Defcon19 2011 Aug. 5, 2011 to Aug. 7, 2011, Las Vegas,USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Bosses love Excel, Hackers too. Chema Alonso , Juan Garrido "silverhack" Remote applications published in companies are around us in the cloud. In this talk we ...
Dust: Your Feed RSS Belongs To You! Avoid Censorship! Chema Alonso , Juan Garrido "silverhack" Law around the world is trying to control what is published on the Internet. After ...
IP4 TRUTH: The IPocalypse is a LIE Sterling Archer , Freaksworth There is a long tradition of researchers presenting at security conferences on topics that are ...
Security When Nano Seconds Count James "Myrcurial" Arlen There's a brave new frontier for IT Security - a place where "best practices" does ...
Beat to 1337: Creating A Successful University Cyber Defense Organization Mike Arpaia , Ted Reed A university with no prior CTF experience and no students with significant prior information security ...
Pillaging DVCS Repos For Fun And Profit Adam evilpacket Baldwin Distributed Version Control Systems, like git are becoming an increasingly popular way to deploy web ...
Chip & PIN is Definitely Broken Andrea Barisani , Daniele Bianco , Zac Franken , Adam ( Major Malfunction ) Laurie The EMV global standard for electronic payments is widely used for inter-operation between chip equipped ...
Deceptive Hacking: How Misdirection Can Be Used To Steal Information Without Being Detected Bruce "grymoire" Barnett There are many similarities between professional hackers and professional magicians. Magicians are experts in creating ...
Fingerbank — Open DHCP Fingerprints Database Olivier Bilodeau The presentation will first take a step back and offer a basic reminder of what ...
PacketFence, The Open Source Nac: What We've Done In The Last Two Years Olivier Bilodeau Ever heard of PacketFence? It's a free and open source Network Access Control (NAC) software ...
Federation and Empire Emmanuel Bouillon Federated Identity is getting prevalent in corporate environments. True, solving cross domain access control to ...
Three Generations of DoS Attacks (with Audience Participation, as Victims) Sam Bowne Denial-of-service (DoS) attacks are very common. They are used for extortion, political protest, revenge, or ...
Building The DEF CON Network, Making A Sandbox For 10,000 Hackers Luiz 'effffn' Eduardo , David "videoman" Bryan We will cover on how the DEF CON network team builds a network from scratch, ...
Kinectasploit: Metasploit Meets Kinect Jeff Bryner We've all seen hackers in movies flying through 3D worlds as they hack the gibson. ...
Physical Memory Forensics for Cache Jamie Butler Physical memory forensics has gained a lot of traction over the past five or six ...
Metasploit vSploit Modules Will Vandevanter , Marcus j. Carey , David Rude This talk is for security practitioners who are responsible for and need to test enterprise ...
Lives On The Line: Securing Crisis Maps In Libya, Sudan, And Pakistan George Chamales Crisis maps collect and present open source intelligence (Twitter, Facebook, YouTube, news reports) and direct ...
Abusing HTML5 Ming Chow The spike of i{Phone, Pod Touch, Pad}, Android, and other mobile devices that do not ...
Familiarity Breeds Contempt Brad "Renderman" Haines , Sandy "mouse" Clark "Good programmers write code, great programmers reuse" is one of the most well known truisms ...
Operational Use of Offensive Cyber Christopher Cleary This session will discuss the "Art of the Possible" when it comes to "Offensive Cyber ...
Look At What My Car Can Do Tyler Cohen This presentation is an introduction to the new world of automobile communication, data and entertainment ...
Kernel Exploitation Via Uninitialized Stack Kees Cook Leveraging uninitialized stack memory into a full-blown root escalation is easier than it sounds. See ...
The Art and Science of Security Research Greg Conti Research is a tricky thing, full of pitfalls, blind alleys, and rich rewards for the ...
Internet Kiosk Terminals : The Redux Paul Craig Paul Craig is the self-proclaimed "King of Kiosk Hacking" You have likely heard of him ...
Cipherspaces/Darknets: An Overview Of Attack Strategies Adrian Crenshaw Darknets/Cipherspaces such as Tor and I2P have been covered before in great detail. Sometimes it ...
