DefCon27 2019 Aug. 8, 2019 to Aug. 11, 2019, Las Vegas, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Exploiting Windows Exploit Mitigation for ROP Exploits Omer Yair “A concept is a brick. It can be used to build a courthouse of reason. ...
Breaking Google Home: Exploit It with SQLite (Magellan) Huiyu Wu , Wenxiang Qian , Yuxiang Li Over the past years, our team has used several new approaches to identify multiple critical ...
Are Quantum Computers Really A Threat To Cryptography? A Practical Overview Of Current State-Of-The-Art Techniques With Some Interesting Surprises Andreas Baumhof Shor's Algorithm for factoring integer numbers is the big threat to cryptography (RSA/ECC) as it ...
Intro to Embedded Hacking—How you too can find a decade old bug in widely deployed devices. [REDACTED] Deskphones, a case study. Philippe Laulheret From small business to large enterprise, VOIP phones can be found on nearly every desk. ...
Web2Own: Attacking Desktop Apps From Web Security's Perspective Junyu Zhou , Ce Qin , Jianing Wang People are always talking about binary vulnerabilities when attacking desktop applications. Memory corruptions are always ...
DEF CON 101 Panel Tottenkoph , Highwiz , Shaggy , Nikita , Will , N00bz , Secbarbie The DEF CON 101 Panel is the place to go to learn about the many ...
Behind the Scenes of the DEFCON 27 Badge Joe Grand (kingpin) Incorporating natural elements, complex fabrication techniques, and components rarely seen by the outside world, the ...
Hacking Congress: The Enemy Of My Enemy Is My Friend Jen Ellis , Cris Thomas , Former Harman , Rep. James Langevin , Rep. Ted Lieu A SIMULATED crisis is unfolding on a national scale, based loosely on the NotPetya attack ...
Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware† Olivier Bilodeau , Masarah Paquet-clouston This talk is the grand finale of a four-year long investigation that started with analyzing ...
Duplicating Restricted Mechanical Keys Bill Graydon , Robert Graydon Secure facilities in North America use lock systems like Medeco, Abloy, Assa and Mul-T-Lock partly ...
Don't Red-Team AI Like a Chump Ariel Herbert-voss AI needs no introduction as one of the most overhyped technical fields in the last ...
The Tor Censorship Arms Race: The Next Chapter Roger Dingledine Tor is a free-software anonymizing network that helps people around the world use the Internet ...
All the 4G Modules Could Be Hacked Xiaohuihui , Ye Zhang , Zhenghuang Nowadays more and more 4G modules are built into IoT devices around the world, such ...
Evil eBPF In-Depth: Practical Abuses of an In-Kernel Bytecode Runtime Jeff Dileo eBPF (or "extended" Berkeley Packet Filter) is a bytecode instruction set and virtual machine used ...
Process Injection Techniques—Gotta Catch Them All Itzik Kotler , Amit Klein When it comes to process injection in Windows, there are only 6-7 fundamental techniques, right? ...
Phreaking Elevators Willc This is a comprehensive dive into the current emergency phones with an in-depth look at ...
Infiltrating Corporate Intranet Like NSA _Pre-auth RCE on Leading SSL VPNs Orange Tsai , Meh Chang Computer security is now a public policy issue. Election security, blockchain, "going dark," the vulnerabilities ...
API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web Joshua Maddux The 2016 WWDC saw the dawn of Apple Pay Web, an API that lets websites ...
HackPac: Hacking Pointer Authentication in iOS User Space Xiaolong Bai , Min (spark) Zheng Pointer Authentication (in short, PAuth) is the latest security mechanism in iOS. It is proposed ...
HVACking: Understand the Difference Between Security and Reality! Douglas Mckee , Mark Bereza Like most modern devices, building controllers have increasingly become network connected, exposing them to a ...
No Mas—How One Side-Channel Flaw Opens Atm, Pharmacies and Government Secrets Up to Attack Phar Hacking ‘high security’ electronic locks has become a bit of a hobby, but what if ...
More Keys Than A Piano: Finding Secrets In Publicly Exposed Ebs Volumes Xben "benmap" Morris Did you know that Elastic Block Storage (Amazon EBS) has a "public" mode that makes ...
