You Can't Stop the Signal - Defcon media server
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
You Can’t Stop the Signal August 5-8, 2021
WELCOME to THE BADGE
A hybrid con needs a hybrid badge. Designed to still be useful after the con, the badge is a customizable
macro pad, but itʼs so much more than that. As the new badgemakers, we wanted to encourage more
interaction, so the badge has no less than 6 connectors for you to interface with your
fellow attendees! Use the edge connectors for a quick pairing, or use
a USB cable for a little more distance and maybe play a game while
youʼre connected. For those attending virtually, the badge can help you
control discord or you can remap the keys to do anything you want.
Regardless of where you are, the signal doesnʼt
propagate on its own. It needs our help to expand and
Welcome to DEF CON 29, our first conference that The pandemic reminds us that there is no real
reach our fellow hackers, inviting them to join us as we
is both physical and virtual, and an experiment of boundary between hacking and politics, that there
share and learn from each other. There may even be a
the “Stateless by Design” concept. Our theme is are political implications in the kinds of hacking
challenge associated with it…
“You Canʼt Stop the Signal” we do. For example the DEF CON Voting Machine
Hacking Village went from the obscure to the front Weʼve provided some legends below for you to customize
What is the Signal? From the DC29 announcement page, and altered the trajectory of how elections your keycaps. Thereʼs even some blank ones so you can
“... Even though life changes - school ends, are run for the better by doing what we do best make yours truly unique. We hope you have fun and enjoy
responsibilities accrue - the signal is always there. - hacking technology. The results provided the the badge!
Calling us back to the company of the people who details needed by other voting integrity groups to
understand us, who light up at the same things we advance their work, and signaled that hackers can -MK Factor (Michael @compukidmike and Katie @
do. We want to share what weʼve learned. We want contribute more to society than just “finding bugs”. ktjgeekmom)
to learn what others have to share. We want to I believe we can only engineer ourselves out of
teach and be taught and move the culture forward. policy problems for so long until we are forced to
We want to do our part to construct a future as free confront the issues.
and open, as secure and as resilient as the tribe
thatʼs building it. Thatʼs the signal. Thatʼs why the As the internet fractures into “more open” and
years, the miles and any number of calamities “less open” domains the Signal is being distorted
donʼt stop it.” and subverted. I have been thinking more about
“What can I do to support the Signal?” First I
As you hang out at our pool soaking in the sun and will work to preserve history by hosting hacking
music, or are deep in a stack trace for a contest conference archives on infocon.org. Second our
take a moment to think about what an amazing own services are not tied to a mega platform,
community we have built, and try something new. giving hacking communities a place to grow
Try a new contest, listen to new music, or learn on forum.defcon.org, and making everything
a new physical skill like lock-picking. It sounds accessible over Tor to help those in censored
simple that the Signal is us, supporting each other, countries. Finally I will work to build policy@
but it can get complicated. DEFCON to help give our community a voice,
DEF CON believes in speaking truth to power, bringing the hacking perspective to policymakers,
verifying and testing what you are told, and that and policymakers to the hackers. Letʼs all continue
you need privacy and security at the same time or to engage in super nerd hacking while being aware
you get neither. It should be legal to repair and of the implications to those around us. This is the
test products you have paid for, and corporate signal DEF CON will amplify. Now letʼs party!
control should not be a requirement to be on-line.
An open internet can elevate everyone, and that
your hacking identity is what you do, not what The Dark Tangent
you look like.
2 3
MEDIA SERVER NETWORK
https://10.0.0.16/ or Network Instructions: certificate prior to sending the userʼs credentials
https://dc29-media.defcon.org/ to enter the network. As of DC 27 and our latest
===================== testing, all is well for this year. (and those were
Browse and leech files from all the past DEF CON conferences and find this yearʼs presentation materials, After taking a mandatory break last year, the DEF the last words)
white papers, slides, etc. CON NOC is happy to be back in Vegas delivering 802.1X pro-tip: By configuring 802.1X and choosing
Since last year the DEF CON collection has been updated as well as the best zero-trust network access throughout the for your device to “not verify server certificate” will
many more hacking conferences added to the infocon.org collection. Paris and Ballyʼs conference floors. Obviously using probably not only let that device connect to one of
all of the the blockchainz, machine learningingz, the hundreds of rogue access points on the show
We expect you to leech at full speed, and the server is warmed up and AIz with shift left testing and whatever other
ready to go. Enjoy! floor but will also send your login credentials to a
marketing term people use these days. rogue radius server. This is no bueno and defeats
To make things easier for you here are some example wget commands If you want to get online using the Wi-Fiz, the whole purpose of this authentication method.
and TLS certificate information: remember there are two (and only two) official Another Captain Obvious special, but it has to be
The dc29-media.defcon.org TLS certificate fingerprint: ESSIDs you should use to post your TikTok videos: said: Be an advocate of cyber common sense (™),
Serial Number: 4E075C2E27787E25BC4DCD18CC6C3EE1 - The encrypted one with 802.1X authentication and and do not, I repeat, do NOT choose the same
digital certificate verification: DefCon credentials (aka: username and password) used
(SHA256) 6ADC FB28 0CD1 98CD D45F 5802 6CFF 905E CA19 F95F for your important stuffz, like shopping sites,
- And the unencrypted, wildest-westest of the online-banking, the pornz, your windows domains
EXAMPLE wget command to download all of DEF CON 25: wireless networks: DefCon-Open (yeah, it happened before) to connect to the
wget -np -m “https://dc29-media.defcon.org/infocon.org/cons/DEF CON/DEF CON 25/” Please choose wisely. hacker conference network. Make something up,
be creative, and funny. Like a clown.
