DEFCON 2013 Aug. 1, 2013 to Aug. 4, 2013, Las Vegas,Nevada

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
PowerPreter: Post Exploitation Like a Boss Nikhil Mittal Powerpreter is "The" post exploitation tool. It is written completely in powershell which is present ...
Kill 'em All — DDoS Protection Total Annihilation! Tony mt Miu , Wai-leng Lee With the advent of paid DDoS protection in the forms of CleanPipe, CDN / Cloud ...
Unexpected Stories From a Hacker Who Made it Inside the Government Peiter Mudge Zatko Having had the opportunity to see things from within the hacker community and from a ...
The Road Less Surreptitiously Traveled Pukingmonkey Anonymously driving your own vehicle is becoming unattainable with the proliferation of automatic license plate ...
Please Insert Inject More Coins Nicolas Oberli The ccTalk protocol is widely used in the vending machine sector as well as casino ...
Stalking a City for Fun and Frivolity Brendan O'Connor Tired of the government being the only entity around that can keep tabs on a ...
Fast Forensics Using Simple Statistics and Cool Tools John Ortiz Ever been attacked by malicious code leaving unknown files all over your computer? Trying to ...
VoIP Wars: Return of the SIP Fatih Ozavci NGN (Next Generation Network) is modern TDM/PSTN system for communication infrastructure. SIP (Session Initiation Protocol) ...
Exploiting Music Streaming with JavaScript Franz Payer As the music industry transitioned from physical to digital distribution, they have forgotten the one ...
The Cavalry Isn't Coming: Starting the Revolution to Fsck it All! Nicholas J. Percoco , Joshua Corman We have some good news and some bad news. The good news is that security ...
ACL Steganography - Permissions to Hide Your Porn Michael Perklin Everyone's heard the claim: Security through obscurity is no security at all. Challenging this claim ...
Doing Bad Things to 'Good' Security Appliances Phorkus , Evilrob The problem with security appliances is verifying that they are as good as the marketing ...
Let's screw with nmap Gregory Pickett Differences in packet headers allow tools like nmap to fingerprint operating systems. My new approach ...
Defending Networks with Incomplete Information: A Machine Learning Approach Alexandre Pinto Let's face it: we may win some battles, but we are losing the war pretty ...
We are Legion: Pentesting with an Army of Low-power Low-cost Devices Philip Polstra This talk will show attendees how they can do penetration testing with a network of ...
Hacker Law School Marcia Hofmann , Jim Rennie In the past year, several high-profile prosecutions of hackers have underscored the need for legal ...
Defense by numbers: Making problems for script kiddies and scanner monkeys Chris john Riley On the surface most common browsers look the same, function the same, and deliver web ...
De-Anonymizing Alt.Anonymous.Messages Tom Ritter In recent years, new encryption programs like Tor, RedPhone, TextSecure, Cryptocat, and others have taken ...
Forensic Fails - Shift + Delete won't help you here Michael Perklin , Eric Robi Forensic fails illustrates the rather comedic attempts at "anti-forensics" by inept computer users trying to ...
The dawn of Web 3.0: website mapping and vulnerability scanning in 3D, just like you saw in the movies Alejandro Caceres , Teal Rogers Remember that scene in Hackers where Jonny Lee Miller and Angelina Jolie get a bunch ...
Building an Android IDS on Network Level Jaime Sanchez Being popular is not always a good thing and hereís why. As mobile devices grow ...
Safety of the Tor network: a look at network diversity, relay operators, and malicious relays Runa a. Sandvik Rumor has it that the Tor network is a CIA honeypot, that all relays are ...
The Dark Arts of OSINT noah Schiffman , Skydog The proliferation and availability of public information has increased with the evolution of its dissemination. ...
How my Botnet Purchased Millions of Dollars in Cars and Defeated the Russian Hackers Michael Schrenk This is the true story of a botnet that created a competitive advantage for a ...
Examining the Bitsquatting Attack Surface Jaeson Schultz Bit errors in computer memory, when they occur in a stored domain name, can cause ...
