1. Events
  2. DEF CON 25
Star 0

Talks

Title Humans
Inside the "Meet Desai" Attack: Defending Distributed Targets from Distributed Attacks CINCVolFLT (Trey Forgety)
CableTap: Wirelessly Tapping Your Home Network Marc Newlin , Logan Lamb , Chris Grayson , Bastille Networks , Web Sight.
Abusing Certificate Transparency Logs Hanno Böck
Cisco Catalyst Exploitation Artem Kondratenko
Panel: Meet The Feds Andrea Matwyshyn , Terrell McSweeny , Dr. Suzanne Schwartz , Leonard Bailey , Lisa Wiswell , Federal Trade Commission , FDA , National Security, Computer Crime & Intellectual Property Section, Criminal Division, U.S. Department of Justice , Center for Strategic and International Studies
Persisting with Microsoft Office: Abusing Extensibility Options William Knowles , MWR InfoSecurity
XenoScan: Scanning Memory Like a Boss Nick Cano
Man in the NFC Haoqi Shan , Jian Yuan
Abusing Webhooks for Command and Control Dimitry Snezhkov , X-Force Red, IBM
Breaking the x86 Instruction Set Christopher Domas , Battelle Memorial Institute
Next-Generation Tor Onion Services Roger Dingledine , The Tor Project
25 Years of Program Analysis Zardus (Yan Shoshitaishvili) , Arizona State University
Genetic Diseases to Guide Digital Hacks of the Human Genome: How the Cancer Moonshot Program will Enable Almost Anyone to Crash the Operating System that Runs You or to End Civilization... John Sotos , Intel Corporation
Hacking Smart Contracts Konstantinos Karagiannis , BT Americas
Bypassing Android Password Manager Apps Without Root Stephan Huber , Siegfried Rasthofer , Fraunhofer SIT
Tracking Spies in the Skies Jason Hernandez , Sam Richards , Jerod MacDonald-Evoy , North Star Post
Demystifying Windows Kernel Exploitation by Abusing GDI Objects. 5A1F (Saif El-Sherei) , SensePost
Exploiting 0ld Mag-stripe information with New technology Salvador Mendoza
How we created the first SHA-1 collision and what it means for hash security Elie Bursztein , Google Inc.
PEIMA (Probability Engine to Identify Malicious Activity): Using Power Laws to address Denial of Service Attacks Redezem
Exploiting Continuous Integration (CI) and Automated Build systems spaceB0x , LeanKit Inc.
Driving down the rabbit hole Mickey Shkatov , Jesse Michael , Oleksandr Bazhaniuk , McAfee
Weaponizing the BBC Micro:Bit Damien "virtualabs" Cauquil , Econocom Digital Security
Horror stories of a translator and how a tweet can start a war with less than 140 characters El Kentaro
Assembly Language is Too High Level XlogicX
Rage Against the Weaponized AI Propaganda Machine Suggy (AKA Chris Sumner) , The Online Privacy Foundation
(Un)Fucking Forensics: Active/Passive (i.e. Offensive/Defensive) memory hacking/debugging. K2 , IOActive, Inc.
