DEF CON 20 July 26, 2012 to July 29, 2012, Las Vegas, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Welcome / Making the DEF CON 20 Badge The Dark Tangent DT will address the con and officially open DEF CON 20. Following his address LostboY ... Security
Before, During, and After Gail Thackeray , Jason Scott , Dead As you may have heard, in honor of our 20th anniversary, we have a DEF ...
Shared Values, Shared Responsibility Keith b. Alexander We as a global society are extremely vulnerable and at risk for a catastrophic cyber ... Security
Def Con 101 [Panel] Pyr0 , Lockheed , Highwiz , Roamer , Alxrogan , Lost , Flipper DC101 is the Alpha to the closing ceremonies Omega. Its the place to go to ...
Breaking Wireless Encryption Keys Dakahuna Cracking Wireless encryption keys is a fundamental capability that should be in every penetration testers ... Security
Intro to digital Forensics: Tools & Tactics Ripshy , Hackajar Putting up a flag and asking for help on the Internet is not for the ...
The Cerebral Source Code Siviak YOU: are part of the problem. You should count yourself among the ranks of the ... Security
SCREW THE PLANET, HACK THE JOB! Lockheed , Roamer , Alxrogan Have you ever wondered how you can translate your mad skillz into an actual job? ...
HF SKIDDIES SUCK, DONT BE ONE. LEARN SOME BASIC PYTHON Terrence tuna Garreau Fuck a bunch of skiddie tools acquired from bobo forums. One does not have to ... Security
HACKING THE HACKERS: HOW FIRM IS YOUR FOUNDATION? Lost Since this is DC101, Ive got some things I want to get off my chest ... Security
INTRODUCTION TO LOCKPICKING AND BYPASSING PHYSICAL SECURITY Tran Everyone relies on their locks to keep things secure. From front doors to filing cabinets, ... Security
Owning Bad Guys [And Mafia] With Javascript Botnets Chema Alonso , Manu the Sur Man in the middle attacks are still one of the most powerful techniques for owning ...
The Darknet of Things, Building Sensor Networks That Do Your Bidding Anch The Internet of Things... It is coming, wearing hardware that communicates across the Internet is ... Security
Drones! Chris Anderson Thanks to the plummeting cost of powerful motion sensors like those found in smartphones, the ... Security
<GHZ or bust: DEF CON Atlas Wifi is cool and so is cellular, but the real fun stuff happens below the ... Security
Blind XSS Adam evilpacket Baldwin This talk will announce the release and demonstrate the xss.io toolkit. xss.io is a platform ... Security
Should the Wall of Sheep Be Illegal? A Debate Over Whether and How Open WiFi Sniffing Should Be Regulated Jennifer Granick , Kevin Bankston , Matt Blaze Prompted by the Google Street View WiFi sniffing scandal, the question of whether and how ...
Cryptohaze Cloud Cracking Bitweasil Bitweasil goes through the latest developments in the Cryptohaze GPU based password cracking suite. WebTables ... Security
Overwriting the Exception Handling Cache Pointer Dwarf Oriented Programming James Oakley , Sergey Bratus , Rodrigo Rubira Branco This presentation describes a new technique for abusing the DWARF exception handling architecture used by ...
Exploit Archaeology: Raiders of the Lost Payphones Josh ( savant ) Brashars Payphones. Remember those? They used to be a cornerstone of modern civilation, available at every ... Security
Hardware Backdooring is Practical Jonathan Brossard This presentation will demonstrate that permanent backdooring of hardware is practical. We have built a ... Security
DIY Electric Car Dave Brown Electric Vehicles are an exciting area of developing technology entering the mainstream market. Every major ... Security
Tenacious Diggity: Skinny Dippin in a Sea of Bing Rob Ragan , Francis Brown All brand new tool additions to the Google Hacking Diggity Project The Next Generation Search ...
KinectasploitV2: Kinect Meets 20 Security Tools Jeff Bryner Last year saw the release of Kinectasploit v1 linking the Kinect with Metasploit in a ... Security
Fuzzing Online Games Elie Bursztein , Patrick Samy Fuzzing online games to find interesting bugs requires a unique set of novel techniques. In ...
