defcon 2014 Aug. 7, 2014 to Aug. 10, 2014, las vegas,usa
Tell us about missing data
Tell us about missing data
Title | Speakers | Summary | Topic Types |
---|---|---|---|
DEF CON 101 - The Talk | Pyr0 , Lockheed , Highwiz , Roamer , Lost | DEF CON 101 is the Alpha to the closing ceremonies' Omega. It's the place to ... | |
Protecting SCADA From the Ground Up | Aaron Bayles | Industrial Control Systems (ICS) and SCADA are everywhere, whether you know it or not. Not ... | |
DEF CON the Mystery, Myth and Legend | Panel | It's hard to throw a stone these days without hitting a security/hacking conference. But, when ... | |
AWS for Hackers | Seth Van Ommen | What tool does every hacker need in their toolset? The entire goddamn giant that is ... | |
Detecting Bluetooth Surveillance Systems | Grant Bugher | Departments of Transportation around the United States have deployed "little white boxes" -- Bluetooth detectors ... | |
Dropping Docs on Darknets: How People Got Caught | Adrian Crenshaw | Most of you have probably used Tor before, but I2P may be unfamiliar. Both are ... | |
Hacking 911: Adventures in Disruption, Destruction, and Death | Christian “quaddi” Dameff , Jeff “r3plicant” Tully , Peter Hefley | Ever wonder what you would do if the people you needed most on the worst ... | |
How to Disclose an Exploit Without Getting in Trouble | Tod Beardsley , Jim Denaro | You have identified a vulnerability and may have developed an exploit. What should you do ... | |
Reverse Engineering Mac Malware | Sarah Edwards | Dynamic malware reverse engineering helps forensic analysts and reverse engineers gather quick data points such ... | |
NSA Playset: PCIe | Joe Fitzpatrick , Miles Crabill | Hardware hacks tend to focus on low-speed (jtag, uart) and external (network, usb) interfaces, and ... | |
Oh Bother, Cruising The Internet With Your Honeys, Creating Honeynets For Tracking Criminal Organizations | Terrence “tuna” Gareau , Mike Thompson | Bandwidth, computing power, and software advancements have empowered hackers to quickly scan for and exploit ... | |
The Monkey in the Middle: A pentesters guide to playing in traffic. | Anch | Prank your friends, collect session information and passwords, edit traffic as it goes by.. become ... | |
Investigating PowerShell Attacks | Matt Hastings , Ryan Kazanciyan | Over the past two years, we've seen targeted attackers increasingly utilize PowerShell to conduct command-and-control ... | |
Is This Your Pipe? Hijacking the Build Pipeline. | Kyle Kelley , Greg Anderson | As developers of the web, we rely on tools to automate building code, run tests, ... | |
Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter! | Jake Kouns , Carsten Eiram | Everywhere you turn it seems that companies are having serious problems with security, and they ... | |
Home Alone with localhost: Automating Home Defense | Chris Littlebury | Home automation is everywhere, and so are their exploits. This presentation will go over a ... | |
Meddle: Framework for Piggy-back Fuzzing and Tool Development | Geoff | Towards simplifying the vulnerability fuzzing process, this presentation introduces a moddable framework called Meddle that ... | |
Instrumenting Point-of-Sale Malware: A Case Study in Communicating Malware Analysis More Effectively | Wesley Mcgrew | The purpose of this talk is to promote the adoption of better practices in the ... | |
One Man Shop: Building an effective security program all by yourself | Medic | At past DEF CON events, including DEF CON 101, most of the attendees we’ve encountered ... | |
RF Penetration Testing, Your Air Stinks | John "DaKahuna" Fulmer , Rick Mellendick | The purpose of this talk is to discuss the effective radio frequency (RF) tools, tactics, ... | |
Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin | Grifter , Metacortex | This is an introduction level talk. The talk itself will cover the basics of Tor, ... | |
USB for all! | Mickey Shkatov , Jesse Michael | USB is used in almost every computing device produced in recent years. In addition to ... | |
ShareEnum: We Wrapped Samba So You Don’t Have To | Michael Mcatee , Lucas Morris | CIFS shares can tell you a lot about a network, including file access, local administrator ... | IncludeThinkstScapes |