Despite the fact that the 802.1X authentication has
been pretty stable for the past few years, never For updated information and instructions on how to
forget weʼre talking about the Wi-Fiz, drivers and connect to the Wi-Fi with the n0t-s0-1337 Operating
possible interoperability issues. Systems along with the link to download the
digital certificate to be used, visit https://wifireg.
Believe or not, we test stuff before we go onsite. defcon.org. And if you donʼt know how to properly
But like any other technology, things change on configure the Wi-Fiz on your üb3r-1337 linux
how operating systems, drivers and users deal distro, you should consider a new platform.
with the Wi-Fiz. There are might be some devices
out there that really do not like 802.1X with PEAP For NOC updates visit https://noc.defcon.org , and
authentication. also follow us on twitter @DEFCON_NOC.
In particular, for quite a while some Android Donʼt forget to subscribe and smash that
platforms wouldnʼt verify the RADIUS server notification button, will ya?
intentionally left blank
4 5
COC ENTERTAINMENT
Conference Code of Conduct
Last updated 3.6.15
DEF CON provides a forum for open discussion between participants, where radical viewpoints are
welcome and a high degree of skepticism is expected. However, insulting or harassing other participants is
unacceptable. We want DEF CON to be a safe and productive environment for everyone. Itʼs not about what
you look like but what is in your mind and how you present yourself that counts at DEF CON.
We do not condone harassment against any participant, for any reason. Harassment includes deliberate
intimidation and targeting individuals in a manner that makes them feel uncomfortable, unwelcome, or
afraid.
Participants asked to stop any harassing behavior are expected to comply immediately. We reserve the
right to respond to harassment in the manner we deem appropriate, including but not limited to expulsion
without refund and referral to the relevant authorities. Bally’s Silver Ballroom
This Code of Conduct applies to everyone participating at DEF CON - from attendees and exhibitors to Thursday Friday Saturday
speakers, press, volunteers, and Goons.
2100: djdead 2000: Thaad 2100: Ohm-i
Anyone can report harassment. If you are being harassed, notice that someone else is being harassed, or
have any other concerns, you can contact a Goon, go to the registration desk, or info booth.
2200: Abstrct 2100: FuzyNop 2200: Great Scott
Conference staff will be happy to help participants contact hotel security, local law enforcement, or
otherwise assist those experiencing harassment to feel safe for the duration of DEF CON. 2300: Dr. McGrew 2200: n0x08 2300: Miss Jackalope
Remember: The CON is what you make of it, and as a community we can create a great experience for 0000: DJ St3rling 2300: Scotch & Bubbles 0000: Zebbler Encanti
everyone. Experience
- The Dark Tangent 0100: Acid T 0000: Skittish & Bus
0100: CTRL/rsm
0100: Magik Plan
CONNECT
Official Sites U.S. Social Media Bally’s Pool
Website: https://defcon.org Twitter: https://twitter.com/defcon Thursday Friday Saturday
2100: Deep Therapy 2100: Yesterday & 22100: mattrix
DEF CON Media: https://media.defcon.org Facebook: https://facebook.com/defcon/ Tomorrow
2200: Tense Future 2200: Icetre Normal
DEF CON Groups: https://defcongroups.org Instagram: https://www.instagram.com/ 2200: Terrestrial Access
wearedefcon/ 2300: FuzzyNop Network 2300: Nina Lowe
DEF CON Forums: https://forum.defcon.org
Reddit: https://www.reddit.com/r/defcon 2300: Z3NPI
All the DEF CON services BALLY’S POOL PARTIES DAILY 13:00--24:00
are available over Tor
6
CTF CONTESTS
opponents. That being said, each organizer has leeway to For full details and links go to https://defcon.org/ Cyber Warrior Network
shape the game to their vision. We have introduced twists html/defcon-29/dc-29-cne.html eSports League
on the format, and will continue to tinker and experiment Tournament
throughout our tenure. Friday: 10:00-21:00, Saturday: 10:00-21:00,
Hacker Jeopardy
Into the System: DEF CON Only the top teams in the world are invited to DEF CON. Sunday: 10:00-12:00
CTF 29 Teams qualify by performing well in the DEF CON Qualifier Friday: 20:00-22:00, Saturday: 20:00-22:00 Location: Hybrid - Contest floor
event (held online in May) or by winning HITCON CTF, hxp Location: Track 1, Ballys
DC CTF 28 was nothing like anyone ever imagined—The
game was hosted in the cloud and teams competed virtually CTF, PlaidCTF, or pwn2win.
