25 Years of Program Analysis

Abusing Certificate Transparency Logs

Abusing Webhooks for Command and Control

Alice and Bob are Slightly Less Confused

All Your Things Are Belong To Us

Amateur Digital Archeology

An ACE Up the Sleeve: Designing Active Directory DACL Backdoors

A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!

A New Political Era: Time to start wearing tin-foil hats following

A Picture is Worth a Thousand Words, Literally: Deep Neural Networks for Social Stego

Are all BSDs are created equally? A survey of BSD kernel vulnerabilities.

Assembly Language is Too High Level

Attacking Autonomic Networks

Automated Testing using Crypto Differential Fuzzing (DO NOT RECORD)

Backdooring the Lottery and Other Security Tales in Gaming over the Past 25 Years

$BIGNUM steps forward, $TRUMPNUM steps back: how can we tell if we're winning?

BITSInject

Blue Team TLS Hugs

Breaking Bitcoin Hardware Wallets

Breaking the x86 Instruction Set

Breaking TLS: A Year in Incremental Privacy Improvements

Breaking Wind: Adventures in Hacking Wind Farm Control Networks

Bypassing Android Password Manager Apps Without Root

CableTap: Wirelessly Tapping Your Home Network

Call the plumber - you have a leak in your (named) pipe

Cisco Catalyst Exploitation

CITL and the Digital Standard - A Year Later

Closing

Closing Ceremony

Controlling IoT devices with crafted radio signals

Core Illumination: Traffic Analysis in Cyberspace

Cryptanalysis in the Time of Ransomware

Cypherpunks History

D0 No H4RM: A Healthcare Security Conversation

Dark Data

DC to DEF CON: Q&A with Congressmen James Langevin and Will Hurd

Dealing the perfect hand - Shuffling memory blocks on z/OS

Death By 1000 Installers; on macOS, it's all broken!

DEF CON 101 Panel

Demystifying Windows Kernel Exploitation by Abusing GDI Objects.

Digital Vengeance: Exploiting the Most Notorious C&C Toolkits

DNS - Devious Name Services - Destroying Privacy & Anonymity Without Your Consent

DOOMed Point of Sale Systems

Driving down the rabbit hole

Evading next-gen AV using artificial intelligence

Exploiting 0ld Mag-stripe information with New technology

Exploiting Continuous Integration (CI) and Automated Build systems

Friday the 13th: JSON attacks!

From Box to Backdoor: Using Old School Tools and Techniques to Discover Backdoors in Modern Devices

From "One Country - One Floppy" to "Startup Nation" - the story of the early days of the Israeli hacking community, and the journey towards today's vibrant startup scene

Game of Chromes: Owning the Web with Zombie Chrome Extensions

Game of Drones: Putting the Emerging "Drone Defense" Market to the Test

Genetic Diseases to Guide Digital Hacks of the Human Genome: How the Cancer Moonshot Program will Enable Almost Anyone to Crash the Operating System that Runs You or to End Civilization...

Get-$pwnd: Attacking Battle-Hardened Windows Server

Ghost in the Droid: Possessing Android Applications with ParaSpectre

'Ghost Telephonist' Impersonates You Through LTE CSFB

Hacking Democracy

Hacking Democracy: A Socratic Dialogue

Hacking on Multiparty Computation

Hacking Smart Contracts

Hacking the Cloud

Hacking travel routers like it's 1999

Have you seen my naked selfies? Neither has my snoopy boyfriend. Pr

Here to stay: Gaining persistency by abusing advanced authentication mechanisms

Horror stories of a translator and how a tweet can start a war with less than 140 characters

How we created the first SHA-1 collision and what it means for hash security

If You Give a Mouse a Microchip... It will execute a payload and cheat at your high-stakes video game tournament

I Know What You Are by the Smell of Your Wifi

Inside the "Meet Desai" Attack: Defending Distributed Targets from Distributed Attacks

Introducing HUNT: Data Driven Web Hacking & Manual Testing

Jailbreaking Apple Watch

Koadic C3 - Windows COM Command & Control Framework

Linux-Stack Based V2X Framework: All You Need to Hack Connected Vehicles

macOS/iOS Kernel Debugging and Heap Feng Shui

Malicious CDNs: Identifying Zbot Domains en Masse via SSL Certificates and Bipartite Graphs

Man in the NFC

MEATPISTOL, A Modular Malware Implant Framework

Microservices and FaaS for Offensive Security

MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt)

Next-Generation Tor Onion Services

Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server

Open Source Safe Cracking Robots - Combinations Under 1 Hour! (Is it bait? Damn straight it is.)

