Inside the "Meet Desai" Attack: Defending Distributed Targets from Distributed Attacks
|
CINCVolFLT (Trey Forgety)
|
CableTap: Wirelessly Tapping Your Home Network
|
Marc Newlin
,
Logan Lamb
,
Chris Grayson
,
Bastille Networks
,
Web Sight.
|
Abusing Certificate Transparency Logs
|
Hanno Böck
|
Cisco Catalyst Exploitation
|
Artem Kondratenko
|
Panel: Meet The Feds
|
Andrea Matwyshyn
,
Terrell McSweeny
,
Dr. Suzanne Schwartz
,
Leonard Bailey
,
Lisa Wiswell
,
Federal Trade Commission
,
FDA
,
National Security, Computer Crime & Intellectual Property Section, Criminal Division, U.S. Department of Justice
,
Center for Strategic and International Studies
|
Persisting with Microsoft Office: Abusing Extensibility Options
|
William Knowles
,
MWR InfoSecurity
|
XenoScan: Scanning Memory Like a Boss
|
Nick Cano
|
Man in the NFC
|
Haoqi Shan
,
Jian Yuan
|
Abusing Webhooks for Command and Control
|
Dimitry Snezhkov
,
X-Force Red, IBM
|
Breaking the x86 Instruction Set
|
Christopher Domas
,
Battelle Memorial Institute
|
Next-Generation Tor Onion Services
|
Roger Dingledine
,
The Tor Project
|
25 Years of Program Analysis
|
Zardus (Yan Shoshitaishvili)
,
Arizona State University
|
Genetic Diseases to Guide Digital Hacks of the Human Genome: How the Cancer Moonshot Program will Enable Almost Anyone to Crash the Operating System that Runs You or to End Civilization...
|
John Sotos
,
Intel Corporation
|
Hacking Smart Contracts
|
Konstantinos Karagiannis
,
BT Americas
|
Bypassing Android Password Manager Apps Without Root
|
Stephan Huber
,
Siegfried Rasthofer
,
Fraunhofer SIT
|
Tracking Spies in the Skies
|
Jason Hernandez
,
Sam Richards
,
Jerod MacDonald-Evoy
,
North Star Post
|
Demystifying Windows Kernel Exploitation by Abusing GDI Objects.
|
5A1F (Saif El-Sherei)
,
SensePost
|
Exploiting 0ld Mag-stripe information with New technology
|
Salvador Mendoza
|
How we created the first SHA-1 collision and what it means for hash security
|
Elie Bursztein
,
Google Inc.
|
PEIMA (Probability Engine to Identify Malicious Activity): Using Power Laws to address Denial of Service Attacks
|
Redezem
|
Exploiting Continuous Integration (CI) and Automated Build systems
|
spaceB0x
,
LeanKit Inc.
|
Driving down the rabbit hole
|
Mickey Shkatov
,
Jesse Michael
,
Oleksandr Bazhaniuk
,
McAfee
|
Weaponizing the BBC Micro:Bit
|
Damien "virtualabs" Cauquil
,
Econocom Digital Security
|
Horror stories of a translator and how a tweet can start a war with less than 140 characters
|
El Kentaro
|
Assembly Language is Too High Level
|
XlogicX
|
Rage Against the Weaponized AI Propaganda Machine
|
Suggy (AKA Chris Sumner)
,
The Online Privacy Foundation
|
(Un)Fucking Forensics: Active/Passive (i.e. Offensive/Defensive) memory hacking/debugging.
|
K2
,
IOActive, Inc.