Speaking with Cryptographic Oracles Daniel Crowley Cryptography is often used to secure data, but few people have a solid understanding of ...
Taking Your Ball And Going Home; Building Your Own Secure Storage Space That Mirrors Dropbox's Functionality Phil Cryer When for-profit companies offer a free app, there is always going to be strings attached. ...
PCI 2.0: Still Compromising Controls and Compromising Security James Arlen , Jack Daniel , Joshua Corman , Dave Shackleford , Martin Mckeay , Alex Hutton Building on last year's panel discussion of PCI and its impact on the world of ...
Former Keynotes - The Future Rod Beckstrom , Jerry Dixon , Linton Wells , Tony Sager , Dark Tangent Former keynotes keep coming back to DEFCON. Join The Dark Tangent, Rod Beckstrom, Jerry Dixon, ...
Introduction to Tamper Evident Devices Datagram Tamper evident technologies are quickly becoming an interesting topic for hackers around the world. DEF ...
VDLDS — All Your Voice Are Belong To Us Ganesh Devarajan , Don Lebert Anytime you want to bypass the system, you tend to have a telephone conversation instead ...
Safe to Armed in Seconds: A Study of Epic Fails of Popular Gun Safes Deviant Ollam Hackers like guns. Hackers like locks. Hackers like to tinker with guns and locks. And, ...
Whitfield Diffie and Moxie Marlinspike Whitfield Diffie , Moxie Marlinspike Come watch Whitfield Diffie and Moxie Marlinspike talk about certificate authorities, DNSSEC, SSL, dane, trust ...
Bit-squatting: DNS Hijacking Without Exploitation Artem Dinaburg We are generally accustomed to assuming that computer hardware will work as described, barring deliberate ...
A Bridge Too Far: Defeating Wired 802.1x with a Transparent Bridge Using Linux Alva 'skip' Duckwall Using Linux and a device with 2 network cards, I will demonstrate how to configure ...
Virtualization under attack: Breaking out of KVM Nelson Elhage KVM, the Linux Kernel Virtual Machine, seems destined to become the dominant open-source virtualization solution ...
I Am Not a Doctor but I Play One on Your Network Tim Elrod , Stefan Morris How secure is your Protected Health Information? This talk will expose the world of Health ...
Mamma Don't Let Your Babies Grow Up to be Pen Testers - (a.k.a. Everything Your Guidance Counselor Forgot to Tell You About Pen Testing) Patrick Engebretson , Josh Pauli Always wanted to be a 1337 penetration tester capable of deciphering Kryptos while simultaneously developing ...
Steganography and Cryptography 101 Eskimo There are a lot of great ways to hide your data from prying eyes this ...
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Kevin Johnson , Tom Eston , Josh Abraham Over the years web services have become an integral part of web and mobile applications. ...
"Get Off of My Cloud": Cloud Credential Compromise and Exposure Ben Feinstein , Jeff Jarmoc An Amazon Machine Image (AMI) is a virtual appliance container used to create virtual machines ...
Handicapping the US Supreme Court: Can We Get Rich by Forceful Browsing? Foofus Using only script-kiddie skills, it may be possible to handicap the outcome of decisions of ...
Getting F***** On the River Gus Fritschie , Mike Wright Online poker is a multi-million dollar industry that is rapidly growing, but is not highly ...
Cellular Privacy: A Forensic Analysis of Android Network Traffic Eric Fulton People inherently trust their phones, but should they? "Cellular Privacy: A Forensic Analysis of Android ...
UPnP Mapping Daniel Garcia Universal Plug and Play(UPnP) is a technology developed by Microsoft in 1999, as a solution ...
Gone in 60 Minutes: Stealing Sensitive Data from Thousands of Systems Simultaneously with OpenDLP Andrew Gavin Got domain admin to a couple of thousand Windows systems? Got an hour to spare? ...
Strategic Cyber Security: An Evaluation of Nation-State Cyber Attack Mitigation Strategies Kenneth Geers This presentation argues that computer security has evolved from a technical discipline to a strategic ...
Bulletproofing The Cloud: Are We Any Closer To Security? Ramon Gomez Cloud security has come into focus in the last few years; while many ways to ...
