DEF CON 29 Aug. 5, 2021 to Aug. 8, 2021, Las Vegas, NV

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
The Mechanics of Compromising Low Entropy RSA Keys Austin Allshouse Over the past decade, there have been a number of research efforts (and DEFCON talks!) ...
Breaking TrustZone-M: Privilege Escalation on LPC55S69 Laura Altherr The concept of Trusted Execution Environments has been broadly introduced to microcontrollers with ARM’s TrustZone-M. ...
A Look Inside Security At The New York Times Or A Media Security Primer For Hackers Jesse Fiedler Krembs This talk will cover the unique threats and challenges of working in information security for ...
Bring Your Own Print Driver Vulnerability Jacob Baines What can you do, as an attacker, when you find yourself as a low privileged ...
2021 - Our Journey Back To The Future Of Windows Vulnerabilities and the 0-days we brought back with us Tomer Segal In 2020, security researchers reported a record number of Windows vulnerabilities. We were curious what ...
Abusing SAST tools! When scanners do more than just scanning Rotem Bar When we write code, we often run many scanners for different purposes on our code ...
The Unbelievable Insecurity of the Big Data Stack: An Offensive Approach to Analyzing Huge and Complex Big Data Infrastructures Sheila A. Berta Honoring the term, the variety of technologies in the Big Data stack is hugely BIG. ...
Hacking G Suite: The Power of Dark Apps Script Magic Matthew ‘mandat0ry’ Bryant You’ve seen plenty of talks on exploiting, escalating, and exfiltrating the magical world of Google ...
PunkSPIDER and IOStation: Making a Mess All Over the Internet _hyp3ri0n Hopper We've been getting asked a lot for "that tool that was like Shodan but for ...
Why does my security camera scream like a Banshee? Signal analysis and RE of a proprietary audio-data encoding protocol Rion Carter All I wanted was a camera to monitor my pumpkin patch for pests, what I ...
Hack the hackers: Leaking data over SSL/TLS Ionut Cernica Have you considered that in certain situations the way hackers exploit vulnerabilities over the network ...
Taking Apart and Taking Over ICS & SCADA Ecosystems: A Case Study of Mitsubishi Electric Mars Yang Diversified Industrial Control System (ICS) providers create a variety of ecosystems, which have come to ...
Crossover Episode: The Real-Life Story of the First Mainframe Container Breakout Ian Smalls) You've seen talks about container hacking. You've seen talks about mainframe hacking. But how often ...
D0 N0 H4RM: A Healthcare Security Conversation Josh Corman , Jessica Wilkerson , Jeff Md , Christian Md , Gabrielle Domas Mired in the hell of a global pandemic, hospital capacity stressed to its limit, doctors ...
No Key? No PIN? No Combo? No Problem! P0wning ATMs For Fun and Profit Roy Davis Since the late great Barnaby Jack gave us “Jack Potting” in the late 2000s, there ...
Unlocking KeeLoq – A Reverse Engineering Story Rogan Dawes KeeLoq Remote Keyless Entry systems make use of radio frequency transmissions to operate and have ...
Instrument and Find Out: Writing Parasitic Tracers for High(-Level) Languages Jeff Dileo Modern programming languages are, more and more, being designed not just around performance, ease-of-use, and ...
Vulnerability Exchange: One Domain Account For More Than Exchange Server RCE Tianze Ding Microsoft Exchange Server is one of the most famous mail servers in the world. It ...
Privacy Without Monopoly: Paternalism Works Well, But Fails Badly Cory Doctorow Governments around the world (US, UK, EU) are planning to force interoperability on the biggest ...
Response Smuggling: Pwning HTTP/1.1 Connections Martin Doyhenard Over the past few years, we have seen some novel presentations re-introducing the concept of ...
Worming through IDEs David Dworken You might think that as long as you never hit run, opening up that interesting ...
eBPF, I thought we were friends ! Sylvain Baubeau , Guillaume Fournier Since its first appearance in Kernel 3.18, eBPF (Extended Berkley Packet Filter) has progressively become ...
DoS: Denial of Shopping – Analyzing and Exploiting (Physical) Shopping Cart Immobilization Systems Joseph Gabay Many supermarkets and shopping centers have implemented devices that “lock” their shopping carts if they’re ...
Robots with lasers and cameras (but no security): Liberating your vacuum from the cloud Dennis Giese Vacuum robots are becoming increasingly popular and affordable as their technology grows ever more advanced, ...
