DEF CON 30 Aug. 11, 2022 to Aug. 14, 2022, Las Vegas, NV

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Panel - DEF CON Policy Dept - What is it, and what are we trying to do for hackers in the policy world? Def Dept Title: DEF CON Policy Department - What is it, and what are we trying to ...
Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious software still matters Cesare Pizzi Cesare Pizzi - Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious ...
Computer Hacks in the Russia-Ukraine War Kenneth Geers Kenneth Geers - Computer Hacks in the Russia-Ukraine War Kenneth Geers, Very Good Security / ...
OopsSec -The bad, the worst and the ugly of APT’s operations security Tomer Bar Tomer Bar - OopsSec -The bad, the worst and the ugly of APT’s operations security ...
The PACMAN Attack: Breaking PAC on the Apple M1 with Hardware Attacks Joseph Ran Joseph Ravichandran - The PACMAN Attack: Breaking PAC on the Apple M1 with Hardware Attacks ...
A Policy Fireside Chat with the National Cyber Director Chris Inglis Title: A Policy Fireside Chat with the National Cyber Director Description: Speaker(s): Chris Inglis, National ...
Running Rootkits Like A Nation-State Hacker Omri Misgav Omri Misgav - Running Rootkits Like A Nation-State Hacker Omri Misgav, CTO, Security Research Group ...
Glitched on Earth by humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal Lennert Wouters Lennert Wouters - Glitched on Earth by humans: A Black-Box Security Evaluation of the SpaceX ...
Avoiding Memory Scanners: Customizing Malware to Evade YARA, PE-sieve, and More Kyle Avery Kyle Avery - Avoiding Memory Scanners: Customizing Malware to Evade YARA, PE-sieve, and More Kyle ...
One Bootloader to Load Them All Mickey Michael Mickey Shkatov & Jesse Michael - One Bootloader to Load Them All Mickey Shkatov, Hacker, ...
Global Challenges, Global Approaches in Cyber Policy Pete Cooper , Gaurav Keerthi , Lily Tba Title: Global Challenges, Global Approaches in Cyber Policy Description: While each nation and region around ...
Backdooring Pickles: A decade only made things worse Coldwaterq ColdwaterQ - Backdooring Pickles: A decade only made things worse ColdwaterQ, Senior Security Engineer at ...
You’re Patrick Wardle Patrick Wardle - You’re Muted Rooted Patrick Wardle, Founder, Objective-See Foundation, he/him Presentation Title: You’re ...
A Policy Fireside Chat with Jay Healey Jason Rashid Title: A Policy Fireside Chat with Jay Healey Description: In this fireside chat, Jason Healey ...
Weaponizing Windows Syscalls as Modern, 32-bit Shellcode Tarek Brizendine Tarek Abdelmotaleb & Dr. Bramwell Brizendine - Weaponizing Windows Syscalls as Modern, 32-bit Shellcode Tarek ...
Space Jam: Exploring Radio Frequency Attacks in Outer Space James Pavur Dr. James Pavur - Space Jam: Exploring Radio Frequency Attacks in Outer Space Dr. James ...
Process injection: breaking all macOS security layers with a single vulnerability Thijs Alkemade Thijs Alkemade - Process injection: breaking all macOS security layers with a single vulnerability Thijs ...
Phreaking 2.0 - Abusing Microsoft Teams Direct Routing Moritz Abrell Moritz Abrell - Phreaking 2.0 - Abusing Microsoft Teams Direct Routing Moritz Abrell, SySS GmbH ...
Leak The Planet: Veritatem cognoscere non pereat mundus Emma North Emma Best & Xan North - Leak The Planet: Veritatem cognoscere non pereat mundus Emma ...
Trace me if you can: Bypassing Linux Syscall Tracing Rex Zeng Rex Guo & Junyuan Zeng - Trace me if you can: Bypassing Linux Syscall Tracing ...
Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS. Octavio Gall Octavio Gianatiempo & Octavio Galland - Exploring the hidden attack surface of OEM IoT devices: ...
LSASS Shtinkering: Abusing Windows Error Reporting to Dump LSASS Asaf Ben-yitzhak Asaf Gilboa, Security Researcher, Deep Instinct Ron Ben-Yitzhak, Security Researcher, Deep Instinct Presentation Title: LSASS ...