An Introduction to Back Dooring Operating Systems for Fun and Trolling | Nemus | So you want to setup a back door? Have you ever wondered how its done ... | |
Panel - Diversity in Information Security | Vyrus , Jennifer , Sandy “mouse” Clark , Kristin Paget , Jolly , Scott Martin | Discussion from the point of view of a diverse panel of leading representatives currently in ... | |
Android Hacker Protection Level 0 | Tim Strazzere , Jon Sawyer | Obfuscator here, packer there - the Android ecosystem is becoming a bit cramped with different ... | |
Standing Up an Effective Penetration Testing Team | Wiseacre | Many talks give you information on how to be a better penetration tester. The majority ... | |
Data Protection 101 - Successes, Fails, and Fixes | Peter Teoh | Don't be a Target! How do you protect your organization's data assets? If you're dealing ... | |
Anatomy of a Pentest; Poppin' Boxes like a Pro | Pushpin | Are you excited about hacking and want to be a pentester in the next few ... | |
Blinding The Surveillance State | Christopher Soghoian | We live in a surveillance state. Law enforcement and intelligence agencies have access to a ... | |
Bug Bounty Programs Evolution | Nir Valtman | Bug bounty programs have been hyped in the past 3 years, but this concept was ... | |
Practical Foxhunting 101 | Adam Wirth | The basic skills needed to quickly locate wireless emitters are easy to learn and no ... | |
Client-Side HTTP Cookie Security: Attack and Defense | David Wyde | HTTP cookies are an important part of trust on the web. Users often trade their ... | |
The Making of DEFCOIN | Seth Van Ommen , Jeff Thomas , Mike Guthrie | If the Juggalos can do it why can't we? We will discuss what it took ... | |
Paging SDR... Why should the NSA have all the fun? | Jeff Thomas , Jason Malley | Remember pagers? Those things the dealers used in the first season of The Wire? Did ... | |
Bypass firewalls, application white lists, secure remote desktops under 20 seconds | Zoltan Balazs | In theory, post-exploitation after having remote access is easy. Also in theory, there is no ... | |
PropLANE: Kind of keeping the NSA from watching you pee | Russ Rogers , Ryan Clarke , Rob Bathurst , Mark Carey | No one likes to be watched, especially on the Internet. Your Internet…habits are only for ... | |
Getting Windows to Play with Itself: A Hacker's Guide to Windows API Abuse | Brady Bloxham | Windows APIs are often a blackbox with poor documentation, taking input and spewing output with ... | |
Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog | Gene Bransfield | WarKitteh: In my job I have to deliver frequent Information Security briefings to both technical ... | |
Through the Looking-Glass, and What Eve Found There | Luca "kaeso" Bruno , Mariano "emdel" Graziano | Traditionally, network operators have provided some kind of public read-only access to their current view ... | |
Summary of Attacks Against BIOS and Secure Boot | Yuriy Bulygin , Andrew Furtak , Oleksandr Bazhaniuk , John Loucaides | A variety of attacks targeting platform firmware have been discussed publicly, drawing attention to the ... | |
I am a legend: Hacking Hearthstone with machine learning | Elie Bursztein , Celine Bursztein | Want to become a legend at Hearthstone -- Blizzard's new blockbuster collecting card game -- ... | |
The Secret Life of Krbtgt | Christopher Campbell | A tale of peril and woe, Krbtgt is the domain account that you just can't ... | |
The $env:PATH less Traveled is Full of Easy Privilege Escalation Vulns | Christopher Campbell | 15 years after APT was released for Linux, Microsoft is finally going to ship Windows ... | |
Hacking US (and UK, Australia, France, etc.) traffic control systems | Cesar Cerrudo | Probably many of us have seen that scene from "Live Free or Die Hard" (Die ... | |
The Cavalry Year[0] & a Path Forward for Public Safety | Joshua Corman , Nicholas J Percoco | At DEF CON 21, The Cavalry was born. In the face of clear & present ... | |
NSA Playset: DIY WAGONBED Hardware Implant over I2C | Teddy Reed , Josh Datko | In this talk we present an open source hardware version of the NSA's hardware trojan ... | |
