Defcon 2015 Aug. 6, 2015 to Aug. 9, 2015, Las vegas,usa
Tell us about missing data
Tell us about missing data
| Title | Speakers | Summary | Topic Types |
|---|---|---|---|
| DEF CON 101: The Panel. | Russ Rogers , Pushpin , Mike Petruzzi , Nikita Kronenberg , Plug | DEF CON has changed for the better since the days at the Alexis Park. It ... | |
| When the Secretary of State says: “Please Stop Hacking Us…” | David An | Senior American officials routinely hold dialogues with foreign officials to discuss cyber espionage. However, if ... | |
| Game of Hacks: Play, Hack & Track | Maty Siman , Amit Ashbel | Fooling around with some ideas we found ourselves creating a hacker magnet. Game of Hacks, ... | |
| Abusing XSLT for Practical Attacks | Fernando Arnaboldi | Over the years, XML has been a rich target for attackers due to flaws in ... | |
| RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID | Francis Brown , Shubham Shah | Have you ever attended an RFID hacking presentation and walked away with more questions than ... | |
| It's The Only Way To Be Sure: Obtaining and Detecting Domain Persistence | Grant Bugher | When a Windows domain is compromised, an attacker has several options to create backdoors, obscure ... | |
| Introduction to SDR and the Wireless Village | Satanklawz , Dakahuna | In many circumstances, we all have to wear different hats when pursuing hobbies, jobs and ... | |
| Guests N’ Goblins: Exposing Wi-Fi Exfiltration Risks and Mitigation techniques | Naveed ul Islam , Peter Desfigies , Joshua Brierton | Wi-Fi is a pervasive part of everyone’s everyday life. Whether it be home networks, open ... | |
| Let's Encrypt - Minting Free Certificates to Encrypt the Entire Web | Peter Eckersley , Yan Zhu , James Kasten | Let's Encrypt is a new certificate authority that is being launched by EFF in collaboration ... | |
| Ubiquity Forensics - Your iCloud and You | Sarah Edwards | Ubiquity or "Everything, Everywhere” - Apple uses this term describe iCloud related items and its ... | |
| Crypto for Hackers | Eijah | Hacking is hard. It takes passion, dedication, and an unwavering attention to detail. Hacking requires ... | |
| Extending Fuzzing Grammars to Exploit Unexplored Code Paths in Modern Web Browsers | Etienne Stalmans , Saif El-sherei | Fuzzing is a well-established technique for finding bugs, hopefully exploitable ones, by brute forcing inputs ... | |
| Secure Messaging for Normal People | Justin Engler | "Secure" messaging programs and protocols continue to proliferate, and crypto experts can debate their minutiae, ... | |
| Seeing through the Fog | Zack Fasel | Yes. "The Cloud" (drink). Even though many of us would much like to see use ... | |
| Linux Containers: Future or Fantasy? | Aaron Grattafiori | Containers, a pinnacle of fast and secure deployment or a panacea of false security? In ... | |
| How to Shot Web: Web and mobile hacking in 2015 | Jason Haddix | 2014 was a year of unprecedented participation in crowdsourced and static bug bounty programs, and ... | IncludeThinkstScapes |
| Alice and Bob are Really Confused | David Huerta | There have been over 20 cryptoparties in New York City, in which people are introduced ... | |
| LTE Recon and Tracking with RTLSDR | Ian Kline | Since RTLSDR became a consumer grade RX device, numerous talks and open source tools enabled ... | |
| Forensic Artifacts From a Pass the Hash Attack | Gerard Laygui | A pass the hash (PtH) attack is one of the most devastating attacks to execute ... | |
| I’m A Newbie Yet I Can Hack ZigBee – Take Unauthorized Control Over ZigBee Devices | Li Jun , Yang Qing | With the advent of the Internet of Things,more and more objects are connected via various ... | |
| Are We Really Safe? - Bypassing Access Control Systems | Dennis Maldonado | Access control systems are everywhere. They are used to protect everything from residential communities to ... | |
