defcon 2014 Aug. 7, 2014 to Aug. 10, 2014, las vegas,usa
Tell us about missing data
Tell us about missing data
| Title | Speakers | Summary | Topic Types |
|---|---|---|---|
| DEF CON 101 - The Talk | Pyr0 , Lockheed , Highwiz , Roamer , Lost | DEF CON 101 is the Alpha to the closing ceremonies' Omega. It's the place to ... | |
| Protecting SCADA From the Ground Up | Aaron Bayles | Industrial Control Systems (ICS) and SCADA are everywhere, whether you know it or not. Not ... | |
| DEF CON the Mystery, Myth and Legend | Panel | It's hard to throw a stone these days without hitting a security/hacking conference. But, when ... | |
| AWS for Hackers | Seth Van Ommen | What tool does every hacker need in their toolset? The entire goddamn giant that is ... | |
| Detecting Bluetooth Surveillance Systems | Grant Bugher | Departments of Transportation around the United States have deployed "little white boxes" -- Bluetooth detectors ... | |
| Dropping Docs on Darknets: How People Got Caught | Adrian Crenshaw | Most of you have probably used Tor before, but I2P may be unfamiliar. Both are ... | |
| Hacking 911: Adventures in Disruption, Destruction, and Death | Christian “quaddi” Dameff , Jeff “r3plicant” Tully , Peter Hefley | Ever wonder what you would do if the people you needed most on the worst ... | |
| How to Disclose an Exploit Without Getting in Trouble | Tod Beardsley , Jim Denaro | You have identified a vulnerability and may have developed an exploit. What should you do ... | |
| Reverse Engineering Mac Malware | Sarah Edwards | Dynamic malware reverse engineering helps forensic analysts and reverse engineers gather quick data points such ... | |
| NSA Playset: PCIe | Joe Fitzpatrick , Miles Crabill | Hardware hacks tend to focus on low-speed (jtag, uart) and external (network, usb) interfaces, and ... | |
| Oh Bother, Cruising The Internet With Your Honeys, Creating Honeynets For Tracking Criminal Organizations | Terrence “tuna” Gareau , Mike Thompson | Bandwidth, computing power, and software advancements have empowered hackers to quickly scan for and exploit ... | |
| The Monkey in the Middle: A pentesters guide to playing in traffic. | Anch | Prank your friends, collect session information and passwords, edit traffic as it goes by.. become ... | |
| Investigating PowerShell Attacks | Ryan Kazanciyan , Matt Hastings | Over the past two years, we've seen targeted attackers increasingly utilize PowerShell to conduct command-and-control ... | |
| Is This Your Pipe? Hijacking the Build Pipeline. | Kyle Kelley , Greg Anderson | As developers of the web, we rely on tools to automate building code, run tests, ... | |
| Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter! | Jake Kouns , Carsten Eiram | Everywhere you turn it seems that companies are having serious problems with security, and they ... | |
| Home Alone with localhost: Automating Home Defense | Chris Littlebury | Home automation is everywhere, and so are their exploits. This presentation will go over a ... | |
| Meddle: Framework for Piggy-back Fuzzing and Tool Development | Geoff | Towards simplifying the vulnerability fuzzing process, this presentation introduces a moddable framework called Meddle that ... | |
| Instrumenting Point-of-Sale Malware: A Case Study in Communicating Malware Analysis More Effectively | Wesley Mcgrew | The purpose of this talk is to promote the adoption of better practices in the ... | |
| One Man Shop: Building an effective security program all by yourself | Medic | At past DEF CON events, including DEF CON 101, most of the attendees we’ve encountered ... | |
| RF Penetration Testing, Your Air Stinks | John "DaKahuna" Fulmer , Rick Mellendick | The purpose of this talk is to discuss the effective radio frequency (RF) tools, tactics, ... | |
| Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin | Grifter , Metacortex | This is an introduction level talk. The talk itself will cover the basics of Tor, ... | |
| USB for all! | Mickey Shkatov , Jesse Michael | USB is used in almost every computing device produced in recent years. In addition to ... | |
| ShareEnum: We Wrapped Samba So You Don’t Have To | Lucas Morris , Michael Mcatee | CIFS shares can tell you a lot about a network, including file access, local administrator ... | IncludeThinkstScapes |