Abuse of Blind Automation in Security Tools | Eric Davisson , Ruben Alejandro | It is impossibly overwhelming for security personnel to manually analyze all of the data that ... | |
Elevator Hacking - From the Pit to the Penthouse | Deviant Ollam , Howard Payne | Throughout the history of hacker culture, elevators have played a key role. From the mystique ... | |
Why Don’t You Just Tell Me Where The ROP Isn’t Suppose To Go | David Dorsey | Using a ROP chain to bypass operating system defenses is commonplace and detecting this technique ... | |
Steganography in Commonly Used HF Radio Protocols | Paul Drapeau , Brent Dukes | Imagine having the capability to covertly send messages to an individual or a larger audience, ... | |
Saving Cyberspace by Reinventing File Sharing | Eijah | Internet access is a basic human right, due to its unparalleled capacity to deliver content ... | |
Empowering Hackers to Create a Positive Impact | Keren Elazari | In March 2014 I spoke at the annual TED conference about why hackers are a ... | |
Just What The Doctor Ordered? | Shawn Merdinger , Scott Erven | You have already heard the stories of security researchers delivering lethal doses of insulin to ... | |
Logging ALL THE THINGS Without All The Cost With Open Source Big Data Tools </buzzwords> | Zack Fasel | Many struggle in their job with the decision of what events to log in battle ... | |
Check Your Fingerprints: Cloning the Strong Set | Richard Klafter , Eric Swanson | The web of trust has grown steadily over the last 20 years and yet the ... | |
Shellcodes for ARM: Your Pills Don't Work on Me, x86 | Svetlana Gaivoronski , Ivan Petrov | Despite that it is almost 2014, the problem of shellcode detection, discovered in 1999, is ... | |
Blowing up the Celly - Building Your Own SMS/MMS Fuzzer | Brian Gorenc , Matt Molinyawe | Every time you hand out your phone number you are giving adversaries access to an ... | |
Mass Scanning the Internet: Tips, Tricks, Results | Robert Graham , Dan Tentler , Paul Mcmillan | Scanning the net -- the entire net -- is now a thing. This talk will ... | |
Deconstructing the Circuit Board Sandwich: Effective Techniques for PCB Reverse Engineering | Joe ( Kingpin ) Grand | Printed Circuit Boards (PCBs), used within nearly every electronic product in the world, are physical ... | |
Saving the Internet (for the Future) | Jason Healey | Saving the Internet (for the Future): Last year, the Dark Tangent wrote in the DC ... | |
Burner Phone DDOS 2 dollars a day : 70 Calls a Minute | Weston Hecker | Phone DDOS research. Current proof of concept is dealing with Samsung SCH-U365 QUALCOMM prepaid Verizon ... | |
Hack All The Things: 20 Devices in 45 Minutes | Amir ( zenofex ) Etemadieh , Cj Heres , Mike Baker , Hans Nielsen | When we heard “Hack All The Things,” we took it as a challenge. So at ... | |
What the Watchers See: Eavesdropping on Municipal Mesh Cameras for Giggles (or Pure Evil) | Dustin Hoffman , Thomas Kinsey | Municipalities across the nation are deploying IP-based 802.11 wireless mesh networks for city-wide services, including ... | |
Stolen Data Markets: An Economic and Organizational Assessment | Tom Holt , Olga Smirnova , Yi-ting Chua | Since the TJX corporation revealed a massive data breach in 2007, incidents of mass data ... | |
Raspberry MoCA - A recipe for compromise | Andrew Hunt | Media over Coax Alliance (MoCA) is a protocol specification to enable assured high-bandwidth connections for ... | |
Girl… Fault-Interrupted. | Maggie Jauregui | GFCI's (Ground Fault Circuit Interrupts) are a practically unnoticeable part of our daily lives, except ... | |
Extreme Privilege Escalation On Windows 8/UEFI Systems | Xeno Kovah , Corey Kallenberg | It has come to light that state actors install implants in the BIOS. Let no ... | |
Secure Random By Default | Dan Kaminsky | As a general rule in security, we have learned that the best way to achieve ... | |
Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring. | Ryan Lackey , The Grugq , Marc Rogers | Sometimes, hiding the existence of a communication is as important as hiding the contents of ... | |