| Sorry, Wrong Number: Mysteries Of The Phone System - Past and Present | Patrick Mcneil , Snide Owen | Exploring the phone system was once the new and exciting realm of “phone phreaks,” an ... | |
| Backdooring Git | John Menerick | Join us for a fun-filled tour of source control management and services to talk about ... | |
| Hacking SQL Injection for Remote Code Execution on a LAMP stack | Nemus | Remember that web application you wrote when you where first learning PHP? Ever wonder how ... | |
| Abusing native Shims for Post Exploitation | Sean Pierce | Shims offer a powerful rootkit-like framework that is natively implemented in most all modern Windows ... | |
| Hacker in the Wires | Phil Polstra | This talk will show attendees how to use a small ARM-based computer that is connected ... | |
| A Hacker’s Guide to Risk | Bruce Potter | When the latest and greatest vulnerability is announced, the media and PR frenzy can be ... | |
| Chellam – a Wi-Fi IDS/Firewall for Windows | Vivek Ramachandran | This talk will introduce techniques to detect Wi-Fi attacks such as Honeypots, Evil Twins, Mis-association ... | |
| Hardware and Trust Security: Explain it like I’m 5 | Teddy Reed , Nick Anderson | There are a lot of presentations and suggestions that indicate HSMs, TrustZone, AMT, TrEE, SecureBoot, ... | |
| Bruce Schneier Q&A | Bruce Schneier | Bruce Schneier Talks Security. Come hear about what's new, what's hot, and what's hype in ... | |
| Applied Intelligence: Using Information That's Not There | Michael Schrenk | Organizations continue to unknowingly leak trade secrets on the Internet. To those in the know, ... | |
| I Am Packer And So Can You | Mike Sconzo | Automating packer and compiler/toolchain detection can be tricky and best and downright frustrating at worst. ... | |
| NSM 101 for ICS | Chris Sistrunk | Is your ICS breached? Are you sure? How do you know? The current state of ... | |
| Beyond the Scan: The Value Proposition of Vulnerability Assessment | Damon Small | Vulnerability Assessment is, by some, regarded as one of the least “sexy” capabilities in information ... | |
| The Bieber Project: Ad Tech 101, Fake Fans and Adventures in Buying Internet Traffic | Mark Ryan Talabis | In the past year, I found myself immersed in the multi-billion dollar digital advertising industry. ... | |
| Hijacking Arbitrary .NET Application Control Flow | Topher Timzen | This speech will demonstrate attacking .NET applications at runtime. I will show how to modify ... | |
| Hackers Hiring Hackers - How to Do Things Better | Tottenkoph , Irishmasms | There are a lot of talks about how to be a better pen tester and ... | |
| QARK: Android App Exploit and SCA Tool | Tushar Dalvi , Tony Trummer | Ever wonder why there isn't a metasploit-style framework for Android apps? We did! Whether you're ... | |
| Hacking Web Apps | Brent White | Assessing the security posture of a web application is a common project for a penetration ... | |
| And That's How I Lost My Other Eye: Further Explorations In Data Destruction | Zoz | How much more paranoid are you now than you were four years ago? Warrantless surveillance ... | |
| Malware in the Gaming Micro-economy | Zack Allen | Rusty Bower Information Security Engineer Microeconomics focuses on how patterns of supply and demand determine ... | |
| How to secure the keyboard chain | Paul Amicelli , Baptiste David | Keyloggers are hardware or software tools that record keystrokes. They are an overlooked threat to ... | |
| How to hack your way out of home detention | Ammonra | Home detention and criminal tracking systems are used in hostile environments, and because of this, ... | |
| Fun with Symboliks | Atlas | Asking the hard questions... and getting answer! Oh binary, where art thine vulns? Symbolic analysis ... | |
| Quantum Computers vs. Computers Security | Jean-Philippe Aumasson | We've heard about hypothetical quantum computers breaking most of the public-key crypto in use—RSA, elliptic ... | |
