| 10:00 |
Chio
|
Machine Duping 101: Pwning Deep Learning Systems |
| 11:00 |
Steiger
|
Maelstrom - Are You Playing with a Full Deck? : Using a Newly Developed Attack Life Cycle Game to Educate, Demonstrate and Evangelize. |
| 12:00 |
Metcalf
|
Beyond the MCSE: Red Teaming Active Directory |
| 13:00 |
Rosario
|
Weaponize Your Feature Codes |
| 14:00 |
Granolocks,
Zero_Chaos
|
Realtime Bluetooth Device Detection with Blue Hydra |
| 15:00 |
LosT
|
Hacker Fundamentals and Cutting Through Abstraction |
| 16:00 |
Clark,
CrYpT,
HighWiz,
Korpi,
Kronenberg,
Petruzzi
|
DEF CON 101 Panel |
| 09:00 |
grecs
|
The Trials & Tribulations of an Infosec Pro in the Government Sector |
| 10:00 |
Healey
|
Feds and 0Days: From Before Heartbleed to After FBI-Apple |
Prabhakar,
Walker
|
DARPA Cyber Grand Challenge Award Ceremony |
|
Brossard
|
Introduction the Wichcraft Compiler Collection : Towards Universal Code Theft |
|
Grand,
Zoz
|
BSODomizer HD: A Mischievous FPGA and HDMI Platform for the (M)asses |
|
Berry,
Besel
|
Automated DNS Data Exfiltration and Mitigation |
|
Vehicle-to-Infrastructure (V2X) |
||
Use JTAG tools to get root on a Raspberry Pi |
||
Wireless Capture the Flag Inbrief |
||
O'Shea
|
Future Grind |
|
| 10:10 | Exploiting a Smart Fridge: a Case Study in Kinetic Cyber |
|
| 10:30 |
nibb13
|
Tabletop Cryptography |
Graafstra
|
Fancy Dancy Implanty |
|
| 11:00 |
Levison
|
Compelled Decryption - State of the Art in Doctrinal Perversions |
Zatko,
Zatko
|
Project CITL |
|
LoST,
Tangent
|
DEF CON Welcome & Badge Talk |
|
Cranor,
Felten,
Mayer
|
Meet the Feds |
|
Munin
|
DNS Greylisting for Phun and Phishing Prevention |
|
The Mitsubishi Hack Explained |
||
This Year in Crypto & Privacy |
||
Reversing LoRa: Deconstructing a Next-Gen Proprietary LPWAN |
||
Mr_Br!ml3y
|
Biosafety for the Home Enthusiast |
|
| 11:10 |
Williams
|
Presenting Security Metrics to the Board / Leadership |
| 11:30 | TBA |
|
Graafstra
|
Implants |
|
| 12:00 |
Noubir,
Sanatinia
|
Honey Onions: Exposing Snooping Tor HSDir Relays |
K2
|
Blockfighting with a Hooker -- BlockfFghter2! |
|
Noelscher,
Vidal
|
CAN i haz car secret plz? |
|
Lee,
Zhong
|
411: A framework for managing security alerts |
|
Patel
|
Accessibility: A Creative Solution to Living Without Sight |
|
Hacking the CHV Badge / Using Yard Stick One for FOB Fun |
||
Gervais
|
Practical Text-Based Steganography: Exfiltrating Data from Secure Networks and Socially Engineering SecOps Analysts [WORKSHOP] |
|
Building malicious hardware out of analog circuits |
||
How Do I "BLE Hacking"? |
||
Weber,
Wegzyn
|
Biohacking for National Security |
|
| 12:10 | FCC 5G/IoT Security Policy Objectives |
|
Zohar
|
Deceive and Succeed: Measuring the Efficiency of a Deception Eco-System in Post-Breach Detection |
|
| 12:30 |
Vixie
|
Frontrunning the Frontrunners |
Haystack,
Six_Volts
|
Cheap Tools for Hacking Heavy Trucks |
|
Handing Full Control of the Radio Spectrum Over to the Machines |
||
Alan
|
Flavor-Tripping: a Whole New Way to Taste! |
|
| 13:00 |
Cranor,
