1. Events
  2. DEF CON 26
Star 0

Talks

Title Humans
Fire & Ice: Making and Breaking macOS Firewalls Patrick Wardle , Digita Security
I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine Alex Levinson , Dan Borges
Automated Discovery of Deserialization Gadget Chains Ian Haken , Netflix
Vulnerable Out of the Box: An Evaluation of Android Carrier Devices Ryan Johnson , Angelos Stavrou , Kryptowire
barcOwned—Popping shells with your cereal box Michael West , magicspacekiwi (Colin Campbell) , CyberArk
You may have paid more than you imagine—Replay Attacks on Ethereum Smart Contracts Zhenxuan Bai , Yuwei Zheng , Senhua Wang , Kunzhe Chai , Unicorn Team, Qihoo 360 Technology Co. Ltd. , PegasusTeam at 360 Radio Security Research Department, 360 Technology
Finding Xori: Malware Analysis Triage with Automated Disassembly Amanda Rousseau , Rich Seymour , Endgame, Inc. , Endgame Inc
Compression Oracle Attacks on VPN Networks Nafeez
Practical & Improved Wifi MitM with Mana singe , SensePost
You're just complaining because you're guilty: A DEF CON Guide to Adversarial Testing of Software Used In the Criminal Justice System Dr. Jeanna N. Matthews: , Nathan Adams , Jerome Greco , Data and Society , Clarkson University , Forensic Bioinformatic Services , Legal Aid Society
Playback: a TLS 1.3 story Alfonso García Alguacil , Alejo Murillo Moya , Cisco Systems , EMEAR, Cisco
The Mouse is Mightier than the Sword Patrick Wardle , Digita Security
Betrayed by the keyboard: How what you type can give you away Matt Wixey , PwC
Rock appround the clock: Tracking malware developers by Android "AAPT" timezone disclosure bug Sheila A. Berta , Sergio De Los Santos , Eleven Paths
Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear zenofex
Jailbreaking the 3DS through 7 years of hardening smea
Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework Joe Rozner
Playing Malware Injection with Exploit thoughts Sheng-Hao Ma , NTUST
Compromising online accounts by cracking voicemail systems Martin Vigo
Oh Noes!—A Role Playing Incident Response Game Bruce Potter , Robert Potter , The Shmoo Group
Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era Andrea Marcelli , Politecnico di Torino
Politics and the Surveillance State. The story of a young politician's successful efforts to fight surveillance and pass the nation's strongest privacy bills. Daniel Zolnikov , Montana State Representative
Privacy Is Equality—And It's Far from Dead Sarah St. Vincent , National Security, Surveillance
Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems m010ch_
Fuzzing Malware For Fun & Profit. Applying Coverage-guided Fuzzing to Find and Exploit Bugs in Modern Malware Maksim Shudrak , Salesforce
Reverse Engineering, hacking documentary series Michael Lee Nirenberg , Dave Buchwald , Restraining Order, Ltd
Reverse Engineering Windows Defender's Emulator Alexei Bulazel
Outsmarting the Smart City Daniel "unicornFurnace" Crowley , Mauro Paredes , Jen "savagejen" Savage , IBM X-Force Red
Disrupting the Digital Dystopia or What the hell is happening in computer law? Nathan White , Nate Cardozo , Access Now , EFF
Breaking Smart Speakers: We are Listening to You. Wu HuiYu , Qian Wenxiang , Tencent Blade Team
Booby Trapping Boxes Ladar Levison , hon1nbo , Lavabit LLC , Hacking & Coffee LLC
You can run, but you can't hide. Reverse engineering using X-Ray. George Tarnovsky , Cisco Systems
Trouble in the tubes: How internet routing security breaks down and how you can do it at home Lane Broadbent , Vivint
Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller Feng Xiao , Jianwei Huang , Peng Liu , Cybersecurity