Uncovering useful and embarrassing info with Maltego Andrew MacPherson , Ops/Dev - Paterva
The Last CTF Talk You'll Ever Need: AMA with 20 years of DEF CON Capture-the-Flag organizers Vulc@n , Hawaii John , Chris Eagle , Invisigoth , Caezar , Myles , DDTEK , Legit Business Syndicate , Kenshoto , Goon
Taking Windows 10 Kernel Exploitation to the next level - Leveraging write-what-where vulnerabilities in Creators Update Morten Schenk , Improsec
CITL and the Digital Standard - A Year Later Sarah Zatko , Cyber ITL
D0 No H4RM: A Healthcare Security Conversation Christian "quaddi" Dameff , Jeff "r3plicant" Tully , Beau Woods , Joshua Corman , Michael C. McNeil , Jay Radcliffe , Suzanne Schwartz , the Cyber Statecraft Initiative , the Atlantic Council's Brent Scowcroft Center , Philips Healthcare , Rapid7 , FDA'Center for Devices & Radiological Health
Death By 1000 Installers; on macOS, it's all broken! Patrick Wardle , Synack
Game of Drones: Putting the Emerging "Drone Defense" Market to the Test Francis Brown , David Latimer , Bishop Fox
Evading next-gen AV using artificial intelligence Hyrum Anderson , Endgame
$BIGNUM steps forward, $TRUMPNUM steps back: how can we tell if we're winning? Cory Doctorow , craphound.com
Breaking Bitcoin Hardware Wallets Josh Datko , Chris Quartier , Cryptotronix, LLC
Trojan-tolerant Hardware & Supply Chain Security in Practice Vasilios Mavroudis , Dan Cvrcek , University College London , Enigma Bridge Ltd
The Adventures of AV and the Leaky Sandbox Itzik Kotler , Amit Klein , SafeBreach
Controlling IoT devices with crafted radio signals Caleb Madrigal , FireEye/Mandiant
See no evil, hear no evil: Hacking invisibly and silently with light and sound Matt Wixey , PwC
Radio Exploitation 101: Characterizing, Contextualizing, and Applying Wireless Attack Methods Matt Knight , Marc Newlin , Bastille
Open Source Safe Cracking Robots - Combinations Under 1 Hour! (Is it bait? Damn straight it is.) Nathan Seidle , SparkFun Electronics
DEF CON 101 Panel HighWiz , Malware Unicorn , Niki7a , Roamer , Wiseacre , Shaggy
Total Recall: Implanting Passwords in Cognitive Memory Tess Schrodinger
Hacking the Cloud Gerald Steere , Sean Metcalf , Microsoft Corporation , Trimarc
Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science Daniel Bohannon (DBO) , Lee Holmes , Mandiant , Microsoft Corporation
All Your Things Are Belong To Us Zenofex , 0x00string , CJ_000 , Maximus64
Unboxing Android: Everything you wanted to know about Android packers Avi Bashan , Slava Makkaveev , Check Point
'Ghost Telephonist' Impersonates You Through LTE CSFB Yuwei Zheng , Lin Huang
Popping a Smart Gun Plore
Opt Out or Deauth Trying !- Anti-Tracking Bots Radios and Keystroke Injection Weston Hecker , "NCR"
When Privacy Goes Poof! Why It's Gone and Never Coming Back Richard Thieme a.k.a. neuralcowboy
The Black Art of Wireless Post Exploitation Gabriel "solstice" Ryan , Gotham Digital Science
The call is coming from inside the house! Are you ready for the next evolution in DDoS attacks? Steinthor Bjarnason , Jason Jones , Arbor Networks
Hacking Democracy: A Socratic Dialogue Mr. Sean Kanuck , Stanford University, Center for International Security and Cooperation
Porosity: A Decompiler For Blockchain-Based Smart Contracts Bytecode Matt Suiche , Comae Technologies
Hacking Democracy Mr. Sean Kanuck , Stanford University, Center for International Security and Cooperation
Linux-Stack Based V2X Framework: All You Need to Hack Connected Vehicles p3n3troot0r (Duncan Woodbury) , ginsback (Nicholas Haltmeyer)
Dark Data Svea Eckert , Andreas Dewes , NDR
Twenty Years of MMORPG Hacking: Better Graphics, Same Exploits Manfred (@_EBFE) , Independent Security Evaluators
From Box to Backdoor: Using Old School Tools and Techniques to Discover Backdoors in Modern Devices Patrick DeSantis , Cisco Talos Group
The Internet Already Knows I'm Pregnant Cooper Quintin , Kashmir Hill , EFF , Gizmodo Media
Digital Vengeance: Exploiting the Most Notorious C&C Toolkits Professor Plum
BITSInject Dor Azouri , SafeBreach
Welcome to DEF CON 25 The Dark Tangent
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! Orange Tsai , DEVCORE
Wiping out CSRF Joe Rozner , Prevoty
Panel - An Evening with the EFF Kurt Opsahl , Nate Cardozo , Eva Galperin , Shabid Buttar , Kit Walsh , Electronic Frontier Foundation , EFF , Grassroots Advocacy
Introducing HUNT: Data Driven Web Hacking & Manual Testing Jason Haddix , Bugcrowd
Panel: DEF CON Groups Jeff Moss (Dark Tangent) , Waz , Brent White (B1TKILL3R) , Jayson E. Street , Grifter , Jun Li , S0ups , Major Malfunction
Game of Chromes: Owning the Web with Zombie Chrome Extensions Tomer Cohen , Wix.com
Are all BSDs are created equally? A survey of BSD kernel vulnerabilities. Ilja van Sprundel , IOActive, Inc.