Harnessing Weapons of Mac Destruction Patrick Wardle Whenever a new Mac malware specimen is uncovered, it provides a unique insight into the ...
Are Your Child's Records at Risk? The Current State of School Infosec Bill Demirkapi From credit reporting agencies to hotel enterprises, major data breaches happen daily. However, when was ...
How Deep Learning Is Revolutionizing Side-Channel Cryptanalysis Elie Bursztein , Jean Michel Picod This talk explores how AI is revolutionizing hardware side-channel attacks and what this new wave ...
Practical Key Search Attacks Against Modern Symmetric Ciphers Daniel "ufurnace" Crowley , Daniel Pagan In theory, brute force key recovery attacks against modern ciphers like AES should be impractical ...
MOSE: Using Configuration Management for Evil Jayson Grace Configuration Management (CM) tools are used to provision systems in a uniform manner. CM servers ...
Change the World, cDc Style: Cow tips from the first 35 years Joseph Menn , Deth Vegetable , Peiter Mudge Zatko , Chris Dildog Rioux , Omega The Cult of the Dead Cow changed the culture of the entire security industry, the ...
100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans Ang Cui , Jatin Kataria , Rick Housley First commercially introduced in 2013, Cisco Trust Anchor module(TAm) is a proprietary hardware security module ...
Relaying Credentials Has Never Been Easier: How to Easily Bypass the Latest NTLM Relay Mitigations Marina Simakov , Yaron Zinar Active Directory has always been a popular target for attackers, with a constant rise in ...
Please Inject Me, a x64 Code Injection Alon Weinberg Malware authors are always looking for new ways to achieve code injection, thereby allowing them ...
I Know What You Did Last Summer: 3 Years of Wireless Monitoring at DEF CON D4rkm4tter (mike Spicer) For the past 3 years d4rkm4tter has been obsessed with monitoring the wireless networks at ...
Surveillance Detection Scout—Your Lookout on Autopilot Truman Kain Surveillance detection routes are a daily occurrence for clandestine operatives and agents all over the ...
The JOP ROCKET: A Supremely Wicked Tool for JOP Gadget Discovery, or What to Do If ROP Is Too Easy Dr. Bramwell Brizendine , Dr. Joshua Stroschien Return-oriented Programming (ROP) has been the predominate code-reuse attack for over a decade, but there ...
Poking the S in SD cards Nicolas Oberli Ever wonder why the S in SD cards stands for Secure? Well, it turns out ...
Can You Track Me Now? Why The Phone Companies Are Such A Privacy Disaster U.s. Wyden Amidst the current public outcry about privacy abuses by corporate america, one sector has received ...
Breaking The Back End! It Is Not Always A Bug. Sometimes, It Is Just Bad Design! Gregory Pickett Reverse engineering is critical to exploitation. However, going through the process of reverse engineering can ...
Re: What's up Johnny?—Covert Content Attacks on Email End-to-End Encryption Jens Müller HTTP requests are traditionally viewed as isolated, standalone entities. In this session, I'll introduce techniques ...
D0 N0 H4RM: A Healthcare Security Conversation Billy Rios , Jay Radcliffe , Christian "quaddi" Dameff , Jeff Md , Suzanne Schwartz Md , Marie Moe Phd Technology’s promise flows within medicine like blood through veins. With every drip of life-saving medicine ...
Panel: DEF CON Groups Jayson E. Street , April C. Wright , S0ups , Brent B1tk1ll3r , Darington , Tim Roberts (byt3boy) , Casey Bourbonnais N/A
Weaponizing Hypervisors to Fight and Beat Car and Medical Devices Attacks Ali Islam , Dan Regalado (danux) Historically, hypervisors have existed in the cloud for efficient utilization of resources, space, and money. ...
Rise of the Hypebots: Scripting Streetwear Finalphoenix Buying Supreme is even harder when most of your competitors are AI. The era of ...
Information Security in the Public Interest Bruce Schneier Computer security is now a public policy issue. Election security, blockchain, "going dark," the vulnerabilities ...