McSweeny
|
Research on the Machines: Help the FTC Protect Privacy & Security |
Beccaro,
Collura
|
(Ab)using Smart Cities: The Dark Age of Modern Mobility |
|
FitzPatrick,
Leibowitz,
McElroy,
Michael,
Pierce,
Shkatov
|
How to Make Your Own DEF CON Black Badge |
|
Kopchak
|
Sentient Storage - Do SSDs Have a Mind of Their Own? |
|
,
|
A Guide to Outsmarting the Machines |
|
Thieme
|
When Privacy Goes Poof! Why It's Gone and Never Coming Back |
|
Introducing the HackMeRF |
||
Sense & Avoid: Some laws to know before you break IoT |
||
| 13:10 |
Beale
|
Adding Ramparts to your Bastille: An Introduction to SELinux Hardening |
| 14:00 |
Perlman
|
How to Design Distributed Systems Resilient Despite Malicious Participants |
Charbonneau,
Cui,
Kataria
|
A Monitor Darkly: Reversing and Exploiting Ubiquitous On-Screen-Display Controllers in Modern Monitors |
|
Frisk
|
Direct Memory Attack the Kernel |
|
int0x80
|
Anti-Forensics AF |
|
Mansur
|
Financial Crime: Past, Present, and Future |
|
Thorsheim
|
Lessons from the Hacking of Ashley Madison |
|
Ramsey,
Rose
|
Picking Bluetooth Low Energy Locks from a Quarter Mile Away |
|
Detecting and Finding Rogue Access Points |
||
| 14:10 |
GrayRaven
|
You Are Being Manipulated |
| 15:00 |
Westerhold
|
How to Remote Control an Airliner: SecurityFLawsin Avionics |
Granick
|
Slouching Towards Utopia: The State of the Internet Dream |
|
Abdelgawad
|
The Remote Metamorphic Engine: Detecting, Evading, Attacking the AI and Reverse Engineering |
|
Estell,
Murray
|
Eavesdropping on the Machines |
|
Valtman,
Watson
|
Breaking Payment Points of Interaction |
|
Anderson,
Grant,
Rousseau
|
Instegogram: Exploiting Instagram for C2 via Image Steganography |
|
The Covert Cupid Under .11 Veil !!! /* Approach for Covert WIFI */ |
||
BtleJuice: the Bluetooth Smart Man In The Middle Framework |
||
Lee
|
Rise of the Lovetron9000 |
|
| 15:10 |
Small
|
Connections: Eisenhower and the Internet |
| 15:30 |
Matos
|
Introducing Man In The Contacts attack to trick encrypted messaging apps |
| 16:00 |
Cecil
|
Robot Hacks Video Games: How TASBot Exploits Consoles with Custom Controllers |
Plore
|
Side-channel Attacks on High-security Electronic Safe Locks |
|
follower,
goldfisk
|
Breaking the Internet of Vibrating Things : What We Learned Reverse Engineering Bluetooth- and Internet-Enabled Adult Toys |
|
FitzPatrick,
Grand
|
101 Ways to Brick your Hardware |
|
Williams
|
Why Snowden's Leaks Were Inevitable |
|
Sanatinia
|
Getting Started with Cryptography in Python [WORKSHOP] |
|
TBD |
||
Ishikawa
|
Does Cultural differences become a barrier for social engineering? |
|
Kickin' It Old Skool: SDR for Ye Olde Signals |
||
Is Your Internet Light On? Protecting Consumers in the Age of Connected Everything |
||
Lawless,
Szkatulski
|
To Beat the Toaster, You Must Become the Toaster: How to Show AI Who's Boss in the Robot Apocalypse |
|
| 16:10 |
Reesalu
|
Automated Dorking for Fun and Profit^WSalary |
| 16:30 |
Mendoza
|
Samsung Pay: Tokenized Numbers, Flaws and Issues |
Adana,
Rogers,