The Open Cyber Challenge Platform Linda c. Butler Everyone from MIT to the DoD have agreed that teaching cyber security using cyber challenges, ... Security
Into the Droid: Gaining Access to Android User Data Thomas Cannon This talk details a selection of techniques for getting the data out of an Android ... Android Exploitation ExcludeThinkstScapes Mobile Security
Panel: Meet the Feds 1 Jim Christy , Andrew Fried , Jon Iadonisi , Rich Marshall , David Mccallum , Leon Caroll , Justin Wykes Did you ever wonder if the Feds were telling youre the truth when you asked ...
Panel: Meet the Feds 2: Policy Riley Repko , Rod Beckstrom , Mark Weatherford , Jim Christy , Jerry Dixon , Bob Lentz , Linton Wells , Mischel Kwon Did you ever wonder if the Feds were telling youre the truth when you asked ...
SIGINT and Traffic Analysis for the Rest of Us Sandy Clark , Matt Blaze Last year, we discovered practical protocol weaknesses in P25, a secure two-way radio system used ...
Bad (and Sometimes Good) Tech Policy: Its Not Just a DC Thing Chris Conley Efforts at the federal level to pass laws like SOPA and CISPA and require that ... Security
Life Inside a Skinner Box: Confronting our Future of Automated Law Enforcement Greg Conti , Lisa Shay From smart pajamas that monitor our sleep patterns to mandatory black boxes in cars to ...
Owning the Network: Adventures in Router Rootkits Michael Coppola Routers are the blippy switchy boxes that make up the infrastructure of networks themselves, yet ... Security
World War 3.0: Chaos, Control & the Battle for the Net Rod Beckstrom , Joshua Corman , Jeff ( Dark Tangent ) Moss , Dan Kaminsky , Michael joseph Gross There is a battle under way for control of the Internet. Some see it as ...
Embedded Device Firmware Vulnerability Hunting Using FRAK, the Firmware Reverse Analysis Konsole Ang Cui We present FRAK, the firmware reverse analysis konsole. FRAK is a framework for unpacking, analyzing, ... Security
Looking Into The Eye Of The Meter Cutaway When you look at a Smart Meter, it practically winks at you. Their Optical Port ... Security
SQL Injection to MIPS Overflows: Rooting SOHO Routers Zachary Cutlip Three easy steps to world domination: Pwn a bunch of SOHO routers. ??? Profit I ... Security
DC RECOGNIZE Awards Jeff ( Dark Tangent ) Moss , Russ Rogers , Jericho DEF CON is proud to announce the 2nd annual DEF CON awards ceremony, renamed the ...
Hacking Humanity: Human Augmentation and You Christian quaddi Dameff , Jeff r3plicant Tully Youve played Deus Ex. Youve seen Robocop. Youve read Neuromancer. Youve maybe even wondered just ...
Connected Chaos: Evolving the DCG/Hackspace Communication Landscape Nick Farr , Dave Marcus , Anarchy Angel , Anch , Blakdayz As hackers, we have access to tremendous informational power. At our individual hackerspaces and DCGs ...
Not-So-Limited Warranty: Target Attacks on Warranties for Fun and Profit Darkred Frequently people consider a serial number as nothing but a number but in this presentation ... Security
DivaShark Monitor your Flow Robert Deaton Analyzing live network traffic is nothing new but the tools still seem limited. Wireshark is ... Security
Beyond the War on General Purpose Computing: Whats Inside the Box? Cory Doctorow Assuming the failure of all the calls to regulate PCs and the Internet because people ... Security
Sploitego Maltegos (Local) Partner in Crime Nadeem Douba Have you ever wished for the power of Maltego when performing internal assessments? Ever hoped ... Security
Not So Super Notes: How Well Does US Dollar Note Security Prevent Counterfeiting? Matthew Duggan The security of US dollar notes is paramount for maintaining their value and safeguarding the ... Security
Post Metasploitation: Improving Accuracy and Efficiency in Post Exploitation Using the Metasploit Framework Egypt As many in this community have echoed, shell is just the beginning. Owning a box ... Security
The Paparazzi Platform: Flexible, Open-Source, UAS Software and Hardware Esden , Dotaero , Misterj , Cifo This presentation introduces the Paparazzi framework, an Open-Source (GPL3 and OSHW CC-by-SA) software and hardware ...
