Defcon19 2011 Aug. 5, 2011 to Aug. 7, 2011, Las Vegas,USA
Tell us about missing data
Tell us about missing data
| Title | Speakers | Summary | Topic Types |
|---|---|---|---|
| Bosses love Excel, Hackers too. | Chema Alonso , Juan Garrido "silverhack" | Remote applications published in companies are around us in the cloud. In this talk we ... | |
| Dust: Your Feed RSS Belongs To You! Avoid Censorship! | Chema Alonso , Juan Garrido "silverhack" | Law around the world is trying to control what is published on the Internet. After ... | |
| IP4 TRUTH: The IPocalypse is a LIE | Sterling Archer , Freaksworth | There is a long tradition of researchers presenting at security conferences on topics that are ... | |
| Security When Nano Seconds Count | James "Myrcurial" Arlen | There's a brave new frontier for IT Security - a place where "best practices" does ... | |
| Beat to 1337: Creating A Successful University Cyber Defense Organization | Mike Arpaia , Ted Reed | A university with no prior CTF experience and no students with significant prior information security ... | |
| Pillaging DVCS Repos For Fun And Profit | Adam evilpacket Baldwin | Distributed Version Control Systems, like git are becoming an increasingly popular way to deploy web ... | |
| Chip & PIN is Definitely Broken | Andrea Barisani , Daniele Bianco , Zac Franken , Adam ( Major Malfunction ) Laurie | The EMV global standard for electronic payments is widely used for inter-operation between chip equipped ... | |
| Deceptive Hacking: How Misdirection Can Be Used To Steal Information Without Being Detected | Bruce "grymoire" Barnett | There are many similarities between professional hackers and professional magicians. Magicians are experts in creating ... | |
| Fingerbank — Open DHCP Fingerprints Database | Olivier Bilodeau | The presentation will first take a step back and offer a basic reminder of what ... | |
| PacketFence, The Open Source Nac: What We've Done In The Last Two Years | Olivier Bilodeau | Ever heard of PacketFence? It's a free and open source Network Access Control (NAC) software ... | |
| Federation and Empire | Emmanuel Bouillon | Federated Identity is getting prevalent in corporate environments. True, solving cross domain access control to ... | |
| Three Generations of DoS Attacks (with Audience Participation, as Victims) | Sam Bowne | Denial-of-service (DoS) attacks are very common. They are used for extortion, political protest, revenge, or ... | |
| Building The DEF CON Network, Making A Sandbox For 10,000 Hackers | Luiz 'effffn' Eduardo , David "videoman" Bryan | We will cover on how the DEF CON network team builds a network from scratch, ... | |
| Kinectasploit: Metasploit Meets Kinect | Jeff Bryner | We've all seen hackers in movies flying through 3D worlds as they hack the gibson. ... | |
| Physical Memory Forensics for Cache | Jamie Butler | Physical memory forensics has gained a lot of traction over the past five or six ... | |
| Metasploit vSploit Modules | Will Vandevanter , Marcus j. Carey , David Rude | This talk is for security practitioners who are responsible for and need to test enterprise ... | |
| Lives On The Line: Securing Crisis Maps In Libya, Sudan, And Pakistan | George Chamales | Crisis maps collect and present open source intelligence (Twitter, Facebook, YouTube, news reports) and direct ... | |
| Abusing HTML5 | Ming Chow | The spike of i{Phone, Pod Touch, Pad}, Android, and other mobile devices that do not ... | |
| Familiarity Breeds Contempt | Brad "Renderman" Haines , Sandy "mouse" Clark | "Good programmers write code, great programmers reuse" is one of the most well known truisms ... | |
| Operational Use of Offensive Cyber | Christopher Cleary | This session will discuss the "Art of the Possible" when it comes to "Offensive Cyber ... | |
| Look At What My Car Can Do | Tyler Cohen | This presentation is an introduction to the new world of automobile communication, data and entertainment ... | |
| Kernel Exploitation Via Uninitialized Stack | Kees Cook | Leveraging uninitialized stack memory into a full-blown root escalation is easier than it sounds. See ... | |
| The Art and Science of Security Research | Greg Conti | Research is a tricky thing, full of pitfalls, blind alleys, and rich rewards for the ... | |
| Internet Kiosk Terminals : The Redux | Paul Craig | Paul Craig is the self-proclaimed "King of Kiosk Hacking" You have likely heard of him ... | |