| An Introduction to Back Dooring Operating Systems for Fun and Trolling | Nemus | So you want to setup a back door? Have you ever wondered how its done ... | |
| Panel - Diversity in Information Security | Vyrus , Jennifer , Sandy “mouse” Clark , Kristin Paget , Jolly , Scott Martin | Discussion from the point of view of a diverse panel of leading representatives currently in ... | |
| Android Hacker Protection Level 0 | Tim Strazzere , Jon Sawyer | Obfuscator here, packer there - the Android ecosystem is becoming a bit cramped with different ... | |
| Standing Up an Effective Penetration Testing Team | Wiseacre | Many talks give you information on how to be a better penetration tester. The majority ... | |
| Data Protection 101 - Successes, Fails, and Fixes | Peter Teoh | Don't be a Target! How do you protect your organization's data assets? If you're dealing ... | |
| Anatomy of a Pentest; Poppin' Boxes like a Pro | Pushpin | Are you excited about hacking and want to be a pentester in the next few ... | |
| Blinding The Surveillance State | Christopher Soghoian | We live in a surveillance state. Law enforcement and intelligence agencies have access to a ... | |
| Bug Bounty Programs Evolution | Nir Valtman | Bug bounty programs have been hyped in the past 3 years, but this concept was ... | |
| Practical Foxhunting 101 | Adam Wirth | The basic skills needed to quickly locate wireless emitters are easy to learn and no ... | |
| Client-Side HTTP Cookie Security: Attack and Defense | David Wyde | HTTP cookies are an important part of trust on the web. Users often trade their ... | |
| The Making of DEFCOIN | Seth Van Ommen , Jeff Thomas , Mike Guthrie | If the Juggalos can do it why can't we? We will discuss what it took ... | |
| Paging SDR... Why should the NSA have all the fun? | Jeff Thomas , Jason Malley | Remember pagers? Those things the dealers used in the first season of The Wire? Did ... | |
| Bypass firewalls, application white lists, secure remote desktops under 20 seconds | Zoltan Balazs | In theory, post-exploitation after having remote access is easy. Also in theory, there is no ... | |
| PropLANE: Kind of keeping the NSA from watching you pee | Russ Rogers , Ryan Clarke , Rob Bathurst , Mark Carey | No one likes to be watched, especially on the Internet. Your Internet…habits are only for ... | |
| Getting Windows to Play with Itself: A Hacker's Guide to Windows API Abuse | Brady Bloxham | Windows APIs are often a blackbox with poor documentation, taking input and spewing output with ... | |
| Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog | Gene Bransfield | WarKitteh: In my job I have to deliver frequent Information Security briefings to both technical ... | |
| Through the Looking-Glass, and What Eve Found There | Luca "kaeso" Bruno , Mariano "emdel" Graziano | Traditionally, network operators have provided some kind of public read-only access to their current view ... | |
| Summary of Attacks Against BIOS and Secure Boot | Yuriy Bulygin , Andrew Furtak , Oleksandr Bazhaniuk , John Loucaides | A variety of attacks targeting platform firmware have been discussed publicly, drawing attention to the ... | |
| I am a legend: Hacking Hearthstone with machine learning | Elie Bursztein , Celine Bursztein | Want to become a legend at Hearthstone -- Blizzard's new blockbuster collecting card game -- ... | |
| The Secret Life of Krbtgt | Christopher Campbell | A tale of peril and woe, Krbtgt is the domain account that you just can't ... | |
| The $env:PATH less Traveled is Full of Easy Privilege Escalation Vulns | Christopher Campbell | 15 years after APT was released for Linux, Microsoft is finally going to ship Windows ... | |
| Hacking US (and UK, Australia, France, etc.) traffic control systems | Cesar Cerrudo | Probably many of us have seen that scene from "Live Free or Die Hard" (Die ... | |
| The Cavalry Year[0] & a Path Forward for Public Safety | Joshua Corman , Nicholas J Percoco | At DEF CON 21, The Cavalry was born. In the face of clear & present ... | |
| NSA Playset: DIY WAGONBED Hardware Implant over I2C | Teddy Reed , Josh Datko | In this talk we present an open source hardware version of the NSA's hardware trojan ... | |