hacking the google tv Dan Rosenberg , Amir ( zenofex ) Etemadieh , Cj Heres , Tom tdweng Dwenger This presentation will focus on the current GoogleTV devices, including X86 platform details, and the ... Hardware Reverse Engineering IncludeThinkstScapes Hardware Hacking Google TV
Owned in 60 Seconds: From Network Guest to Windows Domain Admin Zachary Fasel Their systems were fully patched, their security team watching, and the amateur pentesters just delivered ... Security
Hellaphone: Replacing the Java in Android John Floren Android is the only widespread open-source phone environment available today, but actually hacking on it ... Security
Hacking [Redacted] Routers Felix ( FX ) Lindner , Greg [Redacted] routers are no longer devices only seen in [Redacted]. Entire countries run their Internet ...
Demorpheus: Getting Rid Of Polymorphic Shellcodes In Your Network Dennis Gamayunov , Svetlana Gaivoronski One of the most effective techniques used in CTF is the usage of various exploits, ...
New Techniques in SQLi Obfuscation: SQL never before used in SQLi Nick Galbreath SQLi remains a popular sport in the security arms-race. However, after analysis of hundreds of ... Security
Uncovering SAP Vulnerabilities: Reversing and Breaking the Diag Protocol Martin Gallo This talk is about taking SAP penetration testing out of the shadows and shedding some ... Security
Post-Exploitation Nirvana: Launching OpenDLP Agents over Meterpreter Sessions Andrew Gavin , Michael Baucom , Charles Smith OpenDLP is a free and open source agent- based data discovery tool that works against ...
The Art of Cyberwar Kenneth Geers The establishment of US Cyber Command in 2010 confirmed that cyberspace is a new domain ... Security
SCADA Strangelove or: How I Learned to Start Worrying and Love the Nuclear Plants Sergey Gordeychik , Denis Baranov Modern civilization unconditionally depends on information systems. It is paradoxical but true that SCADA systems ...
more projects of prototype this Joe ( Kingpin ) Grand , Zoz For 18 months, Joe Grand and Zoz Brooks were co-hosts of Discovery Channels Prototype This, ...
Hacking Measured Boot and UEFI Dan Griffin Theres been a lot buzz about UEFI Secure Booting, and the ability of hardware and ... Security
Exchanging Demands Peter Hannay Smart phones and other portable devices are increasingly used with Microsoft Exchange to allow people ... Security
Changing the Security Paradigm: Taking Back Your Network and Bringing Pain to the Adversary Shawn Henry The threat to our networks is increasing at an unprecedented rate. The hostile environment we ... Security
Busting the BARR: Tracking Untrackable Private Aircraft for Fun & Profit Dustin Hoffman , Semon Rezchikov Private aircraft provide transportation to interesting people: corporate officers, business owners, celebrities, high net-worth individuals, ...
Crypto and the Cops: the Law of Key Disclosure and Forced Decryption Marcia Hofmann Can the government force you to turn over your encryption passphrase or decrypt your data ... Security
Passive Bluetooth Monitoring in Scapy Ryan Holeman Recognizing a need to support passive bluetooth monitoring in Scapy, Pythons interactive monitoring framework, a ... Security
Cyber PatriotA Students Perspective Kevin Houk , Jake Robie , Matt Brenner As the world grows more reliant upon digital technology, cyber-attacks are posing a more significant ...
How to Hack All the Transport Networks of a Country Alberto garcia Illera The presentation is about a real black hacking act against the transport network of a ... Security
Bigger Monster, Weaker Chains: The National Security Agency and the Constitution James Bamford , Jameel Jaffer , William Binney , Alex Abdo The National Security Agency, the largest, most powerful spy agency in the world, has taken ...
Black Ops Dan Kaminsky If theres one thing we know, its that were doing it wrong. Sacred cows make ... Security
Owning One to Rule Them All Dave Kennedy , Dave Desimone As penetration testers, we often try to impact an organization as efficient and effective as ...
Detecting Reflective Injection Andrew King This talk will focus on detecting reflective injection with some mildly humorous notes and bypassing ... Security
An Inside Look Into Defense Industrial Base (DIB) Technical Security Controls: How Private Industry Protects Our Countrys Secrets James Kirk With an ever changing threat of nation states targeting the United States and its infrastructure ... Security
No More Hooks: Trustworthy Detection of Code Integrity Attacks Xeno Kovah , Corey Kallenberg Hooking is the act of redirecting program control flow somewhere other than it would go ...