Coindroids
from around the globe, and also around the clock: four This year, more than 1,200 teams tried to qualify, 103 Whose Slide is it Anyway
Friday: 10:00-21:00, Saturday: 10:00-21:00,
shifts of eight hours, with nine hours between shifts. During solved two or more challenges. Among these worthy Friday: 22:00-24:00
this brutal 32 hours of competition the teams played Sunday: 10:00-12:00
competitors we have gathered the worldʼs top 16 teams: Location: Hybrid - Contest floor
blackjack in Conwayʼs Game of Life, hacked a Manchester Location: Track 1, Ballyʼs
parallel machine, created an AI using only ROP, and DiceGang Plaid Parliament of Pwning
demonstrated many other impressive hacking skills. At the HITCON Balsn PTB/WTL Drunk Hacker History DC29 CTF
end of a close competition, A*0*E emerged sleep-deprived Katzebin r3kapig
yet victorious. Saturday: 22:00-24:00 Friday: 10:00-21:00, Saturday: 10:00-21:00,
mhackeroni Shellphish
Location: Track 1, Ballyʼs Sunday: 10:00-12:00
During the Orderʼs time in quarantine, we turned our focus NorseCode StarBugs
Location: Hybrid - Contest floor
inward. We tried to picture clusters of information as they 春秋GAME-Nu1L Perfect Guesser
moved through the computer. What did they look like? ooorganizers Tea Deliverers Maps of the Digital
Ships? Motorcycles? Are circuits like freeways? We kept pasten 侍 Lands DEF CON MUD
dreaming of a world we thought weʼd never see. And then, Friday: 10:00-21:00, Saturday: 10:00-21:00, Friday: 10:00-21:00, Saturday: 10:00-21:00,
Come watch them hack in the CTF room. One day, you may
one day… We got in. Sunday: 10:00-12:00 Sunday: 10:00-12:00
take their place. Or ours.
What we found was a nightmarescape System of restricted Location: Onsite - Contest floor Location: Hybrid - Contest floor
Who is the Order of the
devices, advertisement-riddled operating systems, spyware,
DRM, and planned obsolescence. This isnʼt the blissful open Overflow?
future Users were promised. This isnʼt freedom. Beverage Cooling DEF CON Next Top
We have been here for a while. We wandered the halls in
Contraption Contest Threat Model
And now, we need you. Go inward, young hacker, go inward awe of the master hackers at DEF CON 9. We spent sleepless
nights competing against them every year since DEF CON 12. Friday: 10:00-14:00 Friday: 10:00-18:00, Saturday: 10:00-18:00
and study the System. Learn about the System, every Location: Hybrid - Contest floor
We have been the hackers, and we have been the hacked. Location: Onsite - Contest floor
aspect of the System, better than those who created it. Use
your knowledge to make the impossible possible. Use your Now, as the organizers of DEF CON CTF, we hope to shepherd
knowledge to hack. Use your knowledge to free the system. the game through the next generation of technological and
societal shifts. Just as importantly, we strive to keep DEF SEA-TF: Maritime DEF CON Scavenger
Use your knowledge to protect the User. Hacking CTF Hunt
CON CTF a spectacle that can be used to inspire the next
Above all, use your knowledge to protect the Signal. generation, who, just like we used to do, will first wander Friday: 10:00-21:00, Saturday: 10:00-21:00, Friday: 10:00-21:00, Saturday: 10:00-21:00,
the halls in awe of the players and then hack them to shreds Sunday: 10:00-12:00 Sunday: 10:00-12:00
Capture the Flag? a decade later. Location: Onsite - Contest floor Location: Hybrid - Contest floor
Capture the Flag is a hacking competition in which teams Resources
compete to out-hack each other. Originating over two The following resources may be helpful to interested
decades ago at DEF CON 4, CTF has now grown to become Autonymous Driving CTF EFF Tech Trivia
hackers!
a global phenomenon. CTFs are held every weekend, and Our philosophy: https://www.oooverflow.io/philosophy. Friday: 10:00-21:00, Saturday: 10:00-21:00, See Website
teams join online or fly around the world to test their skills. html Sunday: 10:00-12:00 Location: Hybrid - Contest floor
Traditionally, DEF CON CTF has been an “attack/defense” Game announcements: https://twitter.com/oooverflow Location: Hybrid - Contest floor
CTF: teams are provided identical sets of network services, DEF CON CTF scoreboard: https://ctf.oooverflow.io
and must defend their instances of these programs while CTF tracker: https://ctftime.org
exploiting vulnerabilities in the instances run by their We hope to see you play in finals next year!
8 9
CONTESTS
Hackfortress Car Hacking Village CTF CMD+CTRL Short Story Contest
Friday: 10:00-21:00, Saturday: 10:00-21:00, Friday: 10:00-24:00 Friday: 10:00-17:00, Saturday: 10:00-17:00 May 1, 2021 - June 15, 2021
Sunday: 10:00-12:00 Location: Car Hacking Village Location: Online only Location: Online only
Location: Hybrid - Contest floor
Crack Me If You Can Hack3r Runw@y Sticker Design Contest
Red Team CTF Fri 10:00 - Sat 21:00 Friday: 10:00-21:00, Saturday: 10:00-21:00, Pre-DEF CON
Friday: 10:00-21:00, Saturday: 10:00-21:00, Location: Password Village Sunday: 10:00-12:00 Location: Online only
Sunday: 10:00-12:00 Location: Online only
Location: Hybrid - Contest floor
The Gold Bug TeleChallenge
Village Hours Kubernetes CTF Friday: 10:00-21:00, Saturday: 10:00-21:00,
Secure Coding Friday: 10:00-23:00, Saturday: 10:00-18:00
Location: Crypto and Privacy Village Sunday: 10:00-12:00