Friday the 13th: JSON attacks! Alvaro Muñoz , Oleksandr Mirosh , Hewlett Packard Enterprise
A Picture is Worth a Thousand Words, Literally: Deep Neural Networks for Social Stego Philip Tully , Michael T. Raggo , ZeroFOX , 802 Secure
Malicious CDNs: Identifying Zbot Domains en Masse via SSL Certificates and Bipartite Graphs Thomas Mathew , Dhia Mahjoub , OpenDNS , Cisco Umbrella
Ghost in the Droid: Possessing Android Applications with ParaSpectre chaosdata , NCC Group
Teaching Old Shellcode New Tricks Josh Pitts
Weaponizing Machine Learning: Humanity Was Overrated Anyway Dan "AltF4" Petro , Ben Morris , Bishop Fox
Here to stay: Gaining persistency by abusing advanced authentication mechanisms Marina Simakov , Igal Gofman , Microsoft Corporation
Koadic C3 - Windows COM Command & Control Framework Sean Dillon (zerosum0x0) , Zach Harding (Aleph-Naught-) , RiskSense, Inc.
An ACE Up the Sleeve: Designing Active Directory DACL Backdoors Andy Robbins , Will Schroeder
Social Engineering The News Michael Schrenk
Phone system testing and other fun tricks "Snide" Owen
Microservices and FaaS for Offensive Security Ryan Baxendale
If You Give a Mouse a Microchip... It will execute a payload and cheat at your high-stakes video game tournament skud (Mark Williams) , Sky (Rob Stanley)
Backdooring the Lottery and Other Security Tales in Gaming over the Past 25 Years Gus Fritschie , Evan Teitelman , SeNet International
Hacking travel routers like it's 1999 Mikhail Sosonkin , Synack Inc.
The spear to break the security wall of S7CommPlus Cheng , Zhang Yunhai , NSFOCUS
Amateur Digital Archeology Matt 'openfly' Joyce , NYC Resistor
DOOMed Point of Sale Systems trixr4skids
Panel - Meet the Feds (who care about security research) Allan Friedman , Amélie E. Koran , Leonard Bailey , Nick Leiserson , Kimber Dowsett , National Telecommunications and Information Administration, US Department of Commerce , Office of the Inspector General , U.S. Department of Health , National Security, Computer Crime & Intellectual Property Section, Criminal Division, U.S. Department of Justice , Office of Congressman James R. Langevin (RI-02) , 18F
Call the plumber - you have a leak in your (named) pipe Gil Cohen , Comsec group
Untrustworthy Hardware and How to Fix It 0ctane
macOS/iOS Kernel Debugging and Heap Feng Shui Min(Spark) Zheng , Xiangyu Liu , Alibaba Inc.
"Tick, Tick, Tick. Boom! You're Dead." — Tech & the FTC Whitney Merrill , Terrell McSweeny , eCommerce , Electronic Arts , Federal Trade Commission
I Know What You Are by the Smell of Your Wifi Denton Gentry
MEATPISTOL, A Modular Malware Implant Framework FuzzyNop (Josh Schwartz) , ceyx (John Cramb) , Salesforce
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) Chris Thompson , IBM X-Force Red
Starting the Avalanche: Application DoS In Microservice Architectures Scott Behrens , Jeremy Heffner
Secret Tools: Learning about Government Surveillance Software You Can't Ever See Peyton "Foofus" Engel