| Cipherspaces/Darknets: An Overview Of Attack Strategies | Adrian Crenshaw | Darknets/Cipherspaces such as Tor and I2P have been covered before in great detail. Sometimes it ... | |
| Speaking with Cryptographic Oracles | Daniel Crowley | Cryptography is often used to secure data, but few people have a solid understanding of ... | |
| Taking Your Ball And Going Home; Building Your Own Secure Storage Space That Mirrors Dropbox's Functionality | Phil Cryer | When for-profit companies offer a free app, there is always going to be strings attached. ... | |
| PCI 2.0: Still Compromising Controls and Compromising Security | James Arlen , Jack Daniel , Joshua Corman , Dave Shackleford , Martin Mckeay , Alex Hutton | Building on last year's panel discussion of PCI and its impact on the world of ... | |
| Former Keynotes - The Future | Rod Beckstrom , Jerry Dixon , Linton Wells , Tony Sager , Dark Tangent | Former keynotes keep coming back to DEFCON. Join The Dark Tangent, Rod Beckstrom, Jerry Dixon, ... | |
| Introduction to Tamper Evident Devices | Datagram | Tamper evident technologies are quickly becoming an interesting topic for hackers around the world. DEF ... | |
| VDLDS — All Your Voice Are Belong To Us | Ganesh Devarajan , Don Lebert | Anytime you want to bypass the system, you tend to have a telephone conversation instead ... | |
| Safe to Armed in Seconds: A Study of Epic Fails of Popular Gun Safes | Deviant Ollam | Hackers like guns. Hackers like locks. Hackers like to tinker with guns and locks. And, ... | |
| Whitfield Diffie and Moxie Marlinspike | Whitfield Diffie , Moxie Marlinspike | Come watch Whitfield Diffie and Moxie Marlinspike talk about certificate authorities, DNSSEC, SSL, dane, trust ... | |
| Bit-squatting: DNS Hijacking Without Exploitation | Artem Dinaburg | We are generally accustomed to assuming that computer hardware will work as described, barring deliberate ... | |
| A Bridge Too Far: Defeating Wired 802.1x with a Transparent Bridge Using Linux | Alva 'skip' Duckwall | Using Linux and a device with 2 network cards, I will demonstrate how to configure ... | |
| Virtualization under attack: Breaking out of KVM | Nelson Elhage | KVM, the Linux Kernel Virtual Machine, seems destined to become the dominant open-source virtualization solution ... | |
| I Am Not a Doctor but I Play One on Your Network | Tim Elrod , Stefan Morris | How secure is your Protected Health Information? This talk will expose the world of Health ... | |
| Mamma Don't Let Your Babies Grow Up to be Pen Testers - (a.k.a. Everything Your Guidance Counselor Forgot to Tell You About Pen Testing) | Patrick Engebretson , Josh Pauli | Always wanted to be a 1337 penetration tester capable of deciphering Kryptos while simultaneously developing ... | |
| Steganography and Cryptography 101 | Eskimo | There are a lot of great ways to hide your data from prying eyes this ... | |
| Don't Drop the SOAP: Real World Web Service Testing for Web Hackers | Kevin Johnson , Tom Eston , Josh Abraham | Over the years web services have become an integral part of web and mobile applications. ... | |
| "Get Off of My Cloud": Cloud Credential Compromise and Exposure | Ben Feinstein , Jeff Jarmoc | An Amazon Machine Image (AMI) is a virtual appliance container used to create virtual machines ... | |
| Handicapping the US Supreme Court: Can We Get Rich by Forceful Browsing? | Foofus | Using only script-kiddie skills, it may be possible to handicap the outcome of decisions of ... | |
| Getting F***** On the River | Gus Fritschie , Mike Wright | Online poker is a multi-million dollar industry that is rapidly growing, but is not highly ... | |
| Cellular Privacy: A Forensic Analysis of Android Network Traffic | Eric Fulton | People inherently trust their phones, but should they? "Cellular Privacy: A Forensic Analysis of Android ... | |
| UPnP Mapping | Daniel Garcia | Universal Plug and Play(UPnP) is a technology developed by Microsoft in 1999, as a solution ... | |
| Gone in 60 Minutes: Stealing Sensitive Data from Thousands of Systems Simultaneously with OpenDLP | Andrew Gavin | Got domain admin to a couple of thousand Windows systems? Got an hour to spare? ... | |
| Strategic Cyber Security: An Evaluation of Nation-State Cyber Attack Mitigation Strategies | Kenneth Geers | This presentation argues that computer security has evolved from a technical discipline to a strategic ... | |
| Bulletproofing The Cloud: Are We Any Closer To Security? | Ramon Gomez | Cloud security has come into focus in the last few years; while many ways to ... | |