Hacking Wireless Networks of the Future: Security in Cognitive Radio Networks Hunter Scott M2M, IoT, whatever buzzword you want to use, telecoms are predicting and preparing for a ...
Making Of The DEF CON Documentary Jason Scott , Rachel Lovinger Early in 2012, to commemorate the 20th year of the conference, Jason Scott was asked ...
All Your RFz Are Belong to Me - Hacking the Wireless World with Software Defined Radio Balint Seeber Ever wondered what traffic is flowing through the many satellites in orbit above you? Have ...
A Password is Not Enough: Why disk encryption is broken and how we might fix it Daniel Selifonov Since the publication of the cold boot attack on software disk encryption 5 years ago, ...
EMET 4.0 PKI Mitigation Neil Sikka Microsoft EMET is a free Mitigation tool. In addition to its memory corruption exploit mitigations, ...
DragonLady: An Investigation of SMS Fraud Operations in Russia Ryan W. Smith , Tim Strazzere One of the top types of Android malware are trojans that claim to provide a ...
BYO-Disaster and Why Corporate Wireless Security Still Sucks James Snodgrass , Josh Hoover Right when you thought this topic had been beaten to death, something new emerges. This ...
Evolving Exploits Through Genetic Algorithms Soen This talk will discuss the next logical step from dumb fuzzing to breeding exploits via ...
Backdoors, Government Hacking and The Next Crypto Wars Christopher Soghoian The FBI claims it is going dark. Encryption technologies have finally been deployed by software ...
How to Hack Your Mini Cooper: Reverse Engineering Controller Area Network (CAN) Messages on Passenger Automobiles Jason Staggs This presentation introduces the underlying protocols on automobile communication system networks of passenger vehicles and ...
An Open Letter - The White Hat's Dilemma: Professional Ethics in the Age of Swartz, PRISM and Stuxnet Alex Stamos The information security world is constantly buffeted by the struggle between whitehats, blackhats, antisec, greenhats, ...
Collaborative Penetration Testing With Lair Tom Steele , Dan Kottmann Lair is an open-source project developed for and by pentesters. Built on Meteor and Node.js ...
DNS May Be Hazardous to Your Health Robert Stucke The largest manufacturer of laptops, one of the largest consulting firms, and a big data ...
Predicting Susceptibility to Social Bots on Twitter Chris Sumner , Randall Wald Are some Twitter users more naturally predisposed to interacting with social bots and can social ...
EDS: Exploitation Detection System Amr Thabet In the last several years, exploits have become the strongest weapons in cyber warfare. Exploit ...
The Government and UFOs: A Historical Analysis by Richard Thieme Richard Thieme This talk is about the ways the many components of governments interact and respond to ...
BoutiqueKit: Playing WarGames with expensive rootkits and malware Josh 'm0nk' Thomas "Theoretical" targeted rootkits need to play by different rules than the common malware that ends ...
C.R.E.A.M. Cache Rules Evidently Ambiguous, Misunderstood Jacob Thompson Common wisdom dictates that web applications serving sensitive data must use an encrypted connection (i.e., ...
Insecurity - A Failure of Imagination Marc Weber Tobias , Tobias Bluzmanis Homeowners, apartment complexes, and businesses throughout the United States and Canada have purchased locks from ...
HTTP Time Bandit Vaagn Toukharian , Tigran Gevorgyan While web applications have become richer to provide a higher level user experience, they run ...
The Growing Irrelevance of US Government Cybersecurity Intelligence Information Mark Weatherford The rapidly changing threat landscape has finally provided relevant business justification for commercial companies to ...
Prowling Peer-to-Peer Botnets After Dark Tillmann Werner Peer-to-peer botnets have become the backbone of the cybercrime ecosystem. Due to their distributed nature, ...
Reality Hackers Rebecca Wexler , Paul Sanderson Reality Hackers. Technology, wit, and hacker culture fuse in an electrified movement for digital freedom. ...
Defeating Internet Censorship with Dust, the Polymorphic Protocol Engine Brandon Wiley The greatest danger to free speech on the Internet today is filtering of traffic using ...