Operational Security Lessons from the Dark Web

Opt Out or Deauth Trying !- Anti-Tracking Bots Radios and Keystroke Injection

Panel - An Evening with the EFF

Panel: DEF CON Groups

Panel: Meet The Feds

Panel - Meet the Feds (who care about security research)

PEIMA (Probability Engine to Identify Malicious Activity): Using Power Laws to address Denial of Service Attacks

Persisting with Microsoft Office: Abusing Extensibility Options

Phone system testing and other fun tricks

Popping a Smart Gun

Porosity: A Decompiler For Blockchain-Based Smart Contracts Bytecode

Privacy is Not An Add-On: Designing for Privacy from the Ground Up

Protecting Users' Privacy in a Location-Critical Enterprise: The Ch

Radio Exploitation 101: Characterizing, Contextualizing, and Applying Wireless Attack Methods

Rage Against the Weaponized AI Propaganda Machine

Real-time RFID Cloning in the Field

Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science

rustls: modern\, fast\, safer TLS

Secret Tools: Learning about Government Surveillance Software You Can't Ever See

Secure Tokin' and Doobiekeys: How to roll your own counterfeit hardware security devices

Security Analysis of the Telegram IM

See no evil, hear no evil: Hacking invisibly and silently with light and sound

SHA-3 vs the world

Social Engineering The News

Starting the Avalanche: Application DoS In Microservice Architectures

Taking Windows 10 Kernel Exploitation to the next level - Leveraging write-what-where vulnerabilities in Creators Update

Teaching Old Shellcode New Tricks

The Adventures of AV and the Leaky Sandbox

The Black Art of Wireless Post Exploitation

The Brain's Last Stand

The call is coming from inside the house! Are you ready for the next evolution in DDoS attacks?

The Internet Already Knows I'm Pregnant

The Key Management Facility of the Root Zone DNSSEC KSK

The Last CTF Talk You'll Ever Need: AMA with 20 years of DEF CON Capture-the-Flag organizers

The Policy & Business Case for Privacy By Design

There's no place like 127.0.0.1 - Achieving reliable DNS rebinding in modern browsers

The spear to break the security wall of S7CommPlus

The Surveillance Capitalism Will Continue Until Morale Improves

The Symantec/Chrome SSL debacle - how to do this better...

The Why and How for Secure Automatic Patch Management

"Tick, Tick, Tick. Boom! You're Dead." — Tech & the FTC

Total Recall: Implanting Passwords in Cognitive Memory

Tracking Spies in the Skies

Trojan-tolerant Hardware & Supply Chain Security in Practice

Twenty Years of MMORPG Hacking: Better Graphics, Same Exploits

Unboxing Android: Everything you wanted to know about Android packers

Uncovering useful and embarrassing info with Maltego

Underhanded Crypto Announcement

Unfairplay (NOT RECORDED)

(Un)Fucking Forensics: Active/Passive (i.e. Offensive/Defensive) memory hacking/debugging.

Untrustworthy Hardware and How to Fix It

Using GPS Spoofing to control time

Village Setup (Volunteers and Organizers Only)

Volunteer Huddle

Weaponizing Machine Learning: Humanity Was Overrated Anyway

Weaponizing the BBC Micro:Bit

Welcome - Friday

Welcome - Saturday

Welcome - Sunday

Welcome to DEF CON 25

When Privacy Goes Poof! Why It's Gone and Never Coming Back

Where are the SDN Security Talks?

Wiping out CSRF

WS: Breaking the Uber Badge Ciphers

WS: FeatherDuster and Cryptanalib workshop

WS: Implementing An Elliptic Curve in Go

WS: Mansion Apartment Shack House: How To Explain Crypto To Practic

WS: NoiseSocket: Extending Noise to Make Every TCP Connection Secur

WS: Reasoning about Consensus Algorithms

WS: Secrets Management in the Cloud

WS: SECURE COMMUNICATIONS IN ANDROID WITH TLS/SSL

WS: Supersingular Isogeny Diffie-Hellman

WSUSpendu: How to hang WSUS clients

XenoScan: Scanning Memory Like a Boss

Yet another password hashing talk