| Smile for the Grenade! "Camera Go Bang!" | Joshua Marpet , Vlad Gostom | Cameras are hugely important to urban and suburban battlefields. Reconnaissance is a must-have for commanders, ... | |
| Represent! Defcon Groups, Hackerspaces, and You. | Itzik Kotler , Anarchy Angel , Anch , Blakdayz , Ngharo , Jake "genericsuperhero" Black , Converge | Fabricating, circumventing, forging, partying, milling, crafting, building breaking — Defcon Groups have risen, fallen, and ... | |
| Smartfuzzing The Web: Carpe Vestra Foramina | Nathan Hamiel , Gregory Fleischer , Justin Engler , Seth Law | It can be scary to think about how little of the modern attack surface many ... | |
| Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests | Wendel Guglielmetti Henrique , Rob Havelt | Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests brings the DEF ... | |
| From Printer To Pwnd: Leveraging Multifunction Printers During Penetration Testing | Deral Heiland | In this presentation we go beyond the common printer issues and focus on harvesting data ... | |
| Assessing Civilian Willingness to Participate in On-Line Political and Social Conflict | Max Kilger , Thomas J. Holt | Changes in the social dynamics and motivations of the hacking community are a potential catalyst ... | |
| An Insider's Look at International Cyber Security Threats and Trends | Rick Howard | Verisign iDefense General Manager, Rick Howard, will provide an inside look into current cyber security ... | |
| Anonymous Cyber War | Hubris , A5h3r4h | This talk will educate listeners on best practices for safety and privacy on the Internet.It ... | |
| Economics of Password Cracking in the GPU Era | Robert "hackajar" Imhoff-dousharm | As this shift to "General Computing" and working in the cloud has accelerated in the ... | |
| Jugaad – Linux Thread Injection Kit | Aseem | Windows malware conveniently use the CreateRemoteThread() api to delegate critical tasks inside of other processes. ... | |
| The Art of Trolling | Matt 'openfly' Joyce | Trolling is something that today has a very negative connotation on the Internet and in ... | |
| Black Ops of TCP/IP 2011 | Dan Kaminsky | Remember when networks represented interesting targets, when TCP/IP was itself a vector for messiness, when ... | |
| Hacking Your Victims Over Power Lines | Dave Kennedy | When performing penetration tests on the internal network in conjunction with physical pentests your always ... | |
| Tracking the Trackers: How Our Browsing History Is Leaking into the Cloud | Brian Kennish | What companies and organizations are collecting our web-browsing activity? How complete is their data? Do ... | |
| Hacking and Securing DB2 LUW Databases | Alexander Kornbrust | DB2 for Linux, Unix and Windows is one of the databases where only little bit ... | |
| Sounds Like Botnet | Iftach Ian Amit , Itzik Kotler | VoIP is one of the most widely-used technologies among businesses and, increasingly, in households. It ... | |
| DCFluX in: License to Transmit | Matt "DCFluX" Krick | When cell phones, land lines and the internet break down in a disaster, Amateur radio ... | |
| Balancing The Pwn Trade Deficit – APT Secrets in Asia | Jeremy Chiu , Anthony ( darkfloyd ) Lai , Benson Wu , Pk | In last year, we have given a talk over China-made malware in both Blackhat and ... | |
| And That's How I Lost My Eye: Exploring Emergency Data Destruction | Deviant Ollam , Shane Lawson , Bruce Potter | Are you concerned that you have become a subject of unwarranted scrutiny? Convinced that the ... | |
| I'm Your MAC(b)Daddy | Grayson Lenik | The field of Computer Forensics moves more and more in the direction of rapid response ... | |
| Don't Fix It In Software | Katy Levinson | At Defcon 17 when a speaker didn't show a bottle of vodka was offered to ... | |
| PIG: Finding Truffles Without Leaving A Trace | Ryan Linn | When we connect to a network we leak information. Whether obtaining an IP address, finding ... | |
| Hacking and Forensicating an Oracle Database Server | David Litchfield | N/A | |
| Johnny Long and Hackers for Charity | Johnny Long | Picking on charities is just plain rude. Thankfully, that's not what we're about. We're about ... | |
| Pervasive Cloaking | William Manning | What Cloak? Recent policy proposals from the US Executive seem to call for government support ... | |
| We're (The Government) Here To Help: A Look At How FIPS 140 Helps (And Hurts) Security | Joey Maresca | Many standards, especially those provided by the government, are often viewed as more trouble the ... | |