Defeating Physical Intrusion Detection Alarm Wires Bill Graydon Alarm systems are ubiquitous - no longer the realm of banks and vaults only, many ...
Phantom Attack: Evading System Call Monitoring Rex Zeng Phantom attack is a collection of attacks that evade Linux system call monitoring. A user ...
TEMPEST radio station Paz Hameiri TEMPEST is a cyber security term that refers to the use of electromagnetic energy emissions ...
Old MacDonald Had a Barcode, E-I-E-I CAR Richard Henderson For decades, the EICAR test string has been used by antivirus and security vendors to ...
Sleight of ARM: Demystifying Intel Houdini Brian Hong In the recent years, we have seen some of the major players in the industry ...
Caught you - reveal and exploit IPC logic bugs inside Apple Zhipeng Huo , Yuebin Ding Apple's iOS, macOS and other OS have existed for a long time. There are numerous ...
New Phishing Attacks Exploiting OAuth Authentication Flows Jenko Hwong OAuth 2.0 device authorization gives users on limited-input devices like TVs an easier way to ...
The PACS-man Comes For Us All: We May Be Vaccinated, but Physical Access Control Still Sucks Babak Javadi , Nick Draffen , Eric Jensterle It's 2021. You’re still here! You’re vaccinated! You should be happy and carefree! And yet…the ...
Wibbly Wobbly, Timey Wimey – What's Really Inside Apple's U1 Chip Jiska Heinrich Apple introduced an Ultra Wideband (UWB) chip in the iPhone 11. Its cryptographically secured spatial ...
Rotten code, aging standards, & pwning IPv4 parsing across nearly every mainstream programming language Kelly Codes Openness to responsibly disclosed external vulnerability research is crucial for modern software maintainers and security ...
HTTP/2: The Sequel is Always Worse James Kettle HTTP/2 is easily mistaken for a transport-layer protocol that can be swapped in with zero ...
Over-the-air remote code execution on the DEF CON 27 badge via Near Field Magnetic Inductance Seth Kintigh The DEF CON 27 badge employed an obscure form of wireless communication: Near Field Magnetic ...
HACKERS INTO THE UN? Engaging in the cyber discussions on war & peace - DEF CON Policy Panel Maarten Van Horenbeeck , Chris Painter , Alexander Klimburg , Lauren Zabierek , Sheetal Woodcock As if 2020 and 2021 were not bad enough, the Covid-19 pandemic seemed to have ...
Offensive Golang Bonanza: Writing Golang Malware Ben Kurtz The past two years have seen the rise of Golang-based malware from its beginnings as ...
Fuzzing Linux with Xen Tamas K Lengyel Last year we've successfully upstreamed a new feature to Xen that allows high-speed fuzzing of ...
Hacking Humans with AI as a Service Eugene Lim , Glenice Hock As the proliferation of Artificial Intelligence as a Service (AIaaS) products such as OpenAI's GPT-3 ...
Do you like to read? I know how to take over your Kindle with an e-book Slava Makkaveev Since 2007, Amazon has sold tens of millions of Kindles, which is impressive. But this ...
PINATA: PIN Automatic Try Attack Salvador Mendoza A brute force attack is a trial-and-error method used to obtain information such as user ...
Ransomware’s Big Year – from nuisance to “scourge”? - DEF CON Policy Panel Robert Graham , Jason Healey , Chris Painter , Kurtis Minder , Kevin Lawyerliz According to a former senior White House official, 2020 was the year that ransomware went ...
Time Turner - Hacking RF Attendance Systems (To Be in Two Places at Once) Vivek Nair It's a tale as old as time: a graduating senior needs two more courses to ...
REBOOTING CRITICAL INFRASTRUCTURE PROTECTION Amélie Koran , Alexander Klimburg , Joseph Marks , Faye Francy , Eric Goldstein , Danny Adams In 1998 the US government issued the first major policy document on Critical Infrastructure Protection ...
Gone Apple Pickin': Red Teaming macOS Environments in 2021 Cedric Owens Though the vast majority of US companies are enterprise Windows shops, there is a growing ...
Warping Reality - creating and countering the next generation of Linux rootkits using eBPF Path With complete access to a system, Linux kernel rootkits are perfectly placed to hide malicious ...