EDR Is Coming; Hide Yo Sh!t Michael Leibowitz , Topher Timzen There’s a new, largely unaddressed threat in the security industry today, Endpoint Detection and Response ...
Your Car is My Car Jmaxxz For many of us, our cars are one of the largest purchases we will ever ...
HAKC THE POLICE Bill Swearingen PULL OVER!No, it is a cardigan, but thanks for noticing! After getting a nasty speeding ...
Hacking Your Thoughts—Batman Forever meets Black Mirror Katherine Pratt/gattakat Mobile app hacking peaked in 2015 with tools like keychain-dumper & ssl-kill-switch released but requiring ...
Meticulously Modern Mobile Manipulations Leon Jacobs Mobile app hacking peaked in 2015 with tools like keychain-dumper & ssl-kill-switch released but requiring ...
How You Can Buy AT&T, T-Mobile, and Sprint Real-Time Location Data on the Black Market Joseph Cox Major US telecommunications companies AT&T, T-Mobile, and Sprint have been quietly selling access to their ...
Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming Damien Cauquil (virtualabs) Bluetooth Low energy version 5 has been published in late 2016, but we still have ...
Why You Should Fear Your "mundane" Office Equipment Daniel Romero , Mario Rivas The security of common enterprise infrastructure devices such as desktops and laptops has advanced over ...
Zombie Ant Farm: Practical Tips for Playing Hide and Seek with Linux EDRs Dimitry Snezhkov EDR solutions have landed in Linux. With the ever increasing footprint of Linux machines deployed ...
GSM: We Can Hear Everyone Now! Campbell Murray , Eoin Buckley , James Kulikowski The presentation demonstrates that the security of the A5/1 and A5/3 ciphers used to protect ...
Tag-side attacks against NFC Christopher Wade This talk covers tag-side attacks against NFC communication protocols, including cracking of Mifare encryption keys ...
SSO Wars: The Token Menace Oleksandr Mirosh , Alvaro Muòoz It is the year 2019. Humanity has almost won its long-standing war against Single-Sign On ...
SELECT code_execution FROM * USING SQLite;—Gaining code execution using a malicious SQLite database Omer Gull Everyone knows that databases are the crown jewels from a hacker's point of view, but ...
I'm on your phone, listening—Attacking VoIP Configuration Interfaces Stephan Huber , Philipp Roskosch If toasters talking to fridges is no joke to you, then you are aware of ...
Zero bugs found? Hold my Beer AFL! How To Improve Coverage-Guided Fuzzing and Find New 0days in Tough Targets Maksim Shudrak Fuzzing remains to be the most effective technique for bugs hunting in memory-unsafe programs. Last ...
Next Generation Process Emulation with Binee Kyle Gwinnup , John Holowczak The capability to emulate x86 and other architectures has been around for some time. Malware ...
Get Off the Kernel if You Canít Drive Mickey Shkatov , Jesse Michael For software to communicate with hardware, it needs to talk to a kernel-mode driver that ...
Reverse-Engineering 4g Hotspots for Fun, Bugs and Net Financial Loss G Richter “5G is coming” (apparently). That probably means, over the next few years, more and more ...
State of DNS Rebinding—Attack & Prevention Techniques and the Singularity of Origin Gerald Doussot , Roger Meyer Do you want to know how you can exploit DNS rebinding 10x faster, bypass prevention ...
.NET Malware Threats: Internals And Reversing Alexandre B .NET malware is well-known by security analysts, but even existing many tools such as dnSpy,.NET ...
Reverse Engineering 17+ Cars in Less Than 10 Minutes Brent Stone Brent provides a live demonstration reversing engineering 17 or more unknown passenger vehicle CAN networks ...
Confessions of an Nespresso Money Mule: Free Stuff & Triangulation Fraud Nina Kollars , Kitty Hegemon In 2018 I somewhat innocently bought very expensive coffee (Nespresso capsules) online from Ebay. What ...
Vacuum Cleaning SecurityóPinky and the Brain Edition Jiska , Clou (fabian Ullrich) Data collected by vacuum cleaning robot sensors is highly privacy-sensitive, as it includes details and ...