| SSL And The Future Of Authenticity | Moxie Marlinspike | In the early 90's, at the dawn of the World Wide Web, some engineers at ... | |
| Hacking .Net Applications: The Black Arts | Jon Mccoy | This presentation will cover the Black Arts of making Cracks, KeyGens, Malware, and more. The ... | |
| Covert Post-Exploitation Forensics With Metasploit | Wesley Mcgrew | In digital forensics, most examinations take place after the hardware has been physically seized (in ... | |
| Vulnerabilities of Wireless Water Meter Networks | John Mcnabb | Why research wireless water meters? Because they are a potential security hole in a critical ... | |
| Battery Firmware Hacking | Charlie Miller | Ever wonder how your laptop battery knows when to stop charging when it is plugged ... | |
| DEF CON Comedy Jam IV, A New Hope For The Fail Whale | James Arlen , David Mortman , Rich Mogull , Chris Hoff , Rob Graham , Larry Pesce , Dave Maynor | We're baaaaaack! The most talked about panel at DEF CON! Nearly two hours of non-stop ... | |
| Blinkie Lights: Network Monitoring with Arduino | Steve Ocepek | Remember the good old days, when you'd stare at Rx and Tx on your shiny ... | |
| Ask EFF: The Year in Digital Civil Liberties | Marcia Hofmann , Peter Eckersley , Kevin Bankston , Kurt Opsahl , Hanni Fakhoury , Rebecca Reagan | Get the latest information about how the law is racing to catch up with technological ... | |
| Hacking Google Chrome OS | Kyle 'kos' Osborn , Matt Johanson | Google recently announced Chrome OS powered computers, called Chromebooks, at Google I/O and the company ... | |
| VoIP Hopping the Hotel: Attacking the Crown Jewels through VoIP | Jason Ostrom | This presentation is about the security of VoIP deployed in hotel guest rooms. What it ... | |
| Big Brother on the Big Screen: Fact/Fiction? | Nicole Ozer | Can the NSA really do that? Um, yes. Join me at the movies to take ... | |
| Getting SSLizzard | Nicholas J. Percoco , Paul Kehrer | The world has seen a seismic shift from browser-based web applications to GUI-rich semi-thick client ... | |
| Malware Freak Show 3: They're pwning er'body out there! | Nicholas J. Percoco , Jibran Ilyas | Well There's malware on the interwebs. They're pwning all your systems, snatching your data up. ... | |
| This is REALLY not the droid you're looking for... | Sean Schulte , Nicholas J. Percoco | Last year, we presented a talk on the implication of malware and rootkits on mobile ... | |
| Hacking MMORPGs for Fun and Mostly Profit | Josh Phillips | Online games, such as MMORPG's, are the most complex multi-user applications ever created. The security ... | |
| Port Scanning Without Sending Packets | Gregory Pickett | With auto-configuration protocols now being added to operating systems and implemented by default in your ... | |
| My password is: #FullOfFail! — The Core Problem with Authentication and How We Can Overcome It | Jason M. Pittman | Authentication is an integral part of our modern, digital lifestyle. It is a universal means ... | |
| Sneaky PDF | Mahmud ab Rahman | Being a most prevalent document exchange format on the Internet, Portable Document Format (PDF) is ... | |
| Why Airport Security Can't Be Done FAST | Semon Rezchikov , Morgan Wang , Joshua Engelman | Eight years after 9/11 TSA finally decided to fix their security system. But what has ... | |
| "Whoever Fights Monsters..." Aaron Barr, Anonymous, and Ourselves | Joshua Corman , Paul Roberts , Jericho , Aaron Barr | "Whoever fights monsters should see to it that in the process he does not become ... | |
| What Time Are You Anyway? | Michael Robinson | Computer forensic examiners rely heavily on timestamps during investigations. Timeline analysis is a critical technique ... | |
| Owned Over Amateur Radio: Remote Kernel Exploitation in 2011 | Dan Rosenberg | Originally considered to be the stuff of myth, remote kernel exploits allow attackers to bypass ... | |
| Build your own Synthetic Aperture Radar | Michael Scarito | Radar is used extensively by the military, police, weather, air travel, and maritime industries - ... | |
| Net Neutrality Panel | Michael "theprez98" Schearer , Abigail Phillips , Deborah Salons , Todd Kimball | Over the last five years, network neutrality has moved from an abstract buzzword to FCC-enacted ... | |
| WTF Happened to the Constitution?! The Right to Privacy in the Digital Age | Michael "theprez98" Schearer | There is no explicit right to privacy in the Constitution, but some aspects of privacy ... | |
