is imposing a great burden on security analysts. ...
Lost and Found Certificates: dealing with residual certificates for pre-owned domains Dylan Ayrey , Ian Foster When purchasing a new domain name you would expect that you are the only one ...
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking Ldionmarcil When caching servers and load balancers became an integral part of the Internet's infrastructure, vendors ...
Betrayed by the keyboard: How what you type can give you away Matt Wixey Attribution is hard. Typically, the most useful identifiers—IP addresses, email address, domains, and so on—are ...
Your Watch Can Watch You! Gear Up for the Broken Privilege Pitfalls in the Samsung Gear Smartwatch Dongsung Kim , Hyoung-kee Choi You buy a brand-new smartwatch. You receive emails and send messages, right on your wrist. ...
Hacking BLE Bicycle Locks for Fun and a Small Profit Vincent Tan Hack a lock and get free rides! (No free beer yet though...). This talk will ...
One bite and all your dreams will come true: Analyzing and Attacking Apple Kernel Drivers Min (spark) Zheng , Xiaolong Bai Though many security mechanisms are deployed in Apple's macOS and iOS systems, some old-fashioned or ...
PANEL: DEF CON GROUPS Jayson E. Street , Jeff ( Dark Tangent ) Moss , Tim Roberts , Brent White , S0ups , Casey Wright Do you love DEF CON? Do you hate having to wait for it all year? ...
What the Fax!? Yaniv Balmas , Eyal Itkin Unless you've been living under a rock for the past 30 years or so, you ...
Fuzzing Malware For Fun & Profit. Applying Coverage-guided Fuzzing to Find and Exploit Bugs in Modern Malware Maksim Shudrak Practice shows that even the most secure software written by the best engineers contain bugs. ...