BYOD PEAP Show Josh Yavor The onslaught of Bring Your Own Device(s) in recent years places a new focus on ...
Android WebLogin: Google's Skeleton Key Craig Young Millions of businesses worldwide trust in Google Apps to run their organization's domain. The life-blood ...
Adventures in Automotive Networks and Control Units Chris Valasek , Charlie Miller Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency ...
Getting The Goods With smbexec Eric Milam Individuals often upload and execute a payload to a remote system during penetration tests for ...
Pwn The Pwn Plug: Analyzing and Counter-Attacking Attacker-Implanted Devices Wesley Mcgrew Malicious attackers and penetration testers alike are drawn to the ease and convenience of small, ...
A Thorny Piece Of Malware (And Me): The Nastiness of SEH, VFTables & Multi-Threading Marion Marschalek Reverse Engineering is the supreme discipline in analyzing malware, how else would you find out ...
HiveMind: Distributed File Storage Using JavaScript Botnets Sean Malone Some data is too sensitive or volatile to store on systems you own. What if ...
GoPro or GTFO: A Tale of Reversing an Embedded System Zach Lanier , Todd Manning Embedded systems are shrinking in size and becoming widely used in many consumer devices. High ...
This presentation will self-destruct in 45 minutes: A forensic deep dive into self-destructing message apps Drea London , Kyle O'meara Prior to 2013, the phrase 'Self Destructing Message' was most commonly associated with Inspector Gadget, ...
How to use CSP to stop XSS Kenneth Lee Crosssite scripting attacks have always been a mainstay of the OWASP Top 10 list. The ...
Key Decoding and Duplication Attacks for the Schlage Primus High-Security Lock David Lawrence Student , Eric Student , Robert Johnson Student The Schlage Primus is one of the most common high-security locks in the United States. ...
Decapping Chips the Easy Hard Way Zac Franken , Adam ( Major Malfunction ) Laurie For some time it has been possible to discover the inner workings of microprocessors with ...
The Secret Life of SIM Cards Karl Koscher , Eric Butler SIM cards can do more than just authenticate your phone with your carrier. Small apps ...
The Dirty South – Getting Justified with Technology David Kennedy , Nick Hitchcock It seems that every day there's a new NextGen firewall, whitelisting and blacklisting, DLP, or ...
Torturing Open Government Systems for Fun, Profit and Time Travel Tom Keenan Professor "I'm from the government and I'm here to help you" takes on a sinister new ...
Dude, WTF in my car? Alberto garcia Illera , Javier Vazquez Vidal The ECU tuning market is weird. There is little help from people in it, and ...
Resting on Your Laurels will get you Pwned: Effectively Code Reviewing REST Applications to avoid getting powned Dinis Cruz , Abraham Kang Public REST APIs have become mainstream. It is not just startups such as Facebook and ...
The Bluetooth Device Database Ryan Holeman As of 2013, it is estimated that there are now billions of bluetooth devices deployed ...
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust Dan Griffin The US National Security Agency has been public about the inevitability of mobile computing and ...
So You Think Your Domain Controller is Secure? Justin Hendricks Domain Controllers are the crown jewels of an organization. Once they fall, everything in the ...
Phantom Network Surveillance UAV / Drone Ricky Hill DARPA, 2011, sponsored a contest named UAVForge which challenged teams to build a prototype unmanned ...
JTAGulator: Assisted Discovery Of On-Chip Debug Interfaces Joe ( Kingpin ) Grand On-chip debug (OCD) interfaces can provide chip-level control of a target device and are a ...
Java Every-Days: Exploiting Software Running on 3 Billion Devices Brian Gorenc , Jasiel Spelman Over the last three years, Oracle Java has become the exploit author's best friend. And ...
The Politics of Privacy and Technology: Fighting an Uphill Battle Eric Fulton , Daniel Zolnikov In the past few decades the world has been dramatically transformed by technology. People have ...