EFF Fireside Hax (AKA Ask the EFF) Kurt Opsahl , Nate Cardozo , Jamie Lee Williams , Andrés Arrieta , Katiza Rodriguez , Nathan 'nash' Sheard , Electronic Frontier Foundation , EFF
Detecting Blue Team Research Through Targeted Ads 0x200b
Ring 0/-2 Rootkits: bypassing defenses Alexandre Borges , Blackstorm Security
Sex Work After SESTA/FOSTA Maggie Mayhem
PANEL: DEF CON GROUPS Brent White (B1TK1LL3R) , Jeff Moss (The Dark Tangent) , Jayson E. Street , S0ups , Tim Roberts (byt3boy) , Casey Bourbonnais , April Wright
Hacking BLE Bicycle Locks for Fun and a Small Profit Vincent Tan , MWR InfoSecurity
One-Click to OWA William Martin
It WISN't me, attacking industrial wireless mesh networks Erwin Paternotte , Mattijs van Ommeren , Nixu
Your Peripheral Has Planted Malware—An Exploit of NXP SOCs Vulnerability Yuwei Zheng , Shaokun Cao , Yunding Jian , Mingchuang Qun , Unicorn Team, Qihoo 360 Technology Co. Ltd. , the Radio Security Research Department of 360 Technology
Last mile authentication problem: Exploiting the missing link in end-to-end secure communication Thanh Bui , Siddharth Rao , Aalto University, Finland
Beyond the Lulz: Black-Hat Trolling, White-Hat Trolling, Attacking and Defending Our Attention Landscape Matt Goerzen , Dr. Jeanna Matthews , Joan Donovan , Data and Society , Clarkson University
Your Watch Can Watch You! Gear Up for the Broken Privilege Pitfalls in the Samsung Gear Smartwatch Dongsung Kim , Hyoung-Kee Choi , Sungkyunkwan University
D0 N0 H4RM: A Healthcare Security Conversation Christian"quaddi" Dameff , Jeff "r3plicant" Tully , Kirill Levchenko , Beau Woods , Roberto Suarez , Jay Radcliffe , Joshua Corman , David Nathans , The University of California San Diego , University of California Davis , University of California San Diego
ThinSIM-based Attacks on Mobile Money Systems Rowan Phipps , University of Washington
Weaponizing Unicode: Homographs Beyond IDNs The Tarquin , Amazon.com
In Soviet Russia Smartcard Hacks You Eric Sesterhenn , D-Sec GmbH , X41, D-Sec GmbH
4G—Who is paying your cellular phone bill? Dr. Silke Holtmanns , Isha Singh , Nokia Bell Labs , Aalto University in Helsinki
Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones Eduardo Izycki , Rodrigo Colli
Micro-Renovator: Bringing Processor Firmware up to Code Matt King
The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask) Elinor Mills , DilDog , Joe Grand, Kingpin , Space Rogue , Mudge , Silicosis , John Tan , Weld Pond , L0pht Heavy Industries , Bateman Group , Veracode , X-Force Red, IBM , Stripe
One bite and all your dreams will come true: Analyzing and Attacking Apple Kernel Drivers Xiaolong Bai , Min (Spark) Zheng , Alibaba Inc.
What the Fax!? Yaniv Balmas , Eyal Itkin , Check Point Software Technologies
The ring 0 façade: awakening the processor's inner demons Christopher Domas
Inside the Fake Science Factory Edgar Munchhausen
An Attacker Looks at Docker: Approaching Multi-Container Applications Wesley McGrew , HORNE Cyber
Exploiting Active Directory Administrator Insecurities Sean Metcalf , Trimarc
Lost and Found Certificates: dealing with residual certificates for pre-owned domains Ian Foster , Dylan Ayrey
Defending the 2018 Midterm Elections from Foreign Adversaries Joshua M Franklin , Kevin Franklin
GOD MODE UNLOCKED: Hardware Backdoors in [redacted] x86 CPUs Christopher Domas
The Road to Resilience: How Real Hacking Redeems this Damnable Profession Richard Thieme, a.k.a. neural cowboy , ThiemeWorks
All your math are belong to us sghctoma , PR-Audit Ltd., Hungary
Pwning "the toughest target": the exploit chain of winning the largest bug bounty in the history of ASR program Guang Gong , Wenlin Yang , Jianjun Dai , Alpha Team, Qihoo 360 Technology Co. Ltd.