Tangent
|
MR. ROBOT Panel |
|
| 17:00 |
Hecker
|
Hacking Next-Gen ATM's From Capture to Cashout |
Eagle
|
Sk3wlDbg: Emulating All (well many) of the Things with Ida |
|
Woodberg
|
Malware Command and Control Channels: A journey into darkness |
|
,
Pordon
|
Lie to Me - LIE TO THEM - Chronicles of "How to save $ at the Strip Club" |
|
Live Drone RF Reverse Engineering |
||
Kennedy
|
The Wizard of Oz – Painting a reality through deception |
|
Blalock,
Caughron
|
Revocation, the Frailty of PKI |
|
Stegman
|
Video Games Can Teach Science: ScienceGameCenter.org |
|
| 17:10 |
Montgomery
|
Verifying IPS Coverage Claims: Here's How |
| 17:30 |
Koivisto
|
privacy by design - it's n0t that difficult |
| 18:00 |
Glass
|
Slack as Intelligence Collector or "how anime cons get weird" |
Connolly
|
State of the Curve: 2016 |
|
Hadnagy
|
7 Jedi Mind Tricks: Influence Your Target With Out A Word |
|
I Amateur Radio (And So Can You!) |
||
Kloc
|
Security Logs Aren't Enough: Logging for User Data Protection |
|
Gostomelsky,
Naydin
|
BioHacking and Mortal Limitations |
|
| 18:10 |
Mitchell
|
Crawling for APIs |
| 19:00 |
Anderson
|
US Interrogation Techniques and Social Engineering |
Wong
|
How to backdoor Diffie-Hellman |
|
| 20:00 |
Powell
|
You are being manipulated |
| 09:00 | Saflok or Unsaflok, That is the Question |
|
| 10:00 |
Rock
|
How to Overthrow a Government |
Fasel,
Jacobs
|
I Fight For The Users, Episode I - Attacks Against Top Consumer Products |
|
Holland
|
Developing Managed Code Rootkits for the Java Runtime Environment |
|
Grassi,
He
|
Escaping The Sandbox By Not Breaking It |
|
,
|
To Beat the Toaster, We Must Become the Toaster: How to Show A.I. Who's Boss in the Robot Apocalypse |
|
WCTF Day 2 Kickoff |
||
Hurd,
Stamos,
Swalwell
|
Silicon Valley Asks DC About Freedom, Crypto, & the Cybers |
|
| 10:10 | Hot Wheels: Hacking Electronic Wheelchairs |
|
DiMartino
|
To Catch An APT: YARA |
|
| 10:30 |
qu0rum
|
Oops, I Cracked My PANs |
| 11:00 |
Booth
|
Jittery MacGyver: Lessons Learned from Building a Bionic Hand out of a Coffee Maker |
Hindocha,
Lundgren
|
Light-Weight Protocol! Serious Equipment! Critical Implications! |
|
Ramsey,
Rose
|
Picking Bluetooth Low Energy Locks from a Quarter Mile Away |
|
McGrew
|
Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools |
|
Cassiopiea
|
God is a Human II - Artificial Intelligence and the Nature of Reality |
|
Johnson
|
JWTs in a flash! |
|
Evil ESP |
||
Brandt
|
SSL Visibility, Uncovered |
|
Hudson
|
Attacking EMR (Electronic Health Records) - Using HL7 and DICOM to Hack Critical Infrastructure |
|
| 11:10 |
Cashdollar
|
How to Find 1,352 WordPress XSS Plugin Vulnerabilities in 1 Hour (not really) |
| 11:30 |
J4RV1S
|
The State of HTTPS: Securing Web Traffic Is Not What It Used to Be |
Graafstra
|
Implants (2) |
|
| 12:00 |
Bugher
|
Bypassing Captive Portals and Limited Networks |
Klijnsma,
Tentler
|
Stargate: Pivoting Through VNC to Own Internal Networks |
|
Demay,
Lebrun
|
CANSPY: A Framework for Auditing CAN Devices |
|