Panel: Ephemeral Communications: Why and How? | Ryan Lackey , Jon Callas , Elissa Shevinsky | Possibly more to come..... Ephemeral communications applications are increasingly popular ways, especially among younger users, ... | |
NinjaTV - Increasing Your Smart TV’s IQ Without Bricking It | Felix Leder | Smart TVs are growing in popularity. Set-top boxes like Apple TV, Roku, or WD TV ... | |
Dark Mail | Stephen Watt , Ladar Levison | Data privacy and anonymity have long been cornerstone interests of the computer security world, but ... | |
Oracle Data Redaction is Broken | David Litchfield | The Oracle data redaction service is a new feature introduced with Oracle 12c. It allows ... | |
Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What's Running on Your System | Shane "k2" Macaulay | Windows7 & Server 2008R2 and earlier kernels contain significant executable regions available for abuse. These ... | |
Catching Malware En Masse: DNS and IP Style | Thibault Reuille , Dhia Mahjoub , Andree Toonk | The Internet is constantly growing, providing a myriad of new services both legitimate and malicious. ... | |
Old Skewl Hacking: Porn Free! | Major Malfunction | Having cut his teeth (and scarred his mind) on hotel Infra-Red controlled TV systems, spent ... | |
RFIDler: SDR.RFID.FTW | Zac Franken , Major Malfunction | Software Defined Radio has been quietly revolutionising the world of RF. However, the same revolution ... | |
Attacking the Internet of Things using Time | Paul Mcmillan | Internet of Things devices are often slow and resource constrained. This makes them the perfect ... | |
Open Source Fairy Dust | John Menerick | Over the past 30 years, the Internet and open source software have worked in tandem. ... | |
A Survey of Remote Automotive Attack Surfaces | Chris Valasek , Charlie Miller | Automotive security concerns have gone from the fringe to the mainstream with security researchers showing ... | |
Learn how to control every room at a luxury hotel remotely: the dangers of insecure home automation deployment | Jesus Molina | Have you ever had the urge to create mayhem at a hotel? Force every hotel ... | |
Generating ROP payloads from numbers | Alexandre Moneger | Is it possible to generate a ROP payload whilst using as few gadgets from the ... | |
DEF CON Comedy Jam Part VII, Is This The One With The Whales? | James Arlen , David Mortman , Rich Mogull , Chris Hoff , Rob Graham , Dave Maynor , Alex Rothman , Larry “@haxorthematrix” Pesce | Weeeeeeeeee're baaaaaack. Bring out your FAIL. It's the most talked about panel at DEF CON! ... | |
Panel: Ask the EFF: The Year in Digital Civil Liberties | Kurt Opsahl , Eva Galperin , Yan Zhu , Mark Jaycox , Nate Cardozo | N/A | |
The NSA Playset: RF Retroreflectors | Michael Ossmann | Of all the technologies revealed in the NSA ANT catalog, perhaps the most exotic is ... | |
VoIP Wars: Attack of the Cisco Phones | Fatih Ozavci | Many hosted VoIP service providers are using Cisco hosted collaboration suite and Cisco VoIP solutions. ... | |
Panel — Surveillance on the Silver Screen- Fact or Fiction? | Kevin Bankston , Nicole Ozer , Timothy Edgar | Join ACLU and others for a fun-filled surveillance tour of the movies - from Brazil ... | |
Playing with Car Firmware or How to Brick your Car | Paul Such , Florian Gaultier | A lot of papers have already been done/produced on hacking cars through ODB2/CanBus. Looking at ... | |
Measuring the IQ of your Threat Intelligence feeds | Kyle Maxwell , Alex Pinto | Threat Intelligence feeds are now being touted as the saving grace for SIEM and log ... | |
Secure Because Math: A Deep Dive On Machine Learning-Based Monitoring | Alex Pinto | We could all have predicted this with our magical Big Data analytics platforms, but it ... | |
Abusing Software Defined Networks | Gregory Pickett | Software Defined Networking (SDN) transfers all forwarding decisions to a single controller and provides the ... | |
NSA Playset : GSM Sniffing | Pierce , Loki | A5/1, as implemented in GSM, was broken wide open in 2003, yet GSM is still ... | IncludeThinkstScapes |