DDoS Black and White Kungfu Revealed Anthony ( darkfloyd ) Lai , Tony mt Miu , Kelvin captain Wong , Alan avenir Chung Enterprises currently dump millions of bucks to defense against DDoS, some trading firms here are ...
NFC Hacking: The Easy Way Eddie Lee Until now, getting into NFC/RFID hacking required enthusiasts to buy special hardware and learn about ... Security
Robots: Youre Doing It Wrong 2 Katy Levinson By popular demand, DEF CONs angry little roboticist is back with more stories of robot ... Security
Anonymous and the Online Fight for Justice Marcia Hofmann , Gabriella Coleman , Amber Lyon , Mercedes Haefer , Jay Leiderman , Grinne Oneill How the media mischaracterizes, & portrays hackers. IRL protest VS. online protest. Politically motivated prosecution. ...
OPFOR 4EVER Christopher E. Pogue , Tim Maletic Training utilizing Opposing Forces, or OPFOR, is an exercise focused on improving detection and response ...
Weaponizing the Windows API with Metasploits Railgun David thelightcosine Maloney No part of the Metasploit Framework has been shrouded in more mystery and confusion than ... Security
Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2 Marsh Ray , Moxie Marlinspike , David Hulton MS-CHAPv2 is an authentication and key negotiation protocol that, while old and battered, is still ...
Dont Stand So Close To Me: An Analysis of the NFC Attack Surface Charlie Miller Near Field Communication (NFC) has been used in mobile devices in some countries for a ... Security
How to Hack VMware vCenter Server in 60 Seconds Alexander Minozhenko This talk will discuss some ways to gain control over the virtual infrastructure through vCenters ... Security
DEF CON Comedy Jam V, V for Vendetta James Arlen , David Maynor , David Mortman , Rich Mogull , Chris Hoff , Larry Pesce You know you cant stay away! The most talked about panel at DEF CON! Nearly ...
Cortana: Rise of the Automated Red Team Raphael Mudge Meet Cortana, a new scripting language to automate Metasploit and extend Armitage. Cortana is a ... Security
Making Sense of Static New Tools for Hacking GPS Fergus Noble , Colin Beighley Current GPS receivers found in mobile phones etc. are capable of about 5m accuracy but ...
SQL ReInjector Automated Exfiltrated Data Identification Jason a. Novak , Andrea (drea) London This presentation will debut SQL ReInjector, a tool for the rapid assessment of logs from ...
meet the eff Peter Eckersley , Marcia Hofmann , Kurt Opsahl , Eva Galperin , Hanni Fakhouri , Trevor Timm Get the latest information about how the law is racing to catch up with technological ...
The End of the PSTN As You Know It Jason Ostrom , Jkarl Feinauer , William Borskey In this talk, we will explore the so-called market buzz of UC Federation. Rather, we ...
APK File Infection on an android system Bob Pan This concept of APK file infection on Android is similar to the concept of PE ... Security
Panel: The Making of DEF CON 20 Def Heads Have you ever wondered what it takes to put DEF CON together, Well now is ... Security
Anti-Forensics and Anti-Anti-Forensics: Attacks and Mitigating Techniques for Digital-Forensic Investigations Michael Perklin Digital investigations may be conducted differently by various labs (law enforcement agencies, private firms, enterprise ... Security
Creating an A1 Security Kernel in the 1980s (Using Stone Knives and Bear Skins) Tom Perrine This is a retrospective of computer security research and the process of building a secure ... Security
Network Anti-Reconnaissance: Messing with Nmap Through Smoke and Mirrors Dan ( altf4 ) Petro Reconnaissance on a network has been an attackers game for far too long, wheres the ... Security
Bypassing Endpoint Security for $20 or Less Philip Polstra In this talk cheap easily constructed devices which can be used to bypass endpoint security ... Security
The Safety Dance Wardriving the Public Safety Band Brad Antoniewicz , Robert Portvliet The 4.9Ghz Public Safety Band has been deployed to a town near you! Police, Emergency ...