Young
|
Attacking Network Infrastructure to Generate a 4 Tb/s DDoS for $5 |
|
Borden,
Pyr0
|
Art of Espionage (v.303) |
|
Korchagin
|
Overview and Evolution of Password-Based Authentication Schemes |
|
An Introduction To Pulling Software From Flash via I2C, SPI and JTAG |
||
Slaying Rogue Access Points with Python and Cheap Hardware |
||
Zaidenberg
|
Code breaking - Catching a cheat |
|
Schumann,
Stevens
|
The New White Hat Hacking: Computational Biology for the Good of Mankind |
|
| 12:10 | How the Smart-City becomes Stupid |
|
Pearce,
Vincent
|
HTTP/2 & QUIC: Teaching Good Protocols To Do Bad Things |
|
| 12:30 |
Scott
|
Retweet to Win: How 50 lines of Python made me the luckiest guy on Twitter |
Dixon
|
pin2pwn: How to Root an Embedded Linux Box with a Sewing Needle |
|
Open House - Key Signing Party & Lightning Talks |
||
Insteon, Inste-off, Inste-open? |
||
Dapello,
Fracchia
|
Reverse engineering biological research equipment for fun and open science |
|
| 13:00 |
Robbins,
Schroeder,
Vazarkar
|
Six Degrees of Domain Admin - Using Graph Theory to Accelerate Red Team Operations |
Newlin
|
MouseJack: Injecting Keystrokes into Wireless Mice |
|
Kambic
|
Cunning with CNG: Soliciting Secrets from Schannel |
|
Forgety,
Kreilein
|
NG9-1-1: The Next Generation of Emergency Ph0nage |
|
Panel - Oldtimers vs Noobz |
||
Drone Hijacking and other IoT hacking with GNU Radio and XTRX SDR |
||
SNMP and IoT Devices: Let me Manage that for you Bro! |
||
| 13:10 |
Lakhani,
Muniz
|
Now You See Me, Now You Don't |
| 13:30 |
Valsorda
|
Breaking Bad Crypto: BB'06 [WORKSHOP] |
Sundman
|
Ethical Challenges & Responsibilities of Biohackers and Artists |
|
| 14:00 |
Seymour,
Tully
|
Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter |
Dawes,
White
|
Universal Serial aBUSe: Remote Physical Access Attacks |
|
Gorenc,
Sands
|
Hacker-Machine Interface - State of the Union for SCADA HMI Vulnerabilities |
|
ashmastaflash
|
SITCH - Inexpensive, Coordinated GSM Anomaly Detection |
|
Edge
|
Practical Penetration Testing of Embedded Devices |
|
Drone Security Advisory: Hacking Popular Drones |
||
| 14:10 |
Raggo
|
Attacks on Enterprise Social Media |
| 14:30 | It's Just Software, Right? |
|
| 15:00 |
Shan,
Zhang
|
Forcing a Targeted LTE Cellphone into an Unsafe Network |
Thieme
|
Playing Through the Pain? - The Impact of Secrets and Dark Knowledge on Security and Intelligence Professionals |
|
Bonilla,
Jara
|
Exploiting and Attacking Seismological Networks... Remotely |
|
Beale,
Pesce
|
Phishing without Failure and Frustration |
|
Canfield
|
Tales from the Dongosphere: Lessons Learned Hosting Public Email for 4chan |
|
Cardozo,
Crocker,
Galperin,
Giliula,
Opsahl,
Rodriguez
|
EFF - Ask the EFF: The Year in Digital Civil Liberties |
|
Use JTAG tools to get root on a Raspberry Pi (2) |
||
Blinded by the Light |
||
Reversing and Exploiting Embedded Devices |
||
Tarah
|
0day for the Soul |
|
| 15:10 |
Soto,
Zadeh
|
Dynamic Population Discovery for Lateral Movement Detection (Using Machine Learning) |