Tournament CTF Location: Online only Location: Online only
Friday: 10:00-21:00, Saturday: 10:00-21:00,
Sunday: 10:00-12:00 Hack the Plan[3]t
Location: Hybrid - Contest floor Village Hours Red Alert ICS CTF TraceLabs OSINT
Friday: 10:00-18:00, Saturday: 10:00-18:00 Search Party CTF
Location: ICS Village
Location: Online only Friday: 10:00-16:00
The Schemaverse Location: Online only
Tournament Hospital Under Siege
Friday: 10:00-21:00, Saturday: 10:00-21:00, Village Hours Salty Sensor Contest
Sunday: 10:00-12:00 Location: Biohacking Village Friday: 10:00-21:00, Saturday: 10:00-21:00,
Location: Hybrid - Contest floor Sunday: 10:00-12:00
Location: Online only
OpenSOC Blue Team CTF
Tin Foil Hat Contest
Village Hours
Friday: 10:00-21:00, Saturday: 10:00-21:00,
Location: Blue Team Village (Online)
Sunday: 10:00-12:00
Location: Hybrid - Contest floor
Radio Frequency CTF
Village Hours
AppSec Village (CTF)2
Location: RF Hacker Santuary
Village Hours
Location: AppSec Village
SOHOpelessly Broken
CTF
BIC Village CTF Friday: 10:00-21:00, Saturday: 10:00-21:00,
Friday 10:00 - Saturday 15:00 Sunday: 10:00-12:00
Location: BIC Village Location: IOT Village
Capture the Packet Testnet Cointest
Village Hours Friday: 10:00-21:00, Saturday: 10:00-21:00,
Location: Packet Village Sunday: 10:00-12:00
Location: Cryptocurrency Village
10 11
PARTIES /MEETUPS VILLAGES
For more details and links, visit the Parties & Meetups page at https://defcon.org/html/defcon-29/dc-29-parties.html For complete details and links, visit the Villages page at https://defcon.org/html/defcon-29/dc-29-villages.html
AppSec Village Hardware Hacking
QueerCon Hacker Flairgrounds
Village
[Hybrid] [In-Person] Friday: 10:00 - 17:00, Saturday: 10:00 - 17:00,
Sunday: 10:00 - 13:30 Friday: 09:00 - 16:00, 09:00 - 18:00 Online,
Thursday, Friday, Saturday from 16:00 - 18:00 at Saturday from 22:00 at Paris, Chillout 2 Saturday: 09:00 - 16:00, 09:00 - 18:00 Online,
Ballyʼs Pool Location: Hybrid, Paris Ballroom
DC404/DC678/DC770/ Sunday: 09:00 - 13:00, 09:00 - 16:00 Online
Toxic BBQ DC470 (Atlanta Metro) Ham Radio Village Location: Hybrid, Ballyʼs, Bronze 3 & 4
Meetup
[In-Person] Friday: 10:00 - 16:00, Saturday: 10:00 - 17:00, Password Village
[In-Person] Sunday: 10:00 - 14:00
Thursday, 1600-2200 Off-site at Sunset Park, Friday: 09:00 - 15:00, Saturday: 09:00 - 15:00
Pavilion F, (36.0636, -115.1178) Saturday from 17:00 - 19:00 at Ballyʼs Skyview 2 Location: Hybrid, Ballyʼs, Bronze 1 & 2
Location: Paris Ballroom
A&E Pool Party! Vetcon Meetup Packet Hacking Village
Rogues Village
[In-Person] [Hybrid] Friday: 09:00 - 18:00, Saturday: 09:00 - 18:00,
Sunday: 09:00 - 14:00 Friday: 10:00 - 18:00, Saturday: 10:00 - 18:00,
Thursday, Friday, Saturday, Sunday from 13:00 - Saturday from 21:00 - 02:00 at Ballyʼs Skyview 3 Sunday: 10:00 - 14:00
24:00 at Ballyʼs Pool Location: Hybrid, Paris Ballroom
Friends of Bill W. Location: Paris Ballroom
DEF CON Movie Night Cryptocurrency Village
[In-Person] Soldering Skills Village
[In-Person] Friday: 10:00 - 17:00, Saturday: 10:00 - 17:00,
Meetings at Noon & 5pm Thurs-Sat, Noon Sun at Sunday: 10:00 - 17:00 Friday: 09:00 - 16:00, 09:00 - 18:00 Online,
Friday and Saturday from 20:00 - 22:00 in Track 2 Ballyʼs Pool Cabana Saturday: 09:00 - 16:00, 09:00 - 18:00 Online,
Friday: Tron, Saturday: Upgrade Location: Hybrid, Paris, Champagne 1
Lawyers Meet Sunday: 09:00 - 13:00, 09:00 - 16:00 Online
DEF CON Bike Ride Aerospace Village Location: Ballyʼs, Bronze 3 & 4
[In-Person]
[In-Person] Friday: 10:00 - 16:00, Saturday: 10:00 - 16:30 Voting Machine Hacking
Friday from 18:00 - 20:00 at Ballyʼs Pool Cabana Village
Friday: 6:00-done Location: Paris Ballroom
Badass Meetup
Optive BCOS Village Friday: 10:00 - 17:00, Saturday: 10:00 - 17:00,
[Online] Sunday: 10:00 - 14:00
[In-Person] Friday: 09:00 - 17:00, Saturday: 09:00 - 17:00,
Friday from 06:00 - 16:00 on Discord Location: Paris Ballroom
Sunday: 09:00 - 15:00
Friday from 20:00 - 22:00 at Ballys, Skyview 4 B.I.C. (Blacks In
Hacker Karaoke Location: Paris Ballroom
War Story Bunker Cybersecurity) Village
[Online] Car Hacking Village
[In-Person] Friday: 10:00 - 17:00, Saturday: 10:00 - 17:00
Friday, Saturday from 18:00 - 00:00 on Discord Friday: 10:00 - 16:30, Saturday: 10:00 - 16:30
Friday from 2000 - 2200 at Ballyʼs, Skyview 3 Location: Ballyʼs Event Center Office
Gothcon 2021 Location: Paris Ballroom
Vampire the Security Leaders Village
Masquerade [Online] Data Duplication Village
Friday from 21:00 - 02:00 on Discord Friday: 10:00 - 19:00, Saturday: 10:00 - 19:00,
[In-Person] Thursday: 16:00 - 19:00, Friday: 10:00 - 17:00, Sunday: 10:00 - 14:00
Saturday: 10:00 - 17:00, Sunday: 10:00 - 11:00
Friday from 20:00 at Ballyʼs Skyview 2 Location: Paris Ballroom
(Last chance pickup)
Location: Ballyʼs Palace 7
12 13
VILLAGES PRESENTATIONS
IoT Village AI Village ALL Times listed are Vegas Time. Track 2 13:00
Check the DEF CON Speaker 2021--Our Journey
Track 1
Friday: 10:00 - 19:00, Saturday: 10:00 - 19:00 Friday: 09:00 - 17:00, Saturday: 09:00 - 17:00, page at https://defcon.org/ Back To The Future Of
Sunday: 09:00 - 16:00 Windows Vulnerabilities Ransomwareʼs Big
Location: Hybrid, Paris Ballroom html/defcon-29/dc-29-speakers. and the 0-days we Year – from nuisance to
Location: Virtual html for abstracts and bios. brought back with us “scourge”?