Ridealong Adventures—Critical Issues with Police Body Cameras Josh Mitchell , Nuix
Man-In-The-Disk Slava Makkaveev , Check Point
Your Voice is My Passport _delta_zero , Azeem Aqil , Salesforce
Searching for the Light: Adventures with OpticSpy Joe Grand
Reaping and breaking keys at scale: when crypto meets big data Yolan Romailler , Nils Amiet , Kudelski Security
For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems Leigh-Anne Galloway , Tim Yunusov , Positive Technologies
All your family secrets belong to us—Worrisome security issues in tracker apps Dr. Siegfried Rasthofer , Stephan Huber , Dr. Steven Arzt , Fraunhofer SIT
Attacking the macOS Kernel Graphics Driver Yu Wang , Didi Research America
Project Interceptor: avoiding counter-drone systems with nanodrones David Melendez Cano , Albalá Ingenieros S.A.
Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems Jos Wetzels , Marina Krotofil , Midnight Blue Labs
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010 Gabriel Ryan , Digital Silence
One-liners to Rule Them All egypt , William Vu , Black Hills Information Security , Rapid7
Privacy infrastructure, challenges and opportunities yawnbox , Emerald Onion
Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits zerosum0x0
Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities Matt Knight , Ryan Speers , Cruise Automation , Ionic Security
Welcome To DEF CON & Badge Maker Talk The Dark Tangent
Dragnet—Your Social Engineering Sidekick Truman Kain , Tevora
One Step Ahead of Cheaters -- Instrumenting Android Emulators Nevermoe (@n3v3rm03) , DeNA Co., Ltd.
De-anonymizing Programmers from Source Code and Binaries Rachel Greenstadt , Dr. Aylin Caliskan , Drexel University , George Washington University
Infecting The Embedded Supply Chain Zach , Alex , Somerset Recon
Your Bank's Digital Side Door Steven Danneman , Security Innovation
Securing our Nation's Election Infrastructure Jeanette Manfra , Office of Cybersecurity and Communications, Department of Homeland Security
Building the Hacker Tracker Whitney Champion , Seth Law , Redpoint Security
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking ldionmarcil , GoSecure
House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries Sanat Sharma
Relocation Bonus: Attacking the Windows Loader Makes Analysts Switch Careers Nick Cano , Cylance
A Journey Into Hexagon: Dissecting a Qualcomm Baseband Seamus Burke
Revolting Radios Michael Ossmann , Dominic Spill , Great Scott Gadgets
Asura: A huge PCAP file analyzer for anomaly packets detection using massive multithreading Ruo Ando , Center for Cybersecurity Research and Development, National Institute of Informatics, Japan
WAGGING THE TAIL—COVERT PASSIVE SURVEILLANCE AND HOW TO MAKE THEIR LIFE DIFFICULT Si , Agent X
NSA Talks Cybersecurity Rob Joyce
Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more. Josep Pi Rodriguez , IOActive, Inc.
SMBetray—Backdooring and breaking signatures William Martin
Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out! Orange Tsai , DEVCORE
80 to 0 in under 5 seconds: Falsifying a medical patient's vitals Douglas McKee , the McAfee Advanced Threat Research team
Lora Smart Water Meter Security Analysis Yingtao Zeng , Lin Huang , Jun Li , the Radio Security Research Department of 360 Technology , UnicornTeam , 360 Security Technology
It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit Morgan ``indrora'' Gangwere
Fasten your seatbelts: We are escaping iOS 11 sandbox! Min (Spark) Zheng , Xiaolong Bai , Alibaba Inc.
Who Controls the Controllers—Hacking Crestron IoT Automation Systems Ricky "HeadlessZeke" Lawshae , Trend Micro, Inc.
Tineola: Taking a Bite Out of Enterprise Blockchain Stark Riedesel , Parsia Hakimian , Synopsys
DEF CON 101 Panel HighWiz , Nikita , Roamer , Chris "Suggy" Sumner , Jericho , Wiseacre , Shaggy , Online Privacy Foundation , The Mountain
Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices Dennis Giese
Building Absurd Christmas Light Shows Rob Joyce
Hacking PLCs and Causing Havoc on Critical Infrastructures Thiago Alves , the University of Alabama in Huntsville
You'd better secure your BLE devices or we'll kick your butts ! Damien "virtualabs" Cauquil , Digital Security
UEFI exploitation for the masses Mickey Shkatov , Jesse Michael