| Key-Logger, Video, Mouse — How To Turn Your KVM Into a Raging Key-logging Monster | Lior Oppenheim , Yaniv Balmas | Key-Loggers are cool, really cool. It seems, however, that every conceivable aspect of key-logging has ... | |
| Canary: Keeping Your Dick Pics Safe(r) | Rob Bathurst , Jeff Thomas | The security of SSL/TLS is built on a rickety scaffolding of trust. At the core ... | |
| Extracting the Painful (blue)tooth | Matteo Beccaro , Matteo Collura | Do you know how many Bluetooth-enabled devices are currently present in the world? With the ... | |
| 802.11 Massive Monitoring | Andres Blanco , Andres Gazzoli | Wireless traffic analysis has been commonplace for quite a while now, frequently used in penetration ... | IncludeThinkstScapes |
| Exploring Layer 2 Network Security in Virtualized Environments | Ronny L. Bull , Jeanna N. Matthews | Cloud service providers offer their customers the ability to deploy virtual machines in a multi-tenant ... | |
| Attacking Hypervisors Using Firmware and Hardware | Yuriy Bulygin , Andrew Furtak , Oleksandr Bazhaniuk , Alexander Matrosov , Mikhail Gorobets | In this presentation, we explore the attack surface of modern hypervisors from the perspective of ... | |
| Who Will Rule the Sky? The Coming Drone Policy Wars | Matt Cagle , Eric Cheng | Your private drone opens up limitless possibilities – how can manufacturers and policymakers ensure you ... | |
| Switches Get Stitches | Eireann Leverett , Robert m. Lee , Colin Cassidy | This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches ... | |
| Cracking Cryptocurrency Brainwallets | Ryan Castellucci | Imagine a bank that, by design, made everyone's password hashes and balances public. No two-factor ... | |
| Paranoia and ProxyHam: High-Stakes Anonymity on the Internet | Benjamin Caudill | From the US to China and beyond, anonymity on the internet is under fire – ... | |
| Why nation-state malwares target Telco Networks: Dissecting technical capabilities of Regin and its counterparts | Omer Coskun | The recent research in malware analysis suggests state actors allegedly use cyber espionage campaigns against ... | |
| Bugged Files: Is Your Document Telling on You? | Daniel Crowley , Damon Smith | Certain file formats, like Microsoft Word and PDF, are known to have features that allow ... | |
| Do Export Controls on “Intrusion Software” Threaten Vulnerability Research? | Tom ( Decius ) Cross , Collin Anderson | At the end of 2013, an international export control regime known as the Wassenaar Arrangement ... | |
| REvisiting RE:DoS | Eric Davisson | Regular Expression Denial of Service has existed for well over a decade, but has not ... | |
| Licensed to Pwn: The Weaponization and Regulation of Security Research | Dave Aitel , Matt Blaze , Nate Cardozo , Jim Denaro , Mara Tam , Catherine Wheeler | Security research is under attack. Updates to the Wassenaar Arrangement in 2013 established among its ... | |
| Dark side of the ELF - leveraging dynamic loading to pwn noobs | Yan Shoshitaishvili , Alessandro Di Federico | The ELF format is ancient, and much mystery lurks in its dark depths. For 16 ... | |
| Fighting Back in the War on General Purpose Computers | Cory Doctorow | EFF's Apollo 1201 project is a 10-year mission to abolish all DRM, everywhere in the ... | |
| REpsych: Psychological Warfare in Reverse Engineering | Chris Domas | Your precious 0-day? That meticulously crafted exploit? The perfect foothold? At some point, they'll be ... | |
| USB Attack to Decrypt Wi-Fi Communications | Jeremy Dorrough | The term “Bad USB” has gotten some much needed press in last few months. There ... | |
| BurpKit - Using WebKit to Own the Web | Nadeem Douba | Today's web apps are developed using a mashup of client- and server-side technologies. Everything from ... | |
| Stagefright: Scary Code in the Heart of Android | Joshua j. Drake | With over a billion activated devices, Android holds strong as the market leading smartphone operating ... | |