10000 Yen into the Sea Flipper The use of a pressure housing in an underwater vehicle can be difficult to implement ...
Defeating SEAndroid Pau Oliva Security Enhancements for Android (SEAndroid) enables the use of SELinux in Android in order to ...
gitDigger: Creating useful wordlists from public GitHub repositories Rob Fuller , Jaime Filson This presentation intends to cover the thought process and logistics behind building a better wordlist ...
Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot Amir ( zenofex ) Etemadieh , Cj Heres , Mike Baker , Hans Nielsen Google TV is intended to bring the Android operating system out of the mobile environment ...
From Nukes to Cyber – Alternative Approaches for Proactive Defense and Mission Assurance Robert Elder In typical military operations, the advantage goes to the offense because the initiator controls the ...
Noise Floor: Exploring the world of unintentional radio emissions Melissa Elliott If it's electronic, it makes noise. Not necessarily noise that you and I can hear, ...
Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO) Justin Engler , Paul Vines Password and PIN systems are often encountered on mobile devices. A software approach to cracking ...
Proliferation Joseph R. Detrani Abstract Coming Soon.
Privacy In DSRC Connected Vehicles Christie Dudley To date, remote vehicle communications such as OnStar have provided little in the way of ...
Pwn'ing You(r) Cyber Offenders Piotr Duszynski It is commonly believed that Offensive Defense is just a theory that is difficult to ...
I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell Tom Ritter , Doug Deperry I have a box on my desk that your CDMA cell phone will automatically connect ...
How to Disclose or Sell an Exploit Without Getting in Trouble James Denaro You have identified a vulnerability and may have developed an exploit. What should you do ...
Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions Andy Davis Embedded systems are everywhere, from TVs to aircraft, printers to weapon control systems. As a ...
Do-It-Yourself Cellular IDS Sherri Davidoff , Scott Fretheim , David Harrison , Randi Price For less than $500, you can build your own cellular intrusion detection system to detect ...
Stepping P3wns: Adventures in full spectrum embedded exploitation (and defense!) Ang Cui , Michael Costello Our presentation focuses on two live demonstrations of exploitation and defense of a wide array ...
Home Invasion 2.0 - Attacking Network-Controlled Consumer Devices Daniel "unicornfurnace" Crowley , Jennifer "savagejen" Savage , David "videoman" Bryan A growing trend in electronics is to have them integrate with your home network in ...
Blucat: Netcat For Bluetooth Joseph paul Cohen TCP/IP has tools such as nmap and netcat to explore devices and create socket connections. ...
Legal Aspects of Full Spectrum Computer Network (Active) Defense Robert Clark Full spectrum computer network (active) defense mean more than simply "hacking back". We've seen a ...
Abusing NoSQL Databases Ming Chow The days of selecting from a few SQL database options for an application are over. ...
Utilizing Popular Websites for Malicious Purposes Using RDI Daniel Chechik , Anat Davidi Reflected DOM Injection is a new attack vector that will be unveiled for the first ...
Offensive Forensics: CSI for the Bad Guy Benjamin Caudill As a pentester, when was the last time you 'recovered' deleted files from the MFT ...
Open Public Sensors, Trend Monitoring and Data Fusion Daniel Burroughs Our world is instrumented with countless sensors. While many are outside of our direct control, ...
Conducting massive attacks with open source distributed computing Alejandro Caceres Distributed computing is sexy. Don't believe us? In this talk we'll show you, on a ...
OTP, It won't save you from free rides! Bughardy , Eagle1753 RFID technologies are becoming more and more prevalent in our lives. This motivated us to ...
Evil DoS Attacks and Strong Defenses Sam Bowne , Matthew Prince On the attack side, this talk will explain and demonstrate attacks which crash Mac OS ...
RFID Hacking: Live Free or RFID Hard Francis Brown Have you ever attended an RFID hacking presentation and walked away with more questions than ...
Data Evaporation from SSDs Sam Bowne Files on magnetic hard drives remain on the drive even after they are deleted, so ...