Cyberhijacking Airplanes: Truth or Fiction? | Phil Polstra , Captain Polly | There have been several people making bold claims about the ability to remotely hack into ... | |
Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance | Phil Polstra | Is someone spying on you? This talk will present several low-tech ways that you can ... | |
Detecting and Defending Against a Surveillance State | Robert Rowley | This talk is based on semi-recent reported leaks that detail how state-actors could be engaging ... | |
Acquire current user hashes without admin privileges | Anton Sapozhnikov | If an attacker has only user level access to an infected machine inside corporate internal ... | |
You're Leaking Trade Secrets | Michael Schrenk | Networks don't need to be hacked for information to be compromised. This is particularly true ... | |
Veil-Pillage: Post-exploitation 2.0 | Will Schroeder | The Veil-Framework is a project that aims to bridge the gap between pentesting and red ... | |
From Raxacoricofallapatorius With Love: Case Studies In Insider Threat | Tess Schrodinger | Espionage, honey pots, encryption, and lies. Clandestine meetings in hotels. The naïve girl seduced by ... | |
Don't DDoS Me Bro: Practical DDoS Defense | Blake Self , Shawn Burrell | Layer 7 DDoS attacks have been on the rise since at least 2010, especially attacks ... | |
Hacking the FBI: How & Why to Liberate Government Records | Ryan Noah Shapiro | After narrowly avoiding a lengthy activism-related prison sentence, I began PhD work at MIT in ... | |
Advanced Red Teaming: All Your Badges Are Belong To Us | Josh Perrymon , Eric Smith | By definition ”Red Teaming” or Red Team testing originated from the military whereby describing a ... | |
The Internet of Fails: Where IoT Has Gone Wrong and How We're Making It Right | Zach Lanier , Mark Stanislav | This presentation will dive into research, outcomes, and recommendations regarding information security for the "Internet ... | |
"Around the world in 80 cons” - A Perspective | Jayson E. | After spending 15 years in the hacker / InfoSec community, I thought it was time ... | |
I Hunt TR-069 Admins: Pwning ISPs Like a Boss | Shahar Tal | Residential gateway (/SOHO router) exploitation is a rising trend in the security landscape - ever ... | |
The Only Way to Tell the Truth is in Fiction: The Dynamics of Life in the National Security State | Richard Thieme | Over a decade ago, a friend at the National Security Agency told Richard Thieme that ... | |
A Journey to Protect Points-of-sale | Nir Valtman | Many point-of-sale breaches occurred in the past year and many organizations are still vulnerable against ... | |
Impostor — Polluting Tor Metadata | Charlie Vedaa , Mike Larsen | Just using Tor can bring the cops to your door. While the security community was ... | |
Domain Name Problems and Solutions | Paul A. Vixie | Spammers can't use dotted quads or any other literal IP address, since SpamAssassin won't let ... | |
Optical Surgery; Implanting a DropCam | Patrick Wardle , Colby Moore | Video Monitoring solutions such as DropCam aim to provide remote monitoring, protection and security. But ... | |
Manna from Heaven: Improving the state of wireless rogue AP attacks | Ian De Villiers , Dominic White | The current state of theoretical attacks against wireless networks should allow this wireless world to ... | |
The Open Crypto Audit Project | Matthew Green , Kenneth White | Join us for the story of the origins and history of the Open Crypto Audit ... | |
Practical Aerial Hacking & Surveillance | Glenn Wilkinson | The coupling of unmanned aerial vehicles (UAVs) with hacking & surveillance devices presents a novel ... | |
From root to SPECIAL: Pwning IBM Mainframes | Philip Young | 1.1 million transactions are run through mainframes every second worldwide. From your flight to your ... | |
PoS Attacking the Traveling Salesman | Tsagkarakis Nikolaos , Alex Zacharis | Our work presents a re-vamped Point-of-Sales (POS) attack targeting the transportation sector and focusing mainly ... | |
How To Get Phone Companies To Just Say No To Wiretapping | Phil Zimmermann | Phil is going to talk about his latest projects, which are helping several mobile carriers ... |