| 13:00 |
Panel
|
DEF CON 101 |
Arlen,
Costello,
Honeywell,
Krabec,
Rad
|
Hacking The Future: Weaponizing The Next Generation |
|
Cayci,
Waite
|
Go Go Gadget Python! : Introduction to Hardware Hacking |
|
Foley,
Schmiedl,
Zoz
|
Exploitable Assumptions Workshop |
|
Janansky,
Kiamilev,
Lange
|
Hardware Black Magic: Designing Printed Circuit Boards |
|
| 14:00 |
Bird,
Bryan
|
The Keys To Running A Successful DEF CON Group By DC612 |
| 19:00 |
Scott
|
DC 18 Movie Night - GET LAMP |
| 10:00 |
Secret
|
Keynote |
Grand,
Moss
|
Welcome and Making the DEF CON 18 Badge |
|
Hofmann
|
How To Get Your FBI File (and Other Information You Want From the Federal Government) |
|
Vixie
|
SIE Passive DNS and the ISC DNS Database |
|
DC-949
|
oCTF: 5 years in 50 minutes |
|
Onlychick
|
The Rise of Idiocracy |
|
| 11:00 |
Panel
|
Meet the Feds - CSI:TCP/IP |
Conti
|
Our Instrumented Lives: Sensors, Sensors, Everywhere... |
|
Anderson,
Bryan
|
Cloud Computing, a Weapon of Mass Destruction? |
|
Burroughs
|
Open Public Sensors and Trend Monitoring |
|
Amrani
|
Hacrypanalsys -- RSA |
|
| 11:30 |
Ho
|
FOE‚ The Release of Feed Over Email, a Solution to Feed Controversial News to Censored Countries |
| 12:00 |
Beckstrom,
Kaminsky,
Mockapetris,
Silva,
Weatherford
|
DNS Systemic Vulnerabilities and Risk Management: A Discussion |
Rain
|
Build a Lie Detector/Beat a Lie Detector |
|
Soghoian
|
Your ISP and the Government: Best Friends Forever. |
|
Eckersley
|
How Unique Is Your Browser? |
|
Bryner
|
Google Toolbar: The NARC Within |
|
Bodmer
|
Silence of the RAM |
|
| 12:30 |
Wolchok
|
Crawling BitTorrent DHTs for Fun |
| 13:00 |
Panel
|
Meet the Feds - Policy, Privacy, Deterrence and Cyber War |
Brown
|
How Hackers Won the Zombie Apocalypse |
|
Bankston,
Granick,
Hofmann,
Opsahl
|
The Law of Laptop Search and Seizure |
|
Cerrudo
|
Token Kidnapping's Revenge |
|
Bowne
|
Who Cares About IPv6? |
|
Schearer
|
How to Pwn an ISP in 10 Minutes or less |
|
| 13:30 |
Quynh
|
Operating System Fingerprinting for Virtual Machines |
| 14:00 |
Repko
|
Enough Cyber Talk Already! Help get this Collaboration Engine Running! |
Haines,
Kershaw,
Weigand
|
Build your own UAV 2.0 - Wireless Mayhem from the Heavens! |
|
Rachner,
Rennie
|
Search & Seizure & Golfballs |
|
Brown,
Ragan
|
Lord of the Bing: Taking Back Search Engine Hacking from Google and Bing |
|
Thomas
|
Web Application Fingerprinting with |
|
Krabec
|
Protecting Your Ass(etts) |
|
| 14:30 |
Colley
|
WRT54-TM, Media Center and Network Sniffer |
| 15:00 | Open Letter - Call to Action |
|
Isacson,
Ortega
|
Exploiting Digital Cameras |
|
Decius
|
Exploiting Internet Surveillance Systems |
|
Hardy
|
Tales from the Crypto |
|
Kunkel
|
Air Traffic Control Insecurity 2.0 |
|
Kushner,
Murray
|
Determining Fair Value For Your Skills, and Getting It |
|
| 15:30 |
Nguyen
|
FPGA Bitstream Reverse Engineering |
| 16:00 |
Panel
|
Of Bytes and Bullets |
Hughes
|
VirGraff101: An Introduction to Virtual Graffiti |
|
Conley
|
Hacking Facebook Privacy |
|
Schaller
|
Exploiting WebSphere