| Archive Team: A Distributed Preservation of Service Attack | Jason Scott | For the last few years, historian and archivist Jason Scott has been involved with a ... | |
| Attacking and Defending the Smart Grid | Justin Searle | The Smart Grid brings greater benefits for utilities and customer alike, however these benefits come ... | |
| Mobile App Moolah: Profit taking with Mobile Malware | Jimmy Shah | Smartphones are a hot new market for software developers. Millions of potential customers, and a ... | |
| Are You In Yet? The CISO's View of Pentesting | Shrdlu | When a CISO pays good money for a thorough pentesting, she wants results. Not necessarily ... | |
| Hacking the Global Economy with GPUs or How I Learned to Stop Worrying and Love Bitcoin | Skunkworks | In the post 9/11 era when it's nearly impossible to buy a pack of gum ... | |
| How Haunters Void Warranties | Reeves Smith | Halloween makers or how haunters void warranties, social engineer and find the joy of creativity. ... | |
| SCADA & PLCs in Correctional Facilities: The Nightmare Before Christmas | Tiffany Rad , Teague Newman , John J. Strauchs | On Christmas Eve, a call was made from a prison warden: all of the cells ... | |
| Steal Everything, Kill Everyone, Cause Total Financial Ruin! (Or How I Walked In And Misbehaved) | Jayson E. Street | This is not a presentation where I talk about how I would get in or ... | |
| Weaponizing Cyberpsychology and Subverting Cybervetting for Fun, Profit and Subterfuge | Chris "thesuggmeister" Sumner , Alien , Alison B | Almost everything we do in life leaves a personality footprint and what we do on ... | |
| How To Get Your Message Out When Your Government Turns Off The Internet | Bruce Sutherland | How would you communicate with the world if your government turned off the Internet? Sound ... | |
| Web Application Analysis With Owasp Hatkit | Patrik Karlsson , Martin Holst | The presentation will take a deep dive into two newly released Owasp tools; the Owasp ... | |
| Wireless Aerial Surveillance Platform | Mike Tassey , Rich Perkins | Tired of theory? This session has everything you want, big yellow aircraft flown by computers, ... | |
| Staring into the Abyss: The Dark Side of Crime-fighting, Security, and Professional Intelligence | Richard Thieme | Nothing is harder to see than things we believe so deeply we don't even see ... | |
| Insecurity: An Analysis Of Current Commercial And Government Security Lock Designs | Marc Weber Tobias , Tobias Bluzmanis , Matt Fiddler | Lock manufacturers continue to produce insecure designs in both mechanical and electro-mechanical locks. While these ... | |
| DIY Non-Destructive Entry | Schuyler Towne | Ever leave the house without your picks only to find yourself in a situation where ... | |
| The Future of Cybertravel: Legal Implications of the Evasion of Geolocation | Marketa Trimble | This presentation discusses the current legal status of evasion of geolocation and the potential liability ... | |
| Runtime Process Insemination | Shawn "lattera" Webb | Injecting arbitrary code during runtime in linux is a painful process. This presentation discusses current ... | |
| Network Nightmare: Ruling The Nightlife Between Shutdown And Boot With Pxesploit | Matt | The best techniques for exploitation, maintaining access, and owning in general move down the stack, ... | |
| Seven Ways to Hang Yourself with Google Android | Erika Chin , Yekaterina Tsipenyuk O'neil | According to Google, Android was designed to give mobile developers "an excellent software platform for ... | |
| Key Impressioning | Jos Weyers | We've all seen lockpicking explained on several security venues. You might even have tried it ... | |
| Staying Connected during a Revolution or Disaster | Thomas Wilhelm | During the recent revolutions in Africa and the Middle East, governments have shut down both ... | |
| Traps of Gold | Michael Brooks , Andrew Wilson | The only thing worse than no security is a false sense of security. And though ... | |
| Network Application Firewalls: Exploits and Defense | Brad Woodberg | In the last few years, a so called whole new generation of firewalls have been ... | |
| Phishing and Online Scam in China | Joey Zhu | Today, Ebay, Paypal and WOW are all popular targets of global phishing. However, phishing in ... | |
| Vanquishing Voyeurs: Secure Ways To Authenticate Insecurely | Zoz Cannytrophic , Andrea Bianchi | Observation is one of the principal means of compromise of authentication methods relying on secret ... |