Transcending Cloud Limitations by Obtaining Inner Piece Zak Blacher With the abundance of cloud storage providers competing for your data, some have taken to ...
Made Open: Hacking Capitalism Todd Bonnewell The game is Capitalism. The rule makers are the banks, corporations and governments. This presentation ...
PowerPwning: Post-Exploiting By Overpowering PowerShell Joe Bialek PowerShell is a scripting language included with all modern Windows operating systems, which, among other ...
MITM All The IPv6 Things Scott Behrens , Brent Bandelgar Back in 2011, Alec Waters demonstrated how to overlay a malicious IPv6 network on top ...
Combatting Mac OSX/iOS Malware with Data Visualization Remy Baumgarten Apple has successfully pushed both its mobile and desktop platforms into our homes, schools and ...
Fear the Evil FOCA: IPv6 attacks in Internet connections Chema Alonso Windows boxes are running IPv6 by default so LANs are too. Internet is not yet ...
Suicide Risk Assessment and Intervention Tactics Amber Baldet Suicide is the 10th leading cause of death in the United States, yet it persists ...
Business logic flaws in mobile operators services Bogdan Alecu GSM has been attacked in many different ways in the past years. But regardless of ...
Pentesters Toolkit Anch You've been hired to perform a penetration test, you have one week to prepare. What ...
Meet Pentoo, the Longest Running Pen-testing Linux Distro Zerochaos Pentoo is the longest running Penetration Testing Linux distribution, pre-dating many of today's more popular ...
Oil & Gas Infosec 101 Alxrogan Ever wonder what it's like to secure off-shore platforms, field operations, and aging SCADA systems? ...
Wireless Penetration Testing 101 & Wireless Contesting Dakahuna , Rmellendick Whether it’s war-driving or doing penetration testing of wireless networks there are tools, hardware and ...
Intro to Web Application Hacking Terrence “tuna” Gareau This talk will will cover web application attack basics to get any n00b started on ...
The Policy Wonk Lounge Mark Weatherford , Sameer Bhalotra , Robert Elder , Robert Brese , Bruce Mcconnell , James R. Lint Can wonks hack it at DEF CON? Lean back and settle in for a stimulating ...
DEF CON 101 Pyr0 , Lockheed , Highwiz , Roamer , Lost DC101 is the Alpha to the closing ceremonies' Omega. It's the place to go to ...
Hacking Management: From Operations to Command Lockheed , Roamer , Naifx So you've been in IT for a while. You've done well. You like your job. ...
The Ninjaneers: Getting started in Building Your Own Robots for World Domination. Flipper , Beaker So what’s your excuse for not building that robot idea you’ve been kicking around for ...
Decrypting DEFCON: Foundations Behind Some of the Games Hackers Play Lost Continuing on his 101 talk from last year (building a foundational knowledge, or at least ...
Hardware Hacking with Microcontrollers: A Panel Discussion Joe ( Kingpin ) Grand , Renderman , Lost , Mark 'smitty' Smith , Firmwarez Microcontrollers and embedded systems come in many shapes, sizes and flavors. From tiny 6-pin devices ...
Meet the VCs Ping Li , Matt Ocko , Deepak Jeevankumar , John M. Jack , Eileen Burbidge Venture capital investments have reached the highest level since the dot-com days. Almost seven billion ...
The ACLU Presents: NSA Surveillance and More Nicole Ozer , Christopher Soghoian , Alex Abdo , Catherine Crump , Kade Crockford From the NSA's PRISM and metadata programs to IMSI catchers, location tracking to surveillance drones, ...
Ask the EFF: The Year in Digital Civil Liberties Kurt Opsahl , Eva Galperin , Marcia Hoffmann , Dan Auerbach , Marc Jaycox , Mitch Stoltz Get the latest information about how the law is racing to catch up with technological ...
DEF CON Comedy Jam Part VI, Return of the Fail James Arlen , David Mortman , Rich Mogull , Chris Hoff , Rob Graham , Larry Pesce , Dave Maynor , Alex Rothman You know you can't stay away! The most talked about panel at DEF CON! More ...