| Medical Devices: Pwnage and Honeypots | Scott Erven , Mark Collao | We know medical devices are exposed to the Internet both directly and indirectly, so just ... | |
| NSA Playset: JTAG Implants | Joe Fitz Patrick , Matt King | While the NSA ANT team has been busy building the next generation spy toy catalog ... | |
| Unbootable: Exploiting the PayLock SmartBoot Vehicle Immobilizer | Fluxist | Many of us have seen the big yellow "boot" on the wheel of a parked ... | |
| Hooked Browser Meshed-Networks with WebRTC and BeEF | Christian "xntrik" Frichot | One of the biggest issues with BeEF is that each hooked browser has to talk ... | |
| Abusing Adobe Reader’s JavaScript APIs | Brian Gorenc , Jasiel Spelman , Abdul-aziz Hariri | Adobe Reader’s JavaScript APIs offer a rich set of functionality for document authors. These APIs ... | |
| WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis | Willi Ballenthin , Matt Graeber , Claudiu Teodorescu | Windows Management Instrumentation (WMI) is a remote management framework that enables the collection of host ... | IncludeThinkstScapes |
| HamSammich – long distance proxying over radio | David Maynor , Robert Graham | The ProxyHam talk was mysteriously canceled. However, it’s easy to replicate the talk from the ... | |
| Goodbye Memory Scraping Malware: Hold Out Till "Chip And Pin” | Weston Hecker | Proof of concept for stopping credit card theft in memory skimming operations . Alternative methods ... | |
| Low-cost GPS simulator – GPS spoofing by SDR | Lin Huang | Qing Yang Team Leader of Unicorn Team, Qihoo 360 Technology Co. Ltd. It is known ... | IncludeThinkstScapes |
| I want these * bugs off my * Internet | Dan Kaminsky | Are you interested in the gory details in fixing ugly bugs? No? Just like watching ... | |
| Drive It Like You Hacked It: New Attacks and Tools to Wirelessly Steal Cars | Samy Kamkar | Gary Numan said it best. Cars. They’re everywhere. You can hardly drive down a busy ... | |
| Harness: Powershell Weaponization Made Easy (or at least easier) | Rich Kelley | The Harness toolset aims to give penetration testers and red teams the ability to pull ... | |
| ThunderStrike 2: Sith Strike | Xeno Kovah , Corey Kallenberg , Trammel Hudson | The number of vulnerabilities in firmware disclosed as affecting Wintel PC vendors has been rising ... | |
| Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion | Jason Larsen , Marina Krotofil | The appeal of hacking a physical process is dreaming about physical damage attacks lighting up ... | |
| Hack the Legacy! IBM i (aka AS/400) Revealed. | Bart Kulach | Have you ever heard about the famous "green screen"? No, it's not a screensaver... Believe ... | |
| Remote Access, the APT | Ian Latter | ThruGlassXfer (TGXf) is a new and exciting technique to steal files from a computer through ... | |
| Let's Talk About SOAP, Baby. Let's Talk About UPNP | Ricky Lawshae | Whether we want it to be or not, the Internet of Things is upon us. ... | |
| Tell me who you are and I will tell you your lock pattern | Marte Løge | You are predictable. Your passwords are predictable, and so are your PINs. This fact is ... | |
| Responsible Incident: Covert Keys Against Subverted Technology Latencies, Especially Yubikey | Lost | We're no strangers to love You know the rules and so do I A full ... | |
| F*ck the attribution, show us your .idb! | Morgan Marquis-boire , Claudio Guarnieri , Marion Marschalek | Over the past few years state-sponsored hacking has received attention that would make a rockstar ... | |
| Inter-VM data exfiltration: The art of cache timing covert channel on x86 multi-core | Etienne Martineau | On x86 multi-core covert channels between co-located Virtual Machine (VM) are real and practical thanks ... | |
| Working together to keep the Internet safe and secure | Alejandro Mayorkas | We all have a role to play when it comes to ensuring the safety and ... | |