Adversary Village
Biohacking Village Tomer Bar & Eran Segal DEF CON Policy Panel
Friday: 12:00 - 19:00, Saturday: 10:00 - 17:00, Friday, August Demo, Tool, Exploit
6th Track 2
Sunday: 10:00 - 17:00 Thursday: 10:00 - 18:00, Friday: 10:00 - 18:00, Virtual Sleight of ARM:
Location: Virtual Saturday: 10:00 - 18:00, Sunday: 10:00 - 14:00 Demystifying Intel Houdini
09:00 Caught you--reveal and
Location: Virtual exploit IPC logic bugs Brian Hong
Cloud Village Dark Tangent Welcomes inside Apple
Blue Team Village everyone on Discord. Demo
Friday: 10:00 - 17:00, Saturday: 10:00 - 17:00, Zhipeng Huo & Yuebin Sun & Virtual
Making the DEF CON 29
Sunday: 10:00 - 14:00 Thursday: 09:00-17:00, Friday: 09:00-17:00, Badge
Chuanda Ding
eBPF, I thought we were
Saturday: 09:00-17:00, Sunday: 09:00-14:00 Demo, Exploit friends!
Location: Virtual Michael Whiteley & Katie Whiteley
Location: Virtual Demo Guillaume Fournier,Sylvain Afchain,
Hack The Sea 12:00 & Sylvain Baubeau
Crypto & Privacy Village Track 1
Friday: 10:00 - 18:00, Saturday: 10:00 - 18:00, 10:00 Demo, Tool
Sunday: 10:00 - 17:00 Friday: 10:00 - 18:00, Saturday: 10:00 - 18:00, DHS Rebooting Critical
Track 1 Infrastructure Protection
Sunday: 10:00 - 14:00 14:00
Location: Virtual Welcome To DEF CON &
Panel with DEF CON Policy Panel
Location: Virtual Making the DEF CON 29 Track 1
Lock Bypass Village Badge Track 2 MAVSH> Attacking from
ICS Village Dark Tangent, Michael Whiteley, & Your House is My House: Above
Friday: 09:00 - 19:00, Saturday: 09:00 - 19:00, Use of Offensive Enclaves
Katie Whiteley Sach
Sunday: 09:00 - 17:00 Friday: 10:00 - 18:00, Saturday: 10:00 - 18:00, In Adversarial Operations
Sunday: 10:00 - 16:00 Demo Demo, Tool
Location: Virtual Dimitry “Op_Nomad” Snezhkov
Track 2 Track 2
Location: Virtual Demo, Tool
Lock Pick Village DGone Apple Pickinʼ: Hacking Humans with AI
Radio Frequency Village Red Teaming macOS Virtual as a Service
Friday: 10:00 - 19:00, Saturday: 10:00 - 19:00, (Formerly Wireless Environments in 2021 Do You Like To Read? I Eugene Lim & Glenice Tan & Tan
Sunday: 10:00 - 17:00 Village) Cedric Owens Know How To Take Over Kee Hock
Location: Virtual Demo Your Kindle With An
E-Book
Demo, Tool
Thursday: 09:00-19:00, Friday: 09:00-19:00,
Payment Village Virtual Virtual
Saturday: 09:00-19:00, Sunday: 09:00-17:00 Slava Makkaveev
HTTP/2: The Sequel is Rotten code, aging
Thursday: 09:00 - 14:00, Friday: 09:00 - 14:00, Location: Virtual Always Worse standards, & pwning
12:30
Saturday: 09:00 - 14:00, Sunday: 09:00 - 14:00 The Social Engineering James Kettle IPv4 parsing across
Village Demo, Tool, Exploit Track 2 nearly every mainstream
Location: Virtual programming language
The Mechanics of
Recon Village Friday: 10:00 - 18:00, Saturday: 10:00 - 18:00 11:00 Compromising Low Kelly Kaoudis & Sick Codes
Entropy RSA Keys Demo, Exploit
Friday: 10:00 - 18:00, Saturday: 10:00 - 18:00 Location: Virtual Track 1 Austin Allshouse
Location: Virtual CAHV Village Special Guest
Virtual
Presentation with Dept of
Friday: 11:00 - 17:00, Saturday: 11:00 - 16:00 Homeland Security Worming through IDEs
Location: Virtual Secretary Alejandro Mayorkas David Dworken
Demo, Exploit
14 15
PRESENTATIONS
15:00 17:00 Saturday, Virtual 13:00 15:00
Track 1 Track 1 August 7th Wibbly Wobbly, Timey Track 1 Track 1
Wimey – Whatʼs Really
UFOs: Misinformation, Do No harm; Health PINATA: PIN Automatic Hacking G Suite: The
Disinformation, and the Panel : Live version 10:00 Inside Appleʼs U1 Chip
Try Attack Power of Dark Apps
Basic Truth Track 1 jiska & Alexander Heinrich Script Magic
A DEF CON Policy Panel Salvador Mendoza
Richard Thieme AKA neuralcowboy High-Stakes Updates | Demo, Tool Demo Matthew Bryant
Track 2
Track 2 BIOS RCE OMG WTF Tool
Phantom Attack: Evading BBQ 12:00 Track 2
Abusing SAST tools! System Call Monitoring Defeating Physical Track 2
When scanners do more Mickey Shkatov & Jesse Michael Track 1