Smile for the Grenade! "Camera Go Bang!" Joshua Marpet , Vlad Gostom Cameras are hugely important to urban and suburban battlefields. Reconnaissance is a must-have for commanders, ...
Represent! Defcon Groups, Hackerspaces, and You. Itzik Kotler , Anarchy Angel , Anch , Blakdayz , Ngharo , Jake "genericsuperhero" Black , Converge Fabricating, circumventing, forging, partying, milling, crafting, building breaking — Defcon Groups have risen, fallen, and ...
Smartfuzzing The Web: Carpe Vestra Foramina Nathan Hamiel , Gregory Fleischer , Justin Engler , Seth Law It can be scary to think about how little of the modern attack surface many ...
Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests Wendel Guglielmetti Henrique , Rob Havelt Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests brings the DEF ...
From Printer To Pwnd: Leveraging Multifunction Printers During Penetration Testing Deral Heiland In this presentation we go beyond the common printer issues and focus on harvesting data ...
Assessing Civilian Willingness to Participate in On-Line Political and Social Conflict Max Kilger , Thomas J. Holt Changes in the social dynamics and motivations of the hacking community are a potential catalyst ...
An Insider's Look at International Cyber Security Threats and Trends Rick Howard Verisign iDefense General Manager, Rick Howard, will provide an inside look into current cyber security ...
Anonymous Cyber War Hubris , A5h3r4h This talk will educate listeners on best practices for safety and privacy on the Internet.It ...
Economics of Password Cracking in the GPU Era Robert "hackajar" Imhoff-dousharm As this shift to "General Computing" and working in the cloud has accelerated in the ...
Jugaad – Linux Thread Injection Kit Aseem Windows malware conveniently use the CreateRemoteThread() api to delegate critical tasks inside of other processes. ...
The Art of Trolling Matt 'openfly' Joyce Trolling is something that today has a very negative connotation on the Internet and in ...
Black Ops of TCP/IP 2011 Dan Kaminsky Remember when networks represented interesting targets, when TCP/IP was itself a vector for messiness, when ...
Hacking Your Victims Over Power Lines Dave Kennedy When performing penetration tests on the internal network in conjunction with physical pentests your always ...
Tracking the Trackers: How Our Browsing History Is Leaking into the Cloud Brian Kennish What companies and organizations are collecting our web-browsing activity? How complete is their data? Do ...
Hacking and Securing DB2 LUW Databases Alexander Kornbrust DB2 for Linux, Unix and Windows is one of the databases where only little bit ...
Sounds Like Botnet Iftach Ian Amit , Itzik Kotler VoIP is one of the most widely-used technologies among businesses and, increasingly, in households. It ...
DCFluX in: License to Transmit Matt "DCFluX" Krick When cell phones, land lines and the internet break down in a disaster, Amateur radio ...
Balancing The Pwn Trade Deficit – APT Secrets in Asia Jeremy Chiu , Anthony ( darkfloyd ) Lai , Benson Wu , Pk In last year, we have given a talk over China-made malware in both Blackhat and ...
And That's How I Lost My Eye: Exploring Emergency Data Destruction Deviant Ollam , Shane Lawson , Bruce Potter Are you concerned that you have become a subject of unwarranted scrutiny? Convinced that the ...
I'm Your MAC(b)Daddy Grayson Lenik The field of Computer Forensics moves more and more in the direction of rapid response ...
Don't Fix It In Software Katy Levinson At Defcon 17 when a speaker didn't show a bottle of vodka was offered to ...
PIG: Finding Truffles Without Leaving A Trace Ryan Linn When we connect to a network we leak information. Whether obtaining an IP address, finding ...
Hacking and Forensicating an Oracle Database Server David Litchfield N/A
Johnny Long and Hackers for Charity Johnny Long Picking on charities is just plain rude. Thankfully, that's not what we're about. We're about ...
Pervasive Cloaking William Manning What Cloak? Recent policy proposals from the US Executive seem to call for government support ...
We're (The Government) Here To Help: A Look At How FIPS 140 Helps (And Hurts) Security Joey Maresca Many standards, especially those provided by the government, are often viewed as more trouble the ...