| Abuse of Blind Automation in Security Tools | Eric Davisson , Ruben Alejandro | It is impossibly overwhelming for security personnel to manually analyze all of the data that ... | |
| Elevator Hacking - From the Pit to the Penthouse | Deviant Ollam , Howard Payne | Throughout the history of hacker culture, elevators have played a key role. From the mystique ... | |
| Why Don’t You Just Tell Me Where The ROP Isn’t Suppose To Go | David Dorsey | Using a ROP chain to bypass operating system defenses is commonplace and detecting this technique ... | |
| Steganography in Commonly Used HF Radio Protocols | Paul Drapeau , Brent Dukes | Imagine having the capability to covertly send messages to an individual or a larger audience, ... | |
| Saving Cyberspace by Reinventing File Sharing | Eijah | Internet access is a basic human right, due to its unparalleled capacity to deliver content ... | |
| Empowering Hackers to Create a Positive Impact | Keren Elazari | In March 2014 I spoke at the annual TED conference about why hackers are a ... | |
| Just What The Doctor Ordered? | Shawn Merdinger , Scott Erven | You have already heard the stories of security researchers delivering lethal doses of insulin to ... | |
| Logging ALL THE THINGS Without All The Cost With Open Source Big Data Tools </buzzwords> | Zack Fasel | Many struggle in their job with the decision of what events to log in battle ... | |
| Check Your Fingerprints: Cloning the Strong Set | Richard Klafter , Eric Swanson | The web of trust has grown steadily over the last 20 years and yet the ... | |
| Shellcodes for ARM: Your Pills Don't Work on Me, x86 | Svetlana Gaivoronski , Ivan Petrov | Despite that it is almost 2014, the problem of shellcode detection, discovered in 1999, is ... | |
| Blowing up the Celly - Building Your Own SMS/MMS Fuzzer | Brian Gorenc , Matt Molinyawe | Every time you hand out your phone number you are giving adversaries access to an ... | |
| Mass Scanning the Internet: Tips, Tricks, Results | Robert Graham , Dan Tentler , Paul Mcmillan | Scanning the net -- the entire net -- is now a thing. This talk will ... | |
| Deconstructing the Circuit Board Sandwich: Effective Techniques for PCB Reverse Engineering | Joe ( Kingpin ) Grand | Printed Circuit Boards (PCBs), used within nearly every electronic product in the world, are physical ... | |
| Saving the Internet (for the Future) | Jason Healey | Saving the Internet (for the Future): Last year, the Dark Tangent wrote in the DC ... | |
| Burner Phone DDOS 2 dollars a day : 70 Calls a Minute | Weston Hecker | Phone DDOS research. Current proof of concept is dealing with Samsung SCH-U365 QUALCOMM prepaid Verizon ... | |
| Hack All The Things: 20 Devices in 45 Minutes | Amir ( zenofex ) Etemadieh , Cj Heres , Mike Baker , Hans Nielsen | When we heard “Hack All The Things,” we took it as a challenge. So at ... | |
| What the Watchers See: Eavesdropping on Municipal Mesh Cameras for Giggles (or Pure Evil) | Thomas Kinsey , Dustin Hoffman | Municipalities across the nation are deploying IP-based 802.11 wireless mesh networks for city-wide services, including ... | |
| Stolen Data Markets: An Economic and Organizational Assessment | Tom Holt , Olga Smirnova , Yi-ting Chua | Since the TJX corporation revealed a massive data breach in 2007, incidents of mass data ... | |
| Raspberry MoCA - A recipe for compromise | Andrew Hunt | Media over Coax Alliance (MoCA) is a protocol specification to enable assured high-bandwidth connections for ... | |
| Girl… Fault-Interrupted. | Maggie Jauregui | GFCI's (Ground Fault Circuit Interrupts) are a practically unnoticeable part of our daily lives, except ... | |
| Extreme Privilege Escalation On Windows 8/UEFI Systems | Xeno Kovah , Corey Kallenberg | It has come to light that state actors install implants in the BIOS. Let no ... | |
| Secure Random By Default | Dan Kaminsky | As a general rule in security, we have learned that the best way to achieve ... | |
| Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring. | Ryan Lackey , The Grugq , Marc Rogers | Sometimes, hiding the existence of a communication is as important as hiding the contents of ... | |