Rex Guo & Junyuan Zeng Intrusion Detection Alarm Central bank digital
than just scanning Demo, Tool, Exploit Racketeer Toolkit. Wires currency, threats and
Demo, Tool, Exploit Prototyping Controlled
Rotem Bar Track 2 Bill Graydon vulnerabilities
Virtual Ransomware Operations
Demo Crossover Episode: The Tool Ian Vitek
Warping Reality--creating Real-Life Story of the First Dimitry “Op_Nomad” Snezhkov Exploit
Virtual and countering the next Virtual
Mainframe Container Demo, Tool
ProxyLogon is Just the generation of Linux Breakout TEMPEST radio station Virtual
Tip of the Iceberg, A rootkits using eBPF Track 2 Breaking Secure
New Attack Surface Ian Coldwater & Chad Rikansrud Paz Hameiri
PatH Time Turner--Hacking RF Bootloaders
on Microsoft Exchange (Bigendian Smalls) Attendance Systems (To Tool
Server! Demo, Tool Demo Christopher Wade
Be in Two Places at Once)
14:00 Demo, Tool, Exploit
Orange Tsai Virtual Vivek Nair
18:00
Demo, Exploit Privacy Without Demo, Tool Track 1
Track 1 Monopoly: Paternalism
16:00
Virtual SPARROW: A Novel
16:00 Do No harm; Health Works Well, But Fails Covert Communication Track 1
Panel : Live version Badly Bring Your Own Print
Scheme Exploiting New Phishing Attacks
Track 1 Driver Vulnerability
A DEF CON Policy Panel Cory Doctorow Broadcast Signals in LTE, Exploiting OAuth
Defending against Jacob Baines 5G & Beyond Authentication Flows
nation-state (legal) Track 2 Tool, Exploit
attack: how to build a Response Smuggling:
11:00 Reza Soosahabi & Chuck McAuley Jenko Hwong
privacy-protecting service Pwning HTTP/1.1 Track 1 Demo, Exploit Demo, Tool
in the era of ubiquitous 12:30
Connections Hacking Viber Messenger Track 2 Track 2
surveillance Track 1
Martin Doyhenard with 0day Vulnerabilities: Over-the-air remote PunkSPIDER and
Bill “Woody” Woodcock Demo, Exploit Sniffing and DoS Hack the hackers: Leaking code execution on the IOStation: Making a Mess
data over SSL/TLS DEF CON 27 badge via All Over the Internet
Track 2 Virtual Samarkand
Ionut Cernica Near Field Magnetic _hyp3ri0n aka Alejandro Caceres
Bundles of Joy: Breaking How I use a JSON
Demo, Tool, Exploit Inductance or Worldʼs first
macOS via Subverted Demo, Exploit & Jason Hopper
Deserialization 0day to Track 2 NFMI exploitation, sorta
Applications Bundles Steal Your Money On The Track 2 or OTARCEDC27NFMI- Demo, Tool
UPnProxyPot: fake the
Patrick Wardle Blockchain funk, become a blackhat A new class of DNS OMGWTFBBQ Virtual
Demo Hao Xing & Zekai Wu proxy, MITM their TLS, vulnerabilities affecting Seth Kintigh Adventures in MitM-land:
Demo, Exploit and scrape the wire many DNS-as-Service Demo, Tool, Exploit Using Machine-in-the-
Virtual
platforms Middle to Attack Active
The Unbelievable Chad Seaman Virtual
Shir Tamari & Ami Luttwak Directory Authentication
Insecurity of the Big Data Tool Sneak into buildings with Schemes
Stack: An Offensive Demo
KNXnet/IP
Approach to Analyzing Sagi Sheinfeld & Eyal Karni &
Huge and Complex Big Claire Vacherot Yaron Zinar
Data Infrastructures Demo Demo
Sheila A. Berta
Demo
16 17
PRESENTATIONS
14:00
17:00 Sunday, August 12:00
Track 1 8th Track 1
Track 1
Robots with lasers and
POLICY@DEF CON
Youʼre Doing IoT RNG DoS: Denial of Shopping- cameras (but no security):
10:00 -Analyzing and Exploiting
Dan “AltF4” Petro & Allan Liberating your vacuum
Track 1 (Physical) Shopping Cart from the cloud
“DwangoAC” Cecil
A Discussion with Agent X Immobilization Systems
Track 2 Dennis Giese
Hacking the Apple Agent X Joseph Gabay Tool, Exploit
AirTags Track 2 Track 2 Track 2
Thomas Roth Hi! Iʼm DOMAIN\Steve, No Key? No PIN? No Old MacDonald Had a
Demo, Tool please let me access Combo? No Problem! Barcode, E-I-E-I CAR If youʼre a hacker all the policy governing technology might seem
VLAN2 P0wning ATMs For Fun Richard Henderson opaque to you, and if you are a policymaker all the technology
Virtual and Profit underpinning society might look like a black box.