|
Uncovering useful and embarrassing info with Maltego
|
Andrew MacPherson
,
Ops/Dev - Paterva
|
The Last CTF Talk You'll Ever Need: AMA with 20 years of DEF CON Capture-the-Flag organizers
|
Vulc@n
,
Hawaii John
,
Chris Eagle
,
Invisigoth
,
Caezar
,
Myles
,
DDTEK
,
Legit Business Syndicate
,
Kenshoto
,
Goon
|
Taking Windows 10 Kernel Exploitation to the next level - Leveraging write-what-where vulnerabilities in Creators Update
|
Morten Schenk
,
Improsec
|
CITL and the Digital Standard - A Year Later
|
Sarah Zatko
,
Cyber ITL
|
D0 No H4RM: A Healthcare Security Conversation
|
Christian "quaddi" Dameff
,
Jeff "r3plicant" Tully
,
Beau Woods
,
Joshua Corman
,
Michael C. McNeil
,
Jay Radcliffe
,
Suzanne Schwartz
,
the Cyber Statecraft Initiative
,
the Atlantic Council's Brent Scowcroft Center
,
Philips Healthcare
,
Rapid7
,
FDA'Center for Devices & Radiological Health
|
Death By 1000 Installers; on macOS, it's all broken!
|
Patrick Wardle
,
Synack
|
Game of Drones: Putting the Emerging "Drone Defense" Market to the Test
|
Francis Brown
,
David Latimer
,
Bishop Fox
|
Evading next-gen AV using artificial intelligence
|
Hyrum Anderson
,
Endgame
|
$BIGNUM steps forward, $TRUMPNUM steps back: how can we tell if we're winning?
|
Cory Doctorow
,
craphound.com
|
Breaking Bitcoin Hardware Wallets
|
Josh Datko
,
Chris Quartier
,
Cryptotronix, LLC
|
Trojan-tolerant Hardware & Supply Chain Security in Practice
|
Vasilios Mavroudis
,
Dan Cvrcek
,
University College London
,
Enigma Bridge Ltd
|
The Adventures of AV and the Leaky Sandbox
|
Itzik Kotler
,
Amit Klein
,
SafeBreach
|
Controlling IoT devices with crafted radio signals
|
Caleb Madrigal
,
FireEye/Mandiant
|
See no evil, hear no evil: Hacking invisibly and silently with light and sound
|
Matt Wixey
,
PwC
|
Radio Exploitation 101: Characterizing, Contextualizing, and Applying Wireless Attack Methods
|
Matt Knight
,
Marc Newlin
,
Bastille
|
Open Source Safe Cracking Robots - Combinations Under 1 Hour! (Is it bait? Damn straight it is.)
|
Nathan Seidle
,
SparkFun Electronics
|
DEF CON 101 Panel
|
HighWiz
,
Malware Unicorn
,
Niki7a
,
Roamer
,
Wiseacre
,
Shaggy
|
Total Recall: Implanting Passwords in Cognitive Memory
|
Tess Schrodinger
|
Hacking the Cloud
|
Gerald Steere
,
Sean Metcalf
,
Microsoft Corporation
,
Trimarc
|
Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
|
Daniel Bohannon (DBO)
,
Lee Holmes
,
Mandiant
,
Microsoft Corporation
|
All Your Things Are Belong To Us
|
Zenofex
,
0x00string
,
CJ_000
,
Maximus64
|
Unboxing Android: Everything you wanted to know about Android packers
|
Avi Bashan
,
Slava Makkaveev
,
Check Point
|
'Ghost Telephonist' Impersonates You Through LTE CSFB
|
Yuwei Zheng
,
Lin Huang
|
Popping a Smart Gun
|
Plore
|
Opt Out or Deauth Trying !- Anti-Tracking Bots Radios and Keystroke Injection
|
Weston Hecker
,
"NCR"
|
When Privacy Goes Poof! Why It's Gone and Never Coming Back
|
Richard Thieme a.k.a. neuralcowboy
|
The Black Art of Wireless Post Exploitation
|
Gabriel "solstice" Ryan
,
Gotham Digital Science
|
The call is coming from inside the house! Are you ready for the next evolution in DDoS attacks?