| Panel: Ephemeral Communications: Why and How? | Ryan Lackey , Jon Callas , Elissa Shevinsky | Possibly more to come..... Ephemeral communications applications are increasingly popular ways, especially among younger users, ... | |
| NinjaTV - Increasing Your Smart TV’s IQ Without Bricking It | Felix Leder | Smart TVs are growing in popularity. Set-top boxes like Apple TV, Roku, or WD TV ... | |
| Dark Mail | Stephen Watt , Ladar Levison | Data privacy and anonymity have long been cornerstone interests of the computer security world, but ... | |
| Oracle Data Redaction is Broken | David Litchfield | The Oracle data redaction service is a new feature introduced with Oracle 12c. It allows ... | |
| Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What's Running on Your System | Shane "k2" Macaulay | Windows7 & Server 2008R2 and earlier kernels contain significant executable regions available for abuse. These ... | |
| Catching Malware En Masse: DNS and IP Style | Thibault Reuille , Dhia Mahjoub , Andree Toonk | The Internet is constantly growing, providing a myriad of new services both legitimate and malicious. ... | |
| Old Skewl Hacking: Porn Free! | Major Malfunction | Having cut his teeth (and scarred his mind) on hotel Infra-Red controlled TV systems, spent ... | |
| RFIDler: SDR.RFID.FTW | Zac Franken , Major Malfunction | Software Defined Radio has been quietly revolutionising the world of RF. However, the same revolution ... | |
| Attacking the Internet of Things using Time | Paul Mcmillan | Internet of Things devices are often slow and resource constrained. This makes them the perfect ... | |
| Open Source Fairy Dust | John Menerick | Over the past 30 years, the Internet and open source software have worked in tandem. ... | |
| A Survey of Remote Automotive Attack Surfaces | Chris Valasek , Charlie Miller | Automotive security concerns have gone from the fringe to the mainstream with security researchers showing ... | |
| Learn how to control every room at a luxury hotel remotely: the dangers of insecure home automation deployment | Jesus Molina | Have you ever had the urge to create mayhem at a hotel? Force every hotel ... | |
| Generating ROP payloads from numbers | Alexandre Moneger | Is it possible to generate a ROP payload whilst using as few gadgets from the ... | |
| DEF CON Comedy Jam Part VII, Is This The One With The Whales? | James Arlen , David Mortman , Rich Mogull , Chris Hoff , Rob Graham , Dave Maynor , Alex Rothman , Larry “@haxorthematrix” Pesce | Weeeeeeeeee're baaaaaack. Bring out your FAIL. It's the most talked about panel at DEF CON! ... | |
| Panel: Ask the EFF: The Year in Digital Civil Liberties | Kurt Opsahl , Eva Galperin , Yan Zhu , Mark Jaycox , Nate Cardozo | N/A | |
| The NSA Playset: RF Retroreflectors | Michael Ossmann | Of all the technologies revealed in the NSA ANT catalog, perhaps the most exotic is ... | |
| VoIP Wars: Attack of the Cisco Phones | Fatih Ozavci | Many hosted VoIP service providers are using Cisco hosted collaboration suite and Cisco VoIP solutions. ... | |
| Panel — Surveillance on the Silver Screen- Fact or Fiction? | Kevin Bankston , Nicole Ozer , Timothy Edgar | Join ACLU and others for a fun-filled surveillance tour of the movies - from Brazil ... | |
| Playing with Car Firmware or How to Brick your Car | Paul Such , Florian Gaultier | A lot of papers have already been done/produced on hacking cars through ODB2/CanBus. Looking at ... | |
| Measuring the IQ of your Threat Intelligence feeds | Kyle Maxwell , Alex Pinto | Threat Intelligence feeds are now being touted as the saving grace for SIEM and log ... | |
| Secure Because Math: A Deep Dive On Machine Learning-Based Monitoring | Alex Pinto | We could all have predicted this with our magical Big Data analytics platforms, but it ... | |
| Abusing Software Defined Networks | Gregory Pickett | Software Defined Networking (SDN) transfers all forwarding decisions to a single controller and provides the ... | |
| NSA Playset : GSM Sniffing | Pierce , Loki | A5/1, as implemented in GSM, was broken wide open in 2003, yet GSM is still ... | IncludeThinkstScapes |