DC to DEF CON: Q&A; with Congressmen James Langevin and Will Hurd Representative James Langevin , Representative Will Hurd , Joshua Corman , Cheng , Zhang Yunhai , Andrew MacPherson , Caleb Madrigal , Dennis Maldonado , Manfred (@_EBFE) , Thomas Mathew , Dhia Mahjoub , Vasilios Mavroudis , Dan Cvrcek , Jon Medina , Salvador Mendoza , Whitney Merrill , Terrell McSweeny , Alvaro Muñoz , Oleksandr Mirosh , Marc Newlin , Logan Lamb , Chris Grayson , Jim Nitterauer , p3n3troot0r (Duncan Woodbury) , ginsback (Nicholas Haltmeyer) , Dan "AltF4" Petro , Ben Morris , Josh Pitts , Plore , Professor Plum , Cooper Quintin , Kashmir Hill , Inbar Raz , Eden Shochat , Redezem , Andy Robbins , Will Schroeder , David "Karit" Robinson , Joe Rozner , Gabriel "solstice" Ryan , Morten Schenk , Michael Schrenk , Tess Schrodinger , Nathan Seidle , Haoqi Shan , Jian Yuan , Mickey Shkatov , Jesse Michael , Oleksandr Bazhaniuk , Marina Simakov , Igal Gofman , Dimitry Snezhkov , "Snide" Owen , Mikhail Sosonkin , John Sotos , spaceB0x , Jason Staggs , Gerald Steere , Sean Metcalf , Suggy (AKA Chris Sumner) , Matt Suiche , Tomer Cohen , Richard Thieme a.k.a. neuralcowboy , Chris Thompson , trixr4skids , Orange Tsai , Philip Tully , Michael T. Raggo , Ilja van Sprundel , Vulc@n , Hawaii John , Chris Eagle , Invisigoth , Caezar , Myles , Patrick Wardle , skud (Mark Williams) , Sky (Rob Stanley) , Matt Wixey , XlogicX , Luke Young , Zardus (Yan Shoshitaishvili) , Sarah Zatko , Zenofex , 0x00string , CJ_000 , Maximus64 , Min(Spark) Zheng , Xiangyu Liu , Yuwei Zheng , Lin Huang , D-RI , R-TX , the Atlantic Council's Brent Scowcroft Center , the Cyber Statecraft Initiative , Ops/Dev - Paterva , FireEye/Mandiant , LARES Consulting , Independent Security Evaluators , OpenDNS , Cisco Umbrella , University College London , Enigma Bridge Ltd , Protiviti , eCommerce , Electronic Arts , Federal Trade Commission , Hewlett Packard Enterprise , Bastille Networks , Web Sight. , AppRiver, LLC , Bishop Fox , EFF , Gizmodo Media , PerimeterX Inc. , Aleph Research, HCL Technologies , ZX Security , Prevoty , Gotham Digital Science , Improsec , SparkFun Electronics , McAfee , Microsoft Corporation , X-Force Red, IBM , Synack Inc. , Intel Corporation , LeanKit Inc. , the University of Tulsa , Trimarc , The Online Privacy Foundation , Comae Technologies , Wix.com , IBM X-Force Red , DEVCORE , ZeroFOX , 802 Secure , IOActive, Inc. , DDTEK , Legit Business Syndicate , Kenshoto , Goon , Synack , Objective-See , PwC , LinkedIn , Arizona State University , Cyber ITL , Alibaba Inc. , NSFOCUS
Jailbreaking Apple Watch Max Bazaliy , Lookout
Attacking Autonomic Networks Omar Eissa , ERNW GmbH
Real-time RFID Cloning in the Field Dennis Maldonado , LARES Consulting
Using GPS Spoofing to control time David "Karit" Robinson , ZX Security
Dealing the perfect hand - Shuffling memory blocks on z/OS Ayoul3 , Wavestone
WSUSpendu: How to hang WSUS clients Romain Coltel , Yves Le Provost , Alsid , ANSSI
From "One Country - One Floppy" to "Startup Nation" - the story of the early days of the Israeli hacking community, and the journey towards today's vibrant startup scene Inbar Raz , Eden Shochat , PerimeterX Inc. , Aleph Research, HCL Technologies
DNS - Devious Name Services - Destroying Privacy & Anonymity Without Your Consent Jim Nitterauer , AppRiver, LLC
Where are the SDN Security Talks? Jon Medina , Protiviti
Breaking Wind: Adventures in Hacking Wind Farm Control Networks Jason Staggs , the University of Tulsa
There's no place like 127.0.0.1 - Achieving reliable DNS rebinding in modern browsers Luke Young , LinkedIn
Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server Patrick Wardle , Synack , Objective-See
The Brain's Last Stand Garry Kasparov , Avast Security Ambassador
Secure Tokin' and Doobiekeys: How to roll your own counterfeit hardware security devices Joe FitzPatrick , Michael Leibowitz , SecuringHardware.com
Get-$pwnd: Attacking Battle-Hardened Windows Server Lee Holmes , Microsoft Corporation