Justin Perdok Demo
Donʼt Dare to Exploit An Roy Davis
Attack Surface Tour of Demo, Tool, Exploit Virtual But we can fix all this! The Policy@DEF CON Team is offering two
Virtual Demo
SharePoint Server Instrument and Find days of content connecting hackers with policymakers, and vice
Yuhao Weng & Steven Seeley & Taking Apart and Taking Virtual Out: Writing Parasitic versa, to get a view into each othersʼ world.
Zhiniang Peng Over ICS & SCADA Breaking TrustZone-M: Tracers for High(-Level)
Ecosystems: A Case Study Privilege Escalation on Languages The program will cover a range of topics relevant to the DEF CON
Demo, Exploit community such as securing critical systems like supply chains,
of Mitsubishi Electric LPC55S69 Jeff Dileo
Mars Cheng & Selmon Yang Laura Abbott & Rick Altherr elections, and critical infrastructure, to what role hackers play in
18:00 Demo, Tool
helping defend against attacks, what norms govern behavior in
Demo, Tool Demo, Exploit
Track 1 cyberspace, and the specific challenges raised by ransomware.
HACKERS INTO THE
14:30 Finally there will be discussion on how we all use this technology
11:00 13:00 Virtual
UN? Engaging in the through regulations such as Section 230.
cyber discussions on war Track 1 Track 1 The Agricultural Data
& peace The PACS-man Comes Extension-Land: exploits Arms Race: Exploiting Events take place from 10:00-17:00 Pacific on Friday and Saturday
DEF CON Policy Panel For Us All: We May Be and rootkits in your a Tractor Load of in the Skyview rooms atop Ballyʼs. Check the website for full
Vaccinated, but Physical browser extensions Vulnerabilities In The descriptions, specific times, and room assignments.
Track 2 Access Control Still Sucks Global Food Supply
Barak Sternberg https://defcon.org/html/defcon-29/dc-29-policy.html
Offensive Golang Babak Javadi & Nick Draffen & Eric Chain.
Bonanza: Writing Golang Demo, Tool, Exploit
Betts & Anze Jensterle Sick Codes
Malware Track 2
Demo, Tool, Exploit Demo, Exploit
Ben Kurtz Why does my security
Demo, Tool, Exploit Track 2 camera scream like a
Banshee? Signal analysis 15:00
Virtual
Glitching RISC-V chips: War Story Bunker
MTVEC corruption for and RE of a proprietary Virtual
Vulnerability Exchange: hardening ISA audio-data encoding
Discord Closing Friday from 2000 - 2200 at Ballyʼs, Skyview 3
One Domain Account protocol
Adam ʻpi3ʼ Zabrocki & Alex Ceremonies One of our favorite parts of DEF CON every year is hearing about
For More Than Exchange Rion Carter
Server RCE Matrosov Dark Tangent & DEF CON Goons what other hackers have been up to with harrowing tales of red team
Demo, Exploit Demo, Tool
Tianze Ding exercises gone wrong, or so very right. Weʼve also heard of valiant
Virtual Virtual 16:00 efforts of defense, from our blue team folks while waiting in Linecon.
Demo, Tool, Exploit
Fuzzing Linux with Xen Timeless Timing Attacks Track 1 Do you have a cool “war story” to share? Would you like to listen to
Tamas K Lengyel Tom Van Goethem & Mathy Vanhoef DEF CON Closing
some fun stories from your fellow hackers? This is the place to be.
Demo, Tool Demo, Tool, Exploit Ceremonies, Black Badge Join the DEF CON CFP Review Board, Goons, and fellow hackers as we
Ceremonies hunker in the (War Story) bunker.
with Dark Tangent & DEF CON Sign up to be a storyteller, Friday near the workshop area 0900-1700
Goons
18 19DEMO LABS VENDORS/MAP
For complete details and links, visit the Demo Labs page at https://defcon.org/html/defcon-29/dc-29-demolabs.html
Cotopaxi Kubestriker - a blazing fast
security auditing tool for TOOOL
In-person - Fri from 12:00 – 13:50 in Demolab 1
kubernetes
Audience: Offense, Defense, AppSec, IoT
virtual - Fri from 14:00 – 15:50 in Video 1
Depthcharge: A Framework Audience: Offensive and Defensive Security Professionals,
for U-Boot Hacking
Security Auditors, Developers, Devops, Sysadmins, Devsecops Keyport
In-person - Sat from 10:00 – 11:50 in Demolab 2 and SRE professionals
Audience: Hardware / Embedded Systems - Both “offense”
and “defense” within this audience Mooltipass
virtual - Fri from 10:00 – 11:50 in Video 2
Empire
Audience: Hardware, Defense Hacker Warehouse
In-person - Fri from 14:00 – 15:50 in Demolab 2
Audience: Offense ParseAndC - A Universal
Parser and Data Visualization
Git Wild Hunt - A tool for Tool for Security Testing
hunting leaked credentials virtual - Sat from 14:00 – 15:50 in Video 1
In-person - Sat from 12:00 – 13:50 in Demolab 2 Audience: White Hat Testing, Black Hat Testing Shadowvex
Audience: Offense, Vulnerability Assessment
reNgine: An automated
Open Bridge Simulator reconnaissance
engine(framework)
In-person - Fri from 14:00 – 15:50 in Demolab 1
Audience: Hardware, Education, Defense virtual - Sun from 10:00 – 11:50 in Video 1 Pen-Test Assistant
Audience: Offence and Defence on Web application Security.