| Cyberhijacking Airplanes: Truth or Fiction? | Phil Polstra , Captain Polly | There have been several people making bold claims about the ability to remotely hack into ... | |
| Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance | Phil Polstra | Is someone spying on you? This talk will present several low-tech ways that you can ... | |
| Detecting and Defending Against a Surveillance State | Robert Rowley | This talk is based on semi-recent reported leaks that detail how state-actors could be engaging ... | |
| Acquire current user hashes without admin privileges | Anton Sapozhnikov | If an attacker has only user level access to an infected machine inside corporate internal ... | |
| You're Leaking Trade Secrets | Michael Schrenk | Networks don't need to be hacked for information to be compromised. This is particularly true ... | |
| Veil-Pillage: Post-exploitation 2.0 | Will Schroeder | The Veil-Framework is a project that aims to bridge the gap between pentesting and red ... | |
| From Raxacoricofallapatorius With Love: Case Studies In Insider Threat | Tess Schrodinger | Espionage, honey pots, encryption, and lies. Clandestine meetings in hotels. The naïve girl seduced by ... | |
| Don't DDoS Me Bro: Practical DDoS Defense | Blake Self , Shawn Burrell | Layer 7 DDoS attacks have been on the rise since at least 2010, especially attacks ... | |
| Hacking the FBI: How & Why to Liberate Government Records | Ryan Noah Shapiro | After narrowly avoiding a lengthy activism-related prison sentence, I began PhD work at MIT in ... | |
| Advanced Red Teaming: All Your Badges Are Belong To Us | Eric Smith , Josh Perrymon | By definition ”Red Teaming” or Red Team testing originated from the military whereby describing a ... | |
| The Internet of Fails: Where IoT Has Gone Wrong and How We're Making It Right | Zach Lanier , Mark Stanislav | This presentation will dive into research, outcomes, and recommendations regarding information security for the "Internet ... | |
| "Around the world in 80 cons” - A Perspective | Jayson E. | After spending 15 years in the hacker / InfoSec community, I thought it was time ... | |
| I Hunt TR-069 Admins: Pwning ISPs Like a Boss | Shahar Tal | Residential gateway (/SOHO router) exploitation is a rising trend in the security landscape - ever ... | |
| The Only Way to Tell the Truth is in Fiction: The Dynamics of Life in the National Security State | Richard Thieme | Over a decade ago, a friend at the National Security Agency told Richard Thieme that ... | |
| A Journey to Protect Points-of-sale | Nir Valtman | Many point-of-sale breaches occurred in the past year and many organizations are still vulnerable against ... | |
| Impostor — Polluting Tor Metadata | Charlie Vedaa , Mike Larsen | Just using Tor can bring the cops to your door. While the security community was ... | |
| Domain Name Problems and Solutions | Paul A. Vixie | Spammers can't use dotted quads or any other literal IP address, since SpamAssassin won't let ... | |
| Optical Surgery; Implanting a DropCam | Patrick Wardle , Colby Moore | Video Monitoring solutions such as DropCam aim to provide remote monitoring, protection and security. But ... | |
| Manna from Heaven: Improving the state of wireless rogue AP attacks | Ian De Villiers , Dominic White | The current state of theoretical attacks against wireless networks should allow this wireless world to ... | |
| The Open Crypto Audit Project | Matthew Green , Kenneth White | Join us for the story of the origins and history of the Open Crypto Audit ... | |
| Practical Aerial Hacking & Surveillance | Glenn Wilkinson | The coupling of unmanned aerial vehicles (UAVs) with hacking & surveillance devices presents a novel ... | |
| From root to SPECIAL: Pwning IBM Mainframes | Philip Young | 1.1 million transactions are run through mainframes every second worldwide. From your flight to your ... | |
| PoS Attacking the Traveling Salesman | Alex Zacharis , Tsagkarakis Nikolaos | Our work presents a re-vamped Point-of-Sales (POS) attack targeting the transportation sector and focusing mainly ... | |
| How To Get Phone Companies To Just Say No To Wiretapping | Phil Zimmermann | Phil is going to talk about his latest projects, which are helping several mobile carriers ... |