How Russia is trying to block Tor Roger Dingledine Roger Dingledine - How Russia is trying to block Tor Presentation Title: How Russia is ...
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling James Kettle James Kettle - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling James 'albinowax' ...
Hacking ISPs with Point-to-Pwn Protocol over Ethernet (PPPoE) Gal Zror Gal Zror - Hacking ISPs with Point-to-Pwn Protocol over Ethernet (PPPoE) Gal Zror, Vulnerability Research ...
Wireless Keystroke Injection (WKI) via Bluetooth Low Energy (BLE) Jose Pico , Fern Perera Jose Pico & Fernando Perera - Wireless Keystroke Injection (WKI) via Bluetooth Low Energy (BLE) ...
A dead man’s full-yet-responsible-disclosure system Yolan Romailler Yolan Romailler - A dead man’s full-yet-responsible-disclosure system Yolan Romailler, Applied Cryptographer, He/Him Presentation Title: ...
Hunting Bugs in The Tropics Daniel Jensen Daniel (dozer) Jensen - Hunting Bugs in The Tropics Daniel (dozer)Jensen, Hacker Presentation Title: Hunting ...
Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS Orange Tsai Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS Orange Tsai, Principal ...
Walk This Way: What Run D.M.C. and Aerosmith Can Teach Us About the Future of Cybersecurity Jen Tangent Title: Walk This Way: What Run D.M.C. and Aerosmith Can Teach Us About the Future ...
Deanonymization of TOR HTTP hidden services Ionut Cernica Ionut Cernica - Deanonymization of TOR HTTP hidden services Ionut Cernica, PHD Student @Department of ...
Killer Hertz Chris Rock Chris Rock - Killer Hertz Chris Rock, Hacker Presentation Title: Killer Hertz Length of presentation: ...
Pulling Passwords out of Configuration Manager: Practical Attacks against Microsoft's Endpoint Management Software Christopher Panayi Christopher Panayi - Pulling Passwords out of Configuration Manager: Practical Attacks against Microsoft's Endpoint Management ...
Tear Down this Zywall: Breaking Open Zyxel Encrypted Firmware Jay Lagorio Jay Lagorio - Tear Down this Zywall: Breaking Open Zyxel Encrypted Firmware Jay Lagorio, Independent ...
Dragon Tails: Supply-side Security and International Vulnerability Disclosure Law Stewart Herr Stewart Scott & Trey Herr - Dragon Tails: Supply-side Security and International Vulnerability Disclosure Law ...
Brazil Redux: Short Circuiting Tech-Enabled Dystopia with The Right to Repair Corynne Mcsherry , Paul F. Roberts , Joe Gr , Louis Wiens Paul Roberts & Panel: Brazil Redux: Short Circuiting Tech-Enabled Dystopia with The Right to Repair ...
Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All Jonathan Leitschuh Jonathan Leitschuh - Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All ...
Literal Self-Pwning: Why Patients - and Their Advocates - Should Be Encouraged to Hack, Improve, and Mod Med Tech Cory Doctorow , Christian Md Cory Doctorow, Christian "quaddi" Dameff, & Jeff “r3plicant” Tully MD - Literal Self-Pwning: Why Patients ...
My First Hack Was in 1958 (Then A Career in Rock’n’Roll Taught Me About Security) Winn Schwartau Winn Schwartau - My First Hack Was in 1958 (Then A Career in Rock’n’Roll Taught ...
No-Code Malware: Windows 11 At Your Service Michael Bargury Michael Bargury, Co-Founder and CTO, Zenity.io, He/Him Presentation Title: No-Code Malware: Windows 11 At Your ...
How To Get MUMPS Thirty Years Later (or, Hacking The Government via FOIA'd Code) Zachary Minneker Zachary Minneker - How To Get MUMPS Thirty Years Later (or, Hacking The Government via ...
Reversing the Original Xbox Live Protocols Tristan Miller Tristan Miller - Reversing the Original Xbox Live Protocols Tristan (monocasa) Miller, Hacker, he/him Presentation ...
Tracking Military Ghost Helicopters over Washington, D.C. Andrew Logan Andrew Logan - Tracking Military Ghost Helicopters over Washington, D.C. Andrew Logan, Hacker, He/him Presentation ...
All Roads leads to GKE's Host : 4+ Ways to Escape Billy Ramdhan Billy Jheng & Muhammad ALifa Ramdhan - All Roads leads to GKE's Host : 4+ ...