|
Steinthor Bjarnason
,
Jason Jones
,
Arbor Networks
|
Hacking Democracy: A Socratic Dialogue
|
Mr. Sean Kanuck
,
Stanford University, Center for International Security and Cooperation
|
Porosity: A Decompiler For Blockchain-Based Smart Contracts Bytecode
|
Matt Suiche
,
Comae Technologies
|
Hacking Democracy
|
Mr. Sean Kanuck
,
Stanford University, Center for International Security and Cooperation
|
Linux-Stack Based V2X Framework: All You Need to Hack Connected Vehicles
|
p3n3troot0r (Duncan Woodbury)
,
ginsback (Nicholas Haltmeyer)
|
Dark Data
|
Svea Eckert
,
Andreas Dewes
,
NDR
|
Twenty Years of MMORPG Hacking: Better Graphics, Same Exploits
|
Manfred (@_EBFE)
,
Independent Security Evaluators
|
From Box to Backdoor: Using Old School Tools and Techniques to Discover Backdoors in Modern Devices
|
Patrick DeSantis
,
Cisco Talos Group
|
The Internet Already Knows I'm Pregnant
|
Cooper Quintin
,
Kashmir Hill
,
EFF
,
Gizmodo Media
|
Digital Vengeance: Exploiting the Most Notorious C&C Toolkits
|
Professor Plum
|
BITSInject
|
Dor Azouri
,
SafeBreach
|
Welcome to DEF CON 25
|
The Dark Tangent
|
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
|
Orange Tsai
,
DEVCORE
|
Wiping out CSRF
|
Joe Rozner
,
Prevoty
|
Panel - An Evening with the EFF
|
Kurt Opsahl
,
Nate Cardozo
,
Eva Galperin
,
Shabid Buttar
,
Kit Walsh
,
Electronic Frontier Foundation
,
EFF
,
Grassroots Advocacy
|
Introducing HUNT: Data Driven Web Hacking & Manual Testing
|
Jason Haddix
,
Bugcrowd
|
Panel: DEF CON Groups
|
Jeff Moss (Dark Tangent)
,
Waz
,
Brent White (B1TKILL3R)
,
Jayson E. Street
,
Grifter
,
Jun Li
,
S0ups
,
Major Malfunction
|
Game of Chromes: Owning the Web with Zombie Chrome Extensions
|
Tomer Cohen
,
Wix.com
|
Are all BSDs are created equally? A survey of BSD kernel vulnerabilities.
|
Ilja van Sprundel
,
IOActive, Inc.
|
Friday the 13th: JSON attacks!
|
Alvaro Muñoz
,
Oleksandr Mirosh
,
Hewlett Packard Enterprise
|
A Picture is Worth a Thousand Words, Literally: Deep Neural Networks for Social Stego
|
Philip Tully
,
Michael T. Raggo
,
ZeroFOX
,
802 Secure
|
Malicious CDNs: Identifying Zbot Domains en Masse via SSL Certificates and Bipartite Graphs
|
Thomas Mathew
,
Dhia Mahjoub
,
OpenDNS
,
Cisco Umbrella
|
Ghost in the Droid: Possessing Android Applications with ParaSpectre
|
chaosdata
,
NCC Group
|
Teaching Old Shellcode New Tricks
|
Josh Pitts
|
Weaponizing Machine Learning: Humanity Was Overrated Anyway
|
Dan "AltF4" Petro
,
Ben Morris
,
Bishop Fox
|
Here to stay: Gaining persistency by abusing advanced authentication mechanisms
|
Marina Simakov
,
Igal Gofman
,
Microsoft Corporation
|
Koadic C3 - Windows COM Command & Control Framework
|
Sean Dillon (zerosum0x0)
,
Zach Harding (Aleph-Naught-)
,
RiskSense, Inc.
|
An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
|
Andy Robbins
,
Will Schroeder
|
Social Engineering The News
|
Michael Schrenk
|
Phone system testing and other fun tricks
|
"Snide" Owen
|
Microservices and FaaS for Offensive Security
|
Ryan Baxendale
|
If You Give a Mouse a Microchip... It will execute a payload and cheat at your high-stakes video game tournament
|
skud (Mark Williams)
,
Sky (Rob Stanley)
|
Backdooring the Lottery and Other Security Tales in Gaming over the Past 25 Years
|
Gus Fritschie
,
Evan Teitelman
,
SeNet International
|
Hacking travel routers like it's 1999
|
Mikhail Sosonkin
,
Synack Inc.