| I Hunt Penetration Testers: More Weaknesses in Tools and Procedures | Wesley Mcgrew | When we lack the capability to understand our tools, we operate at the mercy of ... | |
| How to Hack Government: Technologists as Policy Makers | Ashkan Soltani , Terrell Mcsweeny | As the leading federal agency responsible for protecting your privacy rights online, technology is at ... | |
| Red vs. Blue: Modern Active Directory Attacks & Defense | Sean Metcalf | Kerberos "Golden Tickets" were unveiled by Alva "Skip" Duckwall & Benjamin Delpy in 2014 during ... | |
| Put on your tinfo_t hat if you're my type | Miaubiz | The IDA Pro APIs for interacting with type information are full of opportunities (horrible problems). ... | |
| Remote Exploitation of an Unaltered Passenger Vehicle | Chris Valasek , Charlie Miller | Although the hacking of automobiles is a topic often discussed, details regarding successful attacks, if ... | |
| Separating Bots from the Humans | Ryan Mitchell | There’s an escalating arms race between bots and the people who protect sites from them. ... | |
| Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex Data Service | Colby Moore | Recently there have been several highly publicized talks about satellite hacking. However, most only touch ... | |
| Docker, Docker, Give Me The News, I Got A Bad Case Of Securing You | David Mortman | Docker is all the rage these days. Everyone is talking about it and investing in ... | |
| Detecting Randomly Generated Strings; A Language Based Approach | Mahdi Namazifar | Numerous botnets employ domain generation algorithms (DGA) to dynamically generate a large number of random ... | |
| Don't Whisper my Chips: Sidechannel and Glitching for Fun and Profit | Colin O'flynn | If you thought the security practices of regular software was bad, just wait until you ... | |
| Advances in Linux Process Forensics Using ECFS | Ryan O'neill | Many hackers today are using process memory infections to maintain stealth residence inside of a ... | |
| Ask the EFF: The Year in Digital Civil Liberties | Peter Eckersley , Kurt Opsahl , Corynne Mcsherry , Mark Jaycox , Nate Cardozo , Nadia Kayyali | Get the latest information about how the law is racing to catch up with technological ... | |
| DEF CON Comedy Inception: How many levels deep can we go? | Dan Tentler , Chris Sistrunk , Larry “@haxorthematrix” Pesce , Amanda Berlin , Will Genovese , Chris Blow | This year at DEF CON a former FAIL PANEL panelist attempts to keep the spirit ... | |
| Hacking Smart Safes: On the "Brink" of a Robbery | Dan "altf4" Petro , Oscar Salazar | Have you ever wanted to crack open a safe full of cash with nothing but ... | |
| Staying Persistent in Software Defined Networks | Gregory Pickett | The Open Network Install Environment, or ONIE, makes commodity or WhiteBox Ethernet possible. By placing ... | IncludeThinkstScapes |
| One Device to Pwn Them All | Phil Polstra | This talk will present a device that can be used as a dropbox, remote hacking ... | |
| NetRipper - Smart traffic sniffing for penetration testers | Ionut Popescu | The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges ... | |
| Chigula — a framework for Wi-Fi Intrusion Detection and Forensics | Vivek Ramachandran | Most of Wi-Fi Intrusion Detection & Forensics is done today using million dollar products or ... | |
| Knocking my neighbor’s kid’s cruddy drone offline | Michael Robinson | My neighbor’s kid is constantly flying his quad copter outside my windows. I see the ... | |
| I Will Kill You | Chris Rock | Have you ever wanted to kill someone? Do you want to get rid of your ... | |
| How to Hack a Tesla Model S | Kevin Mahaffey , Marc Rogers | The Tesla Model S is the most connected car in the world. It might surprise ... | |
| Hacking Electric Skateboards: Vehicle Research For Mortals | Mike Ryan , Richo Healey | In the last year there's been an explosion of electric skateboards onto the market- seemingly ... | |