Principal Mapper (PMapper) –
Mapping Privilege Escalation Ruse
and More in AWS IAM virtual - Sat from 10:00 – 11:50 in Video 2
In-person - Sat from 10:00 – 11:50 in Demolab 1 Audience: Consumer Mobile Offense Xcape
Audience: Defense, Cloud
Siembol
Shutter virtual - Fri from 12:00 – 13:50 in Video 2
In-person - Sat from 14:00 – 15:50 in Demolab 1 Audience: Defense
Audience: Offense Hacker Boxes
Solitude: A privacy analysis
The WiFi Kraken Lite tool
In-person - Fri from 10:00 - 11:50 in Demolab 2 virtual - Fri from 12:00 – 13:50 in Video 1
Audience: Offense, Defense and Hardware Audience: Mobile, Offense, Privacy enthusiasts.
AIS Tools Tracee
Hak5
virtual - Fri from 10:00 – 11:50 in Video 1 virtual - Sat from 12:00 – 13:50 in Video 1
Audience: Defense, students, researchers, product developers Audience: Defense
(but, like any good tool, can be used for offense) USBsamurai
Frack
Nuand
virtual - Sat from 12:00 – 13:50 in Video 2
virtual - Sun from 10:00 – 11:50 in Video 2 Audience: Offense, Hardware, ICS
Audience: Offense, Defense, OSINT Zuthaka
Kubernetes Goat virtual - Fri from 14:00 – 15:50 in Video 2
virtual - Sat from 10:00 – 11:50 in Video 1 Audience: Offensive developers, Red Teamers Operators,
Audience: Offense, Defense C2 Developers
20 21THANK YOU!
The Dark Tangent would like to thank everyone who has supported DEF contributors to the DEF CON community. A special thanks to the Press Littlebruzer and Littleroo would like to thank all of the NFO goons: Huge thanks to all the Human Registration goons for making things
CON and the hacking community though the past year. Honestly it can be Goons who help us show up as the best version of ourselves, online & 0tter, 50 Caliber, Aask, algorythm, ARI666, Boudica, Bufo Alvarius, happen in person and online: 0x90ebfe, APT, Chimera, cstone, funnyguy,
very difficult to keep the signal alive with all the ups and downs, but one in-person: Claire, David, Jeff, Monika, Sean, and Sylvia. @Wednesday Cheshire, Hankashyyyk, jimi2x, Krav, madstringer, Nav, Nebberz, holmestrix, indigo, Joe630, Jup1t3r, Phear, Pozer, qumqats, Temtel,
thing is clear, all of you who help teach us how to hack the shit out of it NymphaeaCaerulea, Paul, PEZHead, Razzies, S747IK, Sanchez, UnderTaker, and wra1th
bring us together. So take it seriously when I say Thank You to EVERYONE Secret would like to thank all the Swag goons: Dasha, gLoBuS, 10rn4, SchematicAddict, ScurryFool, Smo0otchy, TACSAT, and Viva.
who has made both in-person and virtual conferences possible. 5kyf4ll, Alex, Cillic, Csp3r, Endsu, G0nZu1, gingerjet, Githur, H4zy, Heal, The DEF CON Groups board (April, Brent, Casey, Jayson, Sleestak, 800xl)
Leeneely, Loak, Magnar, Old Man Kat, Oobleck, Peej, rudy, spiggy, A special shout out to the Apps and Web team: l4wke, Advice Dog, derail, offers our sincerest gratitude to DT, Nikita, and Will for their continued
DEF CON is made possible by all the people who make up the following themikeconnor, theViking, webjedi, YutYutDoubleYut, and zubion for and aNullValue for their hard work on the mobile applications and the support and amazingness throughout the year! We would also like to give
departments: CFP Review, Contests and Events, DCTV, DEF CON Groups, their hard work along with all the other departments who make DEF web site. thanks and recognition to all DCGs for their awesome work being local
Demo Labs, Discord DevOps, Dispatch, Entertainment, Infobooth, CON possible. ʻhacker ambassadorsʼ; DCGs are examples of the great things we can do
Infrastructure, Parties, Press, Production, Policy@DEFCON, QM Stores, The entire NFO team would like to thank all of the humans for the when we come together with endless curiosity and the willingness to share
Registration, SOC, Speaker Ops, DEF CON Store, Vendor, Villages, and Cotman thanks present Admins and moderators: DarkTangent, Neil, interesting questions and allowing us to tell you where to go and how our knowledge to the benefit of all. Each and every global DCG makes the
Workshops. AlxRogan, ASTCell, Sleestak, Thorn. Cotman also thanks past admins and to get there. world better through bits, bytes, wires, solder, and a lot of heart. Find your
moderators on the DEF CON forums. Thanks everyone! local community on defcongroups.org! *HUGS* to you all!You can also read