SSL And The Future Of Authenticity Moxie Marlinspike In the early 90's, at the dawn of the World Wide Web, some engineers at ...
Hacking .Net Applications: The Black Arts Jon Mccoy This presentation will cover the Black Arts of making Cracks, KeyGens, Malware, and more. The ...
Covert Post-Exploitation Forensics With Metasploit Wesley Mcgrew In digital forensics, most examinations take place after the hardware has been physically seized (in ...
Vulnerabilities of Wireless Water Meter Networks John Mcnabb Why research wireless water meters? Because they are a potential security hole in a critical ...
Battery Firmware Hacking Charlie Miller Ever wonder how your laptop battery knows when to stop charging when it is plugged ...
DEF CON Comedy Jam IV, A New Hope For The Fail Whale James Arlen , David Mortman , Rich Mogull , Chris Hoff , Rob Graham , Larry Pesce , Dave Maynor We're baaaaaack! The most talked about panel at DEF CON! Nearly two hours of non-stop ...
Blinkie Lights: Network Monitoring with Arduino Steve Ocepek Remember the good old days, when you'd stare at Rx and Tx on your shiny ...
Ask EFF: The Year in Digital Civil Liberties Marcia Hofmann , Peter Eckersley , Kevin Bankston , Kurt Opsahl , Hanni Fakhoury , Rebecca Reagan Get the latest information about how the law is racing to catch up with technological ...
Hacking Google Chrome OS Kyle 'kos' Osborn , Matt Johanson Google recently announced Chrome OS powered computers, called Chromebooks, at Google I/O and the company ...
VoIP Hopping the Hotel: Attacking the Crown Jewels through VoIP Jason Ostrom This presentation is about the security of VoIP deployed in hotel guest rooms. What it ...
Big Brother on the Big Screen: Fact/Fiction? Nicole Ozer Can the NSA really do that? Um, yes. Join me at the movies to take ...
Getting SSLizzard Nicholas J. Percoco , Paul Kehrer The world has seen a seismic shift from browser-based web applications to GUI-rich semi-thick client ...
Malware Freak Show 3: They're pwning er'body out there! Nicholas J. Percoco , Jibran Ilyas Well There's malware on the interwebs. They're pwning all your systems, snatching your data up. ...
This is REALLY not the droid you're looking for... Nicholas J. Percoco , Sean Schulte Last year, we presented a talk on the implication of malware and rootkits on mobile ...
Hacking MMORPGs for Fun and Mostly Profit Josh Phillips Online games, such as MMORPG's, are the most complex multi-user applications ever created. The security ...
Port Scanning Without Sending Packets Gregory Pickett With auto-configuration protocols now being added to operating systems and implemented by default in your ...
My password is: #FullOfFail! — The Core Problem with Authentication and How We Can Overcome It Jason M. Pittman Authentication is an integral part of our modern, digital lifestyle. It is a universal means ...
Sneaky PDF Mahmud ab Rahman Being a most prevalent document exchange format on the Internet, Portable Document Format (PDF) is ...
Why Airport Security Can't Be Done FAST Semon Rezchikov , Morgan Wang , Joshua Engelman Eight years after 9/11 TSA finally decided to fix their security system. But what has ...
"Whoever Fights Monsters..." Aaron Barr, Anonymous, and Ourselves Joshua Corman , Paul Roberts , Jericho , Aaron Barr "Whoever fights monsters should see to it that in the process he does not become ...
What Time Are You Anyway? Michael Robinson Computer forensic examiners rely heavily on timestamps during investigations. Timeline analysis is a critical technique ...
Owned Over Amateur Radio: Remote Kernel Exploitation in 2011 Dan Rosenberg Originally considered to be the stuff of myth, remote kernel exploits allow attackers to bypass ...
Build your own Synthetic Aperture Radar Michael Scarito Radar is used extensively by the military, police, weather, air travel, and maritime industries - ...
Net Neutrality Panel Michael "theprez98" Schearer , Abigail Phillips , Deborah Salons , Todd Kimball Over the last five years, network neutrality has moved from an abstract buzzword to FCC-enacted ...