The Evil PLC Attack: Weaponizing PLCs Sharon Brizinov Sharon Brizinov - The Evil PLC Attack: Weaponizing PLCs Sharon Brizinov, Directory of Security Research ...
The hitchhacker’s guide to iPhone Lightning & JTAG hacking Stacksmashing stacksmashing - The hitchhacker’s guide to iPhone Lightning & JTAG hacking stacksmashing, Hacker, He/him Presentation ...
UFOs, Alien Life, and the Least Untruthful Things I Can Say. Richard Thieme Richard Thieme - UFOs, Alien Life, and the Least Untruthful Things I Can Say. Richard ...
Analyzing PIPEDREAM: Challenges in testing an ICS attack toolkit. Jimmy Wylie Jimmy Wylie - Analyzing PIPEDREAM: Challenges in testing an ICS attack toolkit. Jimmy Wylie, Principal ...
Chromebook Breakout: Escaping Jail, with your friends, using a Pico Ducky Jimi Allee Jimi 'jimi2x" Allee - Chromebook Breakout: Escaping Jail, with your friends, using a Pico Ducky ...
Exploring Ancient Ruins to Find Modern Bugs: Discovering a 0-Day in an MS-RPC Service Ben Harpaz Ben Barnea & Ophir Harpaz - Exploring Ancient Ruins to Find Modern Bugs: Discovering a ...
HACK THE HEMISPHERE! How we (legally) broadcasted hacker content to all of North America using an end-of-life geostationary satellite, and how you can set up your own broadcast too! Karl Green Karl Koscher & Andrew Green - HACK THE HEMISPHERE! How we (legally) broadcasted hacker content ...
Do Not Trust the ASA, Trojans! Jacob Baines Jacob Baines - Do Not Trust the ASA, Trojans! Jacob Baines, Lead Security Researcher, Rapid7, ...
OpenCola. The AntiSocial Network John Ruffin John Midgley & Oxblood Ruffin - OpenCola. The AntiSocial Network John Midgley, Hacker, He/Him Oxblood ...
The COW (Container On Windows) Who Escaped the Silo Eran Segal Eran Segal - The COW (Container On Windows) Who Escaped the Silo Eran Segal, Security ...
Digging into Xiaomi’s TEE to get to Chinese money Slava Makkaveev Slava Makkaveev - Digging into Xiaomi’s TEE to get to Chinese money Slava Makkaveev, Security ...
Doing the Impossible: How I Found Mainframe Buffer Overflows Jake Labelle Jake Labelle - Doing the Impossible: How I Found Mainframe Buffer Overflows Jake Labelle, Hacker ...
Déjà Vu: Uncovering Stolen Algorithms in Commercial Products Patrick Mcguire Patrick Wardle & Tom McGuire - EvilCorp(s): Déjà Vu: Uncovering Stolen Algorithms in Commercial Products ...
The Big Rick: How I Rickrolled My High School District and Got Away With It Minh Duong Minh Duong - The Big Rick: How I Rickrolled My High School District and Got ...
You Have One New Appwntment - Hacking Proprietary iCalendar Properties Eugene Lim Eugene Lim - You Have One New Appwntment - Hacking Proprietary iCalendar Properties Eugene "spaceraccoon" ...
Automotive Ethernet Fuzzing: From purchasing ECU to SOME/IP fuzzing Jonghyuk Song , Soohwan Choi Automotive Ethernet Fuzzing: From purchasing ECU to SOME/IP fuzzing Jonghyuk Song, Redteam Leader, Autocrypt Soohwan ...
Tor: Darknet Opsec By a Veteran Darknet Vendor & the Hackers Mentality Sam Bent Sam Bent - Tor: Darknet Opsec By a Veteran Darknet Vendor & the Hackers Mentality ...
Perimeter Breached! Hacking an Access Control System Sam Povolny Sam Quinn & Steve Povolny - Perimeter Breached! Hacking an Access Control System Sam Quinn, ...
Trailer Shouting: Talking PLC4TRUCKS Remotely with an SDR Ben Poore Ben Gardiner - Trailer Shouting: Talking PLC4TRUCKS Remotely with an SDR Presentation Title: Trailer Shouting: ...
Low Code High Risk: Enterprise Domination via Low Code Abuse Michael Bargury Michael Bargury, Co-Founder and CTO, Zenity.io, He/Him Presentation Title: Low Code High Risk: Enterprise Domination ...