|
The spear to break the security wall of S7CommPlus
|
Cheng
,
Zhang Yunhai
,
NSFOCUS
|
Amateur Digital Archeology
|
Matt 'openfly' Joyce
,
NYC Resistor
|
DOOMed Point of Sale Systems
|
trixr4skids
|
Panel - Meet the Feds (who care about security research)
|
Allan Friedman
,
Amélie E. Koran
,
Leonard Bailey
,
Nick Leiserson
,
Kimber Dowsett
,
National Telecommunications and Information Administration, US Department of Commerce
,
Office of the Inspector General
,
U.S. Department of Health
,
National Security, Computer Crime & Intellectual Property Section, Criminal Division, U.S. Department of Justice
,
Office of Congressman James R. Langevin (RI-02)
,
18F
|
Call the plumber - you have a leak in your (named) pipe
|
Gil Cohen
,
Comsec group
|
Untrustworthy Hardware and How to Fix It
|
0ctane
|
macOS/iOS Kernel Debugging and Heap Feng Shui
|
Min(Spark) Zheng
,
Xiangyu Liu
,
Alibaba Inc.
|
"Tick, Tick, Tick. Boom! You're Dead." — Tech & the FTC
|
Whitney Merrill
,
Terrell McSweeny
,
eCommerce
,
Electronic Arts
,
Federal Trade Commission
|
I Know What You Are by the Smell of Your Wifi
|
Denton Gentry
|
MEATPISTOL, A Modular Malware Implant Framework
|
FuzzyNop (Josh Schwartz)
,
ceyx (John Cramb)
,
Salesforce
|
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt)
|
Chris Thompson
,
IBM X-Force Red
|
Starting the Avalanche: Application DoS In Microservice Architectures
|
Scott Behrens
,
Jeremy Heffner
|
Secret Tools: Learning about Government Surveillance Software You Can't Ever See
|
Peyton "Foofus" Engel
|
DC to DEF CON: Q&A; with Congressmen James Langevin and Will Hurd
|
Representative James Langevin
,
Representative Will Hurd
,
Joshua Corman
,
Cheng
,
Zhang Yunhai
,
Andrew MacPherson
,
Caleb Madrigal
,
Dennis Maldonado
,
Manfred (@_EBFE)
,
Thomas Mathew
,
Dhia Mahjoub
,
Vasilios Mavroudis
,
Dan Cvrcek
,
Jon Medina
,
Salvador Mendoza
,
Whitney Merrill
,
Terrell McSweeny
,
Alvaro Muñoz
,
Oleksandr Mirosh
,
Marc Newlin
,
Logan Lamb
,
Chris Grayson
,
Jim Nitterauer
,
p3n3troot0r (Duncan Woodbury)
,
ginsback (Nicholas Haltmeyer)
,
Dan "AltF4" Petro
,
Ben Morris
,
Josh Pitts
,
Plore
,
Professor Plum
,
Cooper Quintin
,
Kashmir Hill
,
Inbar Raz
,
Eden Shochat
,
Redezem
,
Andy Robbins
,
Will Schroeder
,
David "Karit" Robinson
,
Joe Rozner
,
Gabriel "solstice" Ryan
,
Morten Schenk
,
Michael Schrenk
,
Tess Schrodinger
,
Nathan Seidle
,
Haoqi Shan
,
Jian Yuan
,
Mickey Shkatov
,
Jesse Michael
,
Oleksandr Bazhaniuk
,
Marina Simakov
,
Igal Gofman
,
Dimitry Snezhkov
,
"Snide" Owen
,
Mikhail Sosonkin
,
John Sotos
,
spaceB0x
,
Jason Staggs
,
Gerald Steere
,
Sean Metcalf
,
Suggy (AKA Chris Sumner)
,
Matt Suiche
,
Tomer Cohen
,
Richard Thieme a.k.a. neuralcowboy
,
Chris Thompson
,
trixr4skids
,
Orange Tsai
,
Philip Tully
,
Michael T. Raggo
,
Ilja van Sprundel
,
Vulc@n
,
Hawaii John
,
Chris Eagle
,
Invisigoth
,
Caezar
,
Myles
,
Patrick Wardle
,
skud (Mark Williams)
,
Sky (Rob Stanley)
,
Matt Wixey
,
XlogicX
,
Luke Young
,
Zardus (Yan Shoshitaishvili)
,
Sarah Zatko
,
Zenofex
,
0x00string
,
CJ_000
,
Maximus64
,
Min(Spark) Zheng
,
Xiangyu Liu
,
Yuwei Zheng
,
Lin Huang
,
D-RI
,
R-TX
,
the Atlantic Council's Brent Scowcroft Center
,
the Cyber Statecraft Initiative
,
Ops/Dev - Paterva
,
FireEye/Mandiant
,
LARES Consulting
,
Independent Security Evaluators
,
OpenDNS
,
Cisco Umbrella
,
University College London
,
Enigma Bridge Ltd
,
Protiviti
,
eCommerce
,
Electronic Arts
,
Federal Trade Commission
,
Hewlett Packard Enterprise
,
Bastille Networks
,
Web Sight.