Unpacking Pkgs: A Look Inside Macos Installer Packages And Common Security Flaws Andy Grant We are hackers, we won't do as you expect or play by your rules, and ...
Go NULL Yourself or: How I Learned to Start Worrying While Getting Fined for Otherís Auto Infractions Droogie Input sanitization issues will always exist, although it’s surprising at how we’re still seeing amateur ...
Apache Solr Injection Michael Stepankin Apache Solr is a search platform used by many enterprise companies to add a full ...
We Hacked Twitter... And the World Lost Their Sh*t Over It! Mike Godfrey , Matthew Carr In December 2018 INSINIA Security was involved in one of the biggest hacking stories of ...
Backdooring Hardware Devices By Injecting Malicious Payloads On Microcontrollers Sheila Ayelen Berta Is targeting microcontrollers worth the effort? Nowadays, they are responsible for controlling a wide range ...
Adventures In Smart Buttplug Penetration (testing) Smea Analysts believe there are currently on the order of 10 billions Internet of Things (IoT) ...
Hacking WebAssembly Games with Binary Instrumentation Jack Baker WebAssembly is the newest way to play video games in your web browser. Both Unity3d ...
Your Secret Files Are Mine: Bug Finding And Exploit Techniques On File Transfer App Of All Top Android Vendors Huiming Liu , Xiangqian Zhang Nearby sharing apps are very convenient and fast when you want to transfer files and ...
The ABC of Next-Gen Shellcoding Hadrien Barral , Rèmi Gèraud-stewart , Georges-axel Jaloyan Shellcodes are short executable stubs that are used in various attack scenarios, whenever code execution ...
SDR Against Smart TVs: URL and Channel Injection Attacks Pedro Cabrera Camara Software-defined-radio has revolutionized the state of the art in IoT security and especially one of ...
Exploiting Qualcomm WLAN and Modem Over The Air Peter Pi , Xiling Gong In this talk, we will share our research in which we successfully exploit Qualcomm WLAN ...
Say Cheese—How I Ransomwared Your DSLR Camera Eyal Itkin It's a nice sunny day on your vacation, the views are stunning, and like on ...
I'm In Your Cloud... Pwning Your Azure Environement Dirk-jan Mollema After having compromised on-premise for many years, there is now also the cloud! Now your ...
Malproxying: Leave Your Malware at Home Hila Cohen , Amit Waisel During a classic cyber attack, one of the major offensive goals is to execute code ...
HTTP Desync Attacks: Smashing into the Cell Next Door Albinowax HTTP requests are traditionally viewed as isolated, standalone entities. In this session, I'll introduce techniques ...
Help Me, Vulnerabilities. You're My Only Hope Jacob Baines MikroTik routers keep getting owned. They’ve been exploited by advanced threats like VPNFilter, Slingshot APT, ...
[ MI CASA-SU CASA ] My 192.168.1.1 is Your 192.168.1.1 Elliott Thompson Your browser thinks my 192.168.1.1 is the same as your 192.168.1.1. Using a novel combination ...
Sound Effects: Exploring Acoustic Cyber-weapons Matt Wixey While recent research has explored the capability of attacks to cause harm by targeting devices ...
Owning The Cloud Through Server-Side Request Forgery Ben Sadeghipour , Cody Brocious (daeken) Today's systems sandbox code through traditional techniques: memory protection and user-kernel mode. Even high-security devices ...
Want Strong Isolation? Just Reset Your Processor Anish Athalye DARPA’s Grand Cyber Challenge foretold an ominous future stricken with machines exploiting our code and ...
Firmware Slap: Automating Discovery of Exploitable Vulnerabilities in Firmware Christopher Roberts DARPA’s Grand Cyber Challenge foretold an ominous future stricken with machines exploiting our code and ...
Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks Brad Dixon Athletes are competing in virtual cycling by riding real bikes on stationary trainers which power ...
The Ether Wars: Exploits, counter-exploits and honeypots on Ethereum Bernhard Mueller , Daniel Luca Ethereum smart contracts are Turing-complete programs that mediate transfers of money. It doesn't come as ...