Kevin Poulsen Answers Your Questions Kevin Poulsen N/A Security
Hacker + Airplanes = No Good Can Come Of This Renderman What happens when a hacker gets bored and starts looking at an aircraft tracking systems? ... Security
MegaUpload: Guilty or Not Guilty? Jennifer Granick , Jim Rennie On January 19, 2012, Kim DotCom was arrested in a dramatic raid after being indicted ...
Stamp Out Hash Corruption! Crack All The Things! Ryan Reynolds , Jonathan Claudius The precursor to cracking any password is getting the right hash. In this talk we ...
Spy vs Spy: Spying on Mobile Device Spyware Michael Robinson , Chris Taylor Commercial spyware is available for mobile devices, including iPhones, Android Smartphones, BlackBerries, and Nokias. Many ... Computer Forensics IncludeThinkstScapes Mobile Security
Scylla: Because Theres no Patch for Human Stupidity Sergio flacman Valderrama , Carlos alberto Rodriguez When theres no technical vulnerability to exploit, you should try to hack what humans left ...
Bruce Schneier Answers Your Questions Bruce Schneier Bruce Schneier will answer questions topics ranging from the SHA-3 competition to the TSA to ... Security
Programming Weird Machines with ELF Metadata Sergey Bratus , Rebecca bx Shapiro The Executable and Linkable Format (ELF) is omnipresent; related OS and library code is run ...
We Have You by the Gadgets Toby Kohlenberg , Mickey Shkatov Why send someone an executable when you can just send them a sidebar gadget? We ...
Can You Track Me Now? Government And Corporate Surveillance Of Mobile Geo-Location Data Christopher Soghoian , Ashkan Soltani , Ben Wizner , Catherine Crump Our mobile phones and apps systematically collect and store comprehensive historical lists of our locations ...
Botnets Die Hard Owned and Operated Aditya K Sood , Richard Enbody Botnet designs are becoming more robust and sophisticated with the passage of time. While the ...
How to Channel Your Inner Henry Rollins Jayson E. Street Have you ever found yourself thinking Boy I sure wish I could witness a guy ... Security
Can Twitter Really Help Expose Psychopath Killers Traits? Chris Sumner , Randall Wald Recent research has identified links between Psychopaths and the language they use (Hancock et al ...
Attacking the TPM Part 2 : A look at the ST19WP18 TPM device Christopher Tarnovsky The STMicroelectronics ST19WL18P TPM die-level analysis. Companies like Atmel, Infineon and ST are pushing motherboard ... Security
Twenty Years Back, Twenty Years Ahead: The Arc of DEF CON Past and Future Richard Thieme Thiemes keynote at DEF CON 4 for a few hundred people was Hacking as Practice ... Security
Off-Grid Communications with Android: Meshing the Mobile World Josh m0nk Thomas , Jeff stoker Robble Join the SPAN team for a deep dive into the Android network stack implementation and ...
Socialized Data: Using Social Media as a Cyber Mule Thor When thinking like a bad guy with the goal of distributing any number of covert ... Security
Safes and Containers: Insecurity Design Excellence Marc Weber Tobias , Tobias Bluzmanis , Matt Fiddler Insecure designs in physical security locks, safes, and other products have consequences in terms of ...
Rapid Blind SQL Injection Exploitation with BBQSQL Ben Toews , Scott Behrens Blind SQL injection can be a pain to exploit. When the available tools work they ...
Subterfuge: The Automated Man-in-the-Middle Attack Framework Matthew Toussain , Christopher Shields Walk into Starbucks, plop down a laptop, click start, watch the credentials roll in. Enter ...
Drinking From the Caffeine Firehose We Know as Shodan Viss Shodan is commonly known for allowing users to search for banners displayed by a short ... Security
The DCWG Debriefing How the FBI Grabbed a Bot and Saved the Internet Andrew Fried , Paul A. Vixie Shodan is commonly known for allowing users to search for banners displayed by a short ...
The Christopher Columbus Rule and DHS Mark Weatherford Never fail to distinguish whats new, from whats new to you. This rule applies to ... Security
The Art Of The Con Paul Wilson Paul Wilson is the writer and star of The Real Hustle and creator of The ... Security
Improving Web Vulnerability Scanning Dan Zulla A new approach for web vulnerability scanning that outbids most existing scanners. Security