,
AppRiver, LLC
,
Bishop Fox
,
EFF
,
Gizmodo Media
,
PerimeterX Inc.
,
Aleph Research, HCL Technologies
,
ZX Security
,
Prevoty
,
Gotham Digital Science
,
Improsec
,
SparkFun Electronics
,
McAfee
,
Microsoft Corporation
,
X-Force Red, IBM
,
Synack Inc.
,
Intel Corporation
,
LeanKit Inc.
,
the University of Tulsa
,
Trimarc
,
The Online Privacy Foundation
,
Comae Technologies
,
Wix.com
,
IBM X-Force Red
,
DEVCORE
,
ZeroFOX
,
802 Secure
,
IOActive, Inc.
,
DDTEK
,
Legit Business Syndicate
,
Kenshoto
,
Goon
,
Synack
,
Objective-See
,
PwC
,
LinkedIn
,
Arizona State University
,
Cyber ITL
,
Alibaba Inc.
,
NSFOCUS
|
Jailbreaking Apple Watch
|
Max Bazaliy
,
Lookout
|
Attacking Autonomic Networks
|
Omar Eissa
,
ERNW GmbH
|
Real-time RFID Cloning in the Field
|
Dennis Maldonado
,
LARES Consulting
|
Using GPS Spoofing to control time
|
David "Karit" Robinson
,
ZX Security
|
Dealing the perfect hand - Shuffling memory blocks on z/OS
|
Ayoul3
,
Wavestone
|
WSUSpendu: How to hang WSUS clients
|
Romain Coltel
,
Yves Le Provost
,
Alsid
,
ANSSI
|
From "One Country - One Floppy" to "Startup Nation" - the story of the early days of the Israeli hacking community, and the journey towards today's vibrant startup scene
|
Inbar Raz
,
Eden Shochat
,
PerimeterX Inc.
,
Aleph Research, HCL Technologies
|
DNS - Devious Name Services - Destroying Privacy & Anonymity Without Your Consent
|
Jim Nitterauer
,
AppRiver, LLC
|
Where are the SDN Security Talks?
|
Jon Medina
,
Protiviti
|
Breaking Wind: Adventures in Hacking Wind Farm Control Networks
|
Jason Staggs
,
the University of Tulsa
|
There's no place like 127.0.0.1 - Achieving reliable DNS rebinding in modern browsers
|
Luke Young
,
LinkedIn
|
Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server
|
Patrick Wardle
,
Synack
,
Objective-See
|
The Brain's Last Stand
|
Garry Kasparov
,
Avast Security Ambassador
|
Secure Tokin' and Doobiekeys: How to roll your own counterfeit hardware security devices
|
Joe FitzPatrick
,
Michael Leibowitz
,
SecuringHardware.com
|
Get-$pwnd: Attacking Battle-Hardened Windows Server
|
Lee Holmes
,
Microsoft Corporation
|