| When IoT attacks: hacking a Linux-powered rifle | Runa a. Sandvik , Michael Auger | TrackingPoint is an Austin startup known for making precision-guided firearms. These firearms ship with a ... | |
| Drinking from LETHE: New methods of exploiting and mitigating memory corruption vulnerabilities | Daniel Selifonov | Memory corruption vulnerabilities have plagued computer systems since we started programming software. Techniques for transforming ... | |
| Breaking SSL Using Time Synchronisation Attacks | Jose Selvi | What time? When? Who is first? Obviously, Time is strongly present in our daily life. ... | |
| "Quantum" Classification of Malware | John Seymour | Quantum computation has recently become an important area for security research, with its applications to ... | |
| Insteon' False Security And Deceptive Documentation | Peter Shipley , Ryan Gooler | Insteon is a leading home automation solution for controlling lights, locks, alarms, and much more. ... | |
| Scared Poopless – LTE and *your* laptop | Mickey Shkatov , Jesse Michael | With today’s advancement in connectivity and internet access using 3G and LTE modems it seems ... | |
| Angry Hacking - the next generation of binary analysis | Yan Shoshitaishvili , Fish Wang | Security has gone from a curiosity to a phenomenon in the last decade. Fortunately for ... | |
| High-Def Fuzzing: Exploring Vulnerabilities in HDMI-CEC | Joshua Smith | The HDMI (High Definition Multimedia Interface) standard has gained extensive market penetration. Nearly every piece ... | |
| Dissecting the Design of SCADA Web Human Machine Interfaces (HMIs) - Hunting Vulnerabilities | Aditya K Sood | Human Machine Interfaces (HMIs) are the subsets of the Supervisory Control and Data Acquisition (SCADA) ... | |
| Shall We Play a Game? | Tamas Szakaly | Everybody plays games, and a whole lot of people plays computer games. Despite this fact, ... | |
| DIY Nukeproofing: a new dig at "data-mining" | 3alarmlampscooter | Does the thought of nuclear war wiping out your data keep you up at night? ... | |
| Hacking the Human Body/brain: Identity Shift, the Shape of a New Self, and Humanity 2.0 | Richard Thieme | This presentation is beyond fiction. Current research in neuroscience and the extension and augmentation of ... | |
| From 0 To Secure In 1 Minute — Securing IAAS | Nir Valtman , Moshe Ferber | Recent hacks to IaaS platforms reveled that we need to master the attack vectors used: ... | |
| Looping Surveillance Cameras through Live Editing of Network Streams | Eric Van Albert , Zach Banks | This project consists of the hardware and software necessary to hijack wired network communications. The ... | |
| Machine vs. Machine: Inside DARPA’s Fully Automated CTF | Jordan Wiens , Michael a Walker | For 22 years, the best binary ninjas in the world have gathered at DEF CON ... | |
| Pivoting Without Rights – Introducing Pivoter | Dave Kennedy , Geoff Walton | One of the most challenging steps of a penetration test is popping something and not ... | |
| DLL Hijacking' on OS X? #@%& Yeah! | Patrick Wardle | Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to ... | |
| Stick That In Your (root)Pipe & Smoke It | Patrick Wardle | You may ask; "why would Apple add an XPC service that can create setuid files ... | |
| Confessions of a Professional Cyber Stalker | Ken Westin | For several years I developed and utilized various technologies and methods to track criminals leading ... | |
| How to Train Your RFID Hacking Tools | Craig Young | With insecure low frequency RFID access control badges still in use at businesses around the ... | |
| Investigating the Practicality and Cost of Abusing Memory Errors with DNS | Luke Young | In a world full of targeted attacks and complex exploits this talk explores an attack ... | IncludeThinkstScapes |
| Security Necromancy: Further Adventures in Mainframe Hacking | Philip Young , Chad Rikansrud | You thought they were dead didn't you? You thought "I haven't seen a mainframe since ... |