WTF Happened to the Constitution?! The Right to Privacy in the Digital Age Michael "theprez98" Schearer There is no explicit right to privacy in the Constitution, but some aspects of privacy ...
Archive Team: A Distributed Preservation of Service Attack Jason Scott For the last few years, historian and archivist Jason Scott has been involved with a ...
Attacking and Defending the Smart Grid Justin Searle The Smart Grid brings greater benefits for utilities and customer alike, however these benefits come ...
Mobile App Moolah: Profit taking with Mobile Malware Jimmy Shah Smartphones are a hot new market for software developers. Millions of potential customers, and a ...
Are You In Yet? The CISO's View of Pentesting Shrdlu When a CISO pays good money for a thorough pentesting, she wants results. Not necessarily ...
Hacking the Global Economy with GPUs or How I Learned to Stop Worrying and Love Bitcoin Skunkworks In the post 9/11 era when it's nearly impossible to buy a pack of gum ...
How Haunters Void Warranties Reeves Smith Halloween makers or how haunters void warranties, social engineer and find the joy of creativity. ...
SCADA & PLCs in Correctional Facilities: The Nightmare Before Christmas Tiffany Rad , Teague Newman , John J. Strauchs On Christmas Eve, a call was made from a prison warden: all of the cells ...
Steal Everything, Kill Everyone, Cause Total Financial Ruin! (Or How I Walked In And Misbehaved) Jayson E. Street This is not a presentation where I talk about how I would get in or ...
Weaponizing Cyberpsychology and Subverting Cybervetting for Fun, Profit and Subterfuge Chris "thesuggmeister" Sumner , Alien , Alison B Almost everything we do in life leaves a personality footprint and what we do on ...
How To Get Your Message Out When Your Government Turns Off The Internet Bruce Sutherland How would you communicate with the world if your government turned off the Internet? Sound ...
Web Application Analysis With Owasp Hatkit Patrik Karlsson , Martin Holst The presentation will take a deep dive into two newly released Owasp tools; the Owasp ...
Wireless Aerial Surveillance Platform Mike Tassey , Rich Perkins Tired of theory? This session has everything you want, big yellow aircraft flown by computers, ...
Staring into the Abyss: The Dark Side of Crime-fighting, Security, and Professional Intelligence Richard Thieme Nothing is harder to see than things we believe so deeply we don't even see ...
Insecurity: An Analysis Of Current Commercial And Government Security Lock Designs Marc Weber Tobias , Tobias Bluzmanis , Matt Fiddler Lock manufacturers continue to produce insecure designs in both mechanical and electro-mechanical locks. While these ...
DIY Non-Destructive Entry Schuyler Towne Ever leave the house without your picks only to find yourself in a situation where ...
The Future of Cybertravel: Legal Implications of the Evasion of Geolocation Marketa Trimble This presentation discusses the current legal status of evasion of geolocation and the potential liability ...
Runtime Process Insemination Shawn "lattera" Webb Injecting arbitrary code during runtime in linux is a painful process. This presentation discusses current ...
Network Nightmare: Ruling The Nightlife Between Shutdown And Boot With Pxesploit Matt The best techniques for exploitation, maintaining access, and owning in general move down the stack, ...
Seven Ways to Hang Yourself with Google Android Erika Chin , Yekaterina Tsipenyuk O'neil According to Google, Android was designed to give mobile developers "an excellent software platform for ...
Key Impressioning Jos Weyers We've all seen lockpicking explained on several security venues. You might even have tried it ...
Staying Connected during a Revolution or Disaster Thomas Wilhelm During the recent revolutions in Africa and the Middle East, governments have shut down both ...
Traps of Gold Michael Brooks , Andrew Wilson The only thing worse than no security is a false sense of security. And though ...
Network Application Firewalls: Exploits and Defense Brad Woodberg In the last few years, a so called whole new generation of firewalls have been ...
Phishing and Online Scam in China Joey Zhu Today, Ebay, Paypal and WOW are all popular targets of global phishing. However, phishing in ...
Vanquishing Voyeurs: Secure Ways To Authenticate Insecurely Zoz Cannytrophic , Andrea Bianchi Observation is one of the principal means of compromise of authentication methods relying on secret ...