| 15:30 | Internet of Thieves (or DIY Persistence) |
|
Dameff
|
The Bioethics of BioHacking |
|
| 16:00 |
Kouns
|
'Cyber' Who Done It?! Attribution Analysis Through Arrest History |
3AlarmLampScooter
|
DIY Nukeproofing: A New Dig at 'Datamining' |
|
Wardle
|
I've got 99 Problems, but Little Snitch ain't one |
|
Bazaliy
|
A Journey Through Exploit Mitigation Techniques in iOS |
|
Oops! I made a machine gun: The Progressive Lowering of the Barrier to Entry in Firearms Manufacturing |
||
Cheung
|
Highlights from the Matasano Challenges [WORKSHOP] |
|
Ward,
Winegard
|
Human Hacking: You ARE the weakest link. |
|
Multi-channel Wardriving Tools for IEEE 802.15.4 and Beyond |
||
Tranewreck |
||
You
|
The Era of Bio Big Data: Benefits and Challenges for Information Security, Health, the Economy, and National Security |
|
| 16:10 |
Pereyda
|
Fuzzing For Humans: Real Fuzzing in the Real World |
| 16:30 |
Bret-Mounet
|
All Your Solar Panels are Belong to Me |
Cardozo,
Crocker,
Galperin,
Giliula,
Opsahl,
Rodriguez
|
Ask the EFF |
|
Riggins
|
Esoteric Exfiltration |
|
Sutton
|
The Next Big Thing in Bioterrorism |
|
| 17:00 | Drunk Hacker History: Hacker Stories Powered by C2H6O for Fun & Profit |
|
Lester,
Zadegan
|
Abusing Bleeding Edge Web Standards for AppSec Glory |
|
Cardozo
|
Crypto: State of the Law |
|
Maldonado,
McGuffin
|
Sticky Keys To The Kingdom: Pre-auth RCE Is More Common Than You Think |
|
Kasarda,
McCollum
|
The next John Moses Browning will use GitHub |
|
V2V communications an introduction |
||
Thermostat Randomware and Workshop |
||
Street
|
....and bad mistakes I've made a few.... |
|
Imagine a Beowulf cluster of Pineapples! |
||
Segado,
Swaine-Simon
|
Intro to Brain Based Authentication |
|
| 17:10 |
Ziabari
|
Mining VirusTotal for Operational Data and Applying a Quality Control On It |
| 17:30 | Propaganda and You (and your devices) - How media devices can be used to coerce, and how the same devices can be used to fight back. |
|
Segado,
Swaine-Simon
|
Make Your Own Brain Stimulation Device |
|
| 18:00 | Taking Down Skynet (By Subverting the Command and Control Channel) |
|
Deep Learning on CAN BUS |
||
Borg
|
SCAM CALL – Call Dropped |
|
| 18:10 |
Gangwere
|
Fiddler on the Roof: A No-Nonsense Look at Fiddler and Its Usage |
| 19:00 | Security Flaws in Automotive Immobilizer |
|
Zani
|
How to Un-Work your job: Revolutions, Radicals and Engineering by Committee |
|
| 20:00 |
Sidek
|
Advanced social engineering techniques and the rise of cyber scams industrial complex |
| 09:00 |
Raggo
|
What's Lurking Inside MP3 Files That Can Hurt You? |
| 10:00 |
Huber,
Rasthofer
|
How to Do it Wrong: Smartphone Antivirus and Security Applications Under Fire |
Hecker
|
Hacking Hotel Keys and Point of Sale Systems: Attacking Systems Using Magnetic Secure Transmission |
|
Benson
|
Examining the Internet's pollution |
|
Jaroszewski
|
How to get good seats in the security theater? Hacking boarding passes for fun and profit. |
|
O’Connor
|
The Other Way to Get a Hairy Hand; or, Contracts for Hackers |