Why did you lose the last PS5 restock to a bot Top-performing app-hackers business modules, architecture, and techniques Arik Arik Atar - Top-performing account crackers business modules, architecture, and techniques: why did you lose ...
Defeating Moving Elements in High Security Keys Bill Graydon Bill Graydon - Defeating Moving Elements in High Security Keys Bill Graydon, Principal, Physical Security ...
Hacking The Farm: Breaking Badly Into Agricultural Devices. Sick Codes Sick Codes - Hacking The Farm: Breaking Badly Into Agricultural Devices. Sick Codes, Hacker Presentation ...
Internal Server Error: Exploiting Inter-Process Communication with new desynchronization primitives Martin Doyhenard Martin Doyhenard - Internal Server Error: Exploiting Inter-Process Communication with new desynchronization primitives Martin Doyhenard, ...
Crossing the KASM -- a webapp pentest story Samuel Gardner Samuel Erb (erbbysam) & Justin Gardner (Rhynorater) - Crossing the KASM - a webapp pentest ...
Black-Box Assessment of Smart Cards Daniel Crowley Daniel Crowley - Black-Box Assessment of Smart Cards Daniel Crowley, Head of Research, X-Force Red, ...
The CSRF Resurrections! Starring the Unholy Trinity: Service Worker of PWA, SameSite of HTTP Cookie, and Fetch Dongsung Kim Dongsung Kim - The CSRF Resurrections! Starring the Unholy Trinity: Service Worker of PWA, SameSite ...
Digital Skeleton Keys - We’ve got a bone to pick with offline Access Control Systems Miana Micsen Miana E Windall & Micsen - Digital Skeleton Keys - We’ve got a bone to ...
Exploitation in the era of formal verification: a peek at a new frontier with AdaCore/SPARK Adam Tereshkin Adam Zabrocki & Alex Tereshkin - Exploitation in the era of formal verification: a peek ...
emulation-driven reverse-engineering for finding vulns Atlas atlas - Emulation-driven reverse-engineering for finding vulns atlas, chief pwning officer, 0fd00m c0rp0ration, He/Him Presentation ...
Save The Environment (Variable): Hijacking Legitimate Applications with a Minimal Footprint Wietze Beukema Wietze Beukema - Save The Environment (Variable): Hijacking Legitimate Applications with a Minimal Footprint Wietze ...
STrace - A DTrace on windows reimplementation. Stephen Eckels Stephen Eckels - STrace - A DTrace on windows reimplementation. Stephen Eckels, Senior Reverse Engineer, ...
The Call is Coming From Inside The Cluster: Mistakes that Lead to Whole Cluster Pwnership Dagan Kline Dagan Henderson & Will Kline - The Call is Coming From Inside The Cluster: Mistakes ...
Taking a Dump In The Cloud Melvin Flangvik Melvin "Flangvik" Langvik - Taking a Dump In The Cloud Melvin "Flangvik" Langvik, Senior Security ...
PreAuth RCE Chains on an MDM: KACE SMA Jeffrey Hofmann Jeffrey (jeffssh) Hofmann - PreAuth RCE Chains on an MDM: KACE SMA Jeffrey (jeffssh) Hofmann, ...
Defaults - the faults. Bypassing android permissions from all protection levels Nikita Kurtin Nikita Kurtin - Defaults - the faults. Bypassing android permissions from all protection levels. Nikita ...
Less SmartScreen More Caffeine – ClickOnce (Ab)Use for Trusted Code Execution Steven Powers Nick Powers & Steven Flores - Less SmartScreen More Caffeine – ClickOnce (Ab)Use for Trusted ...
ElectroVolt: Pwning popular desktop apps while uncovering new attack surface on Electron Aaditya Garrett Aaditya Purani & Max Garrett - ElectroVolt: Pwning popular desktop apps while uncovering new attack ...
The Journey From an Isolated Container to Cluster Admin in Service Fabric Aviv Sasson Aviv Sasson, Principal security researcher, Palo Alto Networks, He/His Presentation Title: The Journey From an ...
Solana JIT: Lessons from fuzzing a smart-contract compiler Thomas Roth Thomas Roth - Solana JIT: Lessons from fuzzing a smart-contract compiler Thomas Roth, Hacker, He/Him ...