Hi! I'm DOMAINSteve, please let me access VLAN2 Justin Perdok By responding to probing requests made by Palo Alto and SonicWALL firewalls, it's possible to ...
You're Doing IoT RNG Dan (dwangoac) Think of a random number between '0' and infinity. Was your number '0'? Seriously? Crap. ...
Hacking the Apple AirTags Thomas Roth Apple’s AirTags enable tracking of personal belongings. They are the most recent and cheapest device ...
MAVSH> Attacking from Above Sach Over the course of 2020 and 2021, drone enthusiasts and the FAA have been locked ...
UPnProxyPot: fake the funk, become a blackhat proxy, MITM their TLS, and scrape the wire Chad Seaman UPnP sucks, everybody knows it, especially blackhat proxy operators. UPnProxyPot was developed to MITM these ...
Adventures in MitM-land: Using Machine-in-the-Middle to Attack Active Directory Authentication Schemes Sagi Sheinfeld , Eyal Zinar Over the years, researchers were able to break many secure protocols using MitM attacks. A ...
High-Stakes Updates | BIOS RCE OMG WTF BBQ Mickey Michael With attacks moving below the operating system and computer firmware vulnerability discovery on the rise, ...
The Agricultural Data Arms Race: Exploiting a Tractor Load of Vulnerabilities In The Global Food Supply Chain. Sick Codes How I hacked the entire American Food Supply Chain over the course of 3 months, ...
Your House is My House: Use of Offensive Enclaves In Adversarial Operations Dimitry "op_nomad" Snezhkov As developers start to rely more on hardware-based memory encryption controls that isolate specific application ...
Racketeer Toolkit. Prototyping Controlled Ransomware Operations Dimitry "op_nomad" Snezhkov Offensive testing in organizations has shown a tremendous value for simulating controlled attacks. While cyber ...
SPARROW: A Novel Covert Communication Scheme Exploiting Broadcast Signals in LTE, 5G & Beyond Reza Mcauley When researching methods for covert communications in the wireless space, we noticed most hackers are ...
Extension-Land: exploits and rootkits in your browser extensions Barak Sternberg Browser extensions are installed anywhere, they serve as an integral part of our day-to-day web ...
A new class of DNS vulnerabilities affecting many DNS-as-Service platforms Shir Luttwak We present a novel class of DNS vulnerabilities that affects multiple DNS-as-a-Service (DNSaaS) providers. The ...
UFOs: Misinformation, Disinformation, and the Basic Truth Richard Neuralcowboy The talk, "UFOs and Government: A Historical Inquiry" given at Def Con 21 has been ...
ProxyLogon is Just the Tip of the Iceberg, A New Attack Surface on Microsoft Exchange Server! Orange Tsai Microsoft Exchange Server is an email solution widely deployed within government and enterprises, and it ...
Sneak into buildings with KNXnet/IP Claire Vacherot Building Management Systems control a myriad of devices such as lighting, shutters and HVAC. KNX ...
Timeless Timing Attacks Tom Vanhoef 25 years ago, the first timing attacks against well-known cryptosystems such as RSA and Diffie-Hellman ...
Central bank digital currency, threats and vulnerabilities Ian Vitek What are the threats and vulnerabilities of a retail central bank digital currency (CBDC)? The ...
Breaking Secure Bootloaders Christopher Wade Bootloaders often use signature verification mechanisms in order to protect a device from executing malicious ...
Bundles of Joy: Breaking macOS via Subverted Applications Bundles Patrick Wardle A recent vulnerability, CVE-2021-30657, neatly bypassed a myriad of foundational macOS security features such as ...
Don't Dare to Exploit - An Attack Surface Tour of SharePoint Server Yuhao Weng , Steven Peng Due current global issues of 2020, organizations have been forced to make changes in how ...
Making the DEF CON 29 Badge Michael Whiteley Come meet the new badge makers and hear the story of how this year's badge ...
Defending against nation-state (legal) attack: how to build a privacy-protecting service in the era of ubiquitous surveillance Bill "woody" Woodcock US diplomacy and the US District Court of Northern California provide a nearly impenetrable shield ...
How I use a JSON Deserialization 0day to Steal Your Money On The Blockchain Hao Wu Fastjson is a widely used open source JSON parser with 23'100 stars on GitHub. As ...
Glitching RISC-V chips: MTVEC corruption for hardening ISA Adam Matrosov RISC-V is an open standard instruction set architecture (ISA) provided under open-source licenses that do ...