|
Heavy Duty Networks vs Light Duty |
||
0-day Hunting |
||
The Live SEPodcast |
||
| 10:30 |
Keenan
|
CRISPR/Cas9: Newest Tools for Biohacking fun |
| 11:00 |
regilero
|
Hiding Wookiees in HTTP - HTTP smuggling is a thing we should know better and care about |
Escobar
|
Discovering and Triangulating Rogue Cell Towers |
|
Mike
|
Use Their Machines Against Them: Loading Code with a Copier |
|
Coley,
Drake
|
Vulnerabilities 101: How to Launch or Improve Your Vulnerability Research Game |
|
Front Door Nightmare |
||
IoT Defenses - Software, Hardware, Wireless and Cloud |
||
Novich
|
Hacking Sensory Perception |
|
| 11:10 |
Wang
|
Building a Local Passive DNS Tool for Threat Intelligence Research |
| 11:30 |
Sidorov,
Zaitov
|
Managing Digital Codesigning Identities in an Engineering Company |
Graafstra
|
Implants (3) |
|
| 12:00 |
Butterly,
Schmidt
|
Attacking BaseStations - an Odyssey through a Telco's Network |
Lawshae
|
Let’s Get Physical: Network Attacks Against Physical Security Systems |
|
Petro
|
Game over, man! – Reversing Video Games to Create an Unbeatable AI Player |
|
Anch
|
So You Think You Want To Be a Penetration Tester |
|
,
|
Active Incident Response |
|
Bambenek
|
Crypto for Criminals - The OPSEC Concerns in Using Cryptography |
|
EagleCAD Basics |
||
Wireless Capture the Flag |
||
Norcie
|
My Usability Goes to 11": A Hacker's Guide to User Experience Research |
|
| 12:10 |
McAuley,
Moore
|
LTE and Its Collective Insecurity |
| 12:30 |
Caudill,
Hornby
|
Backdooring Cryptocurrencies: The Underhanded Crypto Contest Winners |
| 13:00 |
Liu,
Xu,
Yan
|
Can You Trust Autonomous Vehicles: Contactless Attacks against Sensors of Self-driving Vehicle |
Luo
|
Drones Hijacking - multi-dimensional attack vectors and countermeasures |
|
Jmaxxz
|
Backdooring the Frontdoor |
|
Dr. Pill
|
Mouse Jiggler Offense and Defense |
|
Chook,
Kemper
|
Homologation - Friend or Frenemy? |
|
Zaytsev
|
Attention Hackers: Cannabis Needs Your Help! |
|
| 13:10 |
Plug
|
Incident Code Name: When SkyFalls A Shaken, Not Stirred, James Bond Tale on Incident Response |
| 13:30 |
GingerBread Man
|
Nootropics: Better Living Through Chemistry or Modern-Day Prometheus |
| 14:00 |
Szakaly
|
Help, I've got ANTs!!! |
bigezy,
saci
|
An Introduction to Pinworm: Man in the Middle for your Metadata |
|
Bull,
Matthews,
Trumbull
|
VLAN hopping, ARP Poisoning and Man-In-The-Middle Attacks in Virtualized Environments |
|
Chapman,
Stone
|
Toxic Proxies - Bypassing HTTPS and VPNs to Pwn Your Online Identity |
|
Saadeldin,
Saher
|
Ads and Messengers: Exploit Me How You Can |
|
| 15:00 |
Donenfeld
|
Stumping the Mobile Chipset |
Bianchi,
Borgolte,
Corbetta,
Disperati,
Dutcher,
Machiry,
Salls,
Shoshitaishvili,
Stephens,
Vigna,
Wang
|
Cyber Grand Shellphish |
|
Geshev,
Loureiro
|
Platform agnostic kernel fuzzing |
|
Demay,
Lebrun,
Reziouk
|
Auditing 6LoWPAN Networks using Standard Penetration Testing Tools |
|
| 16:30 |
Tangent
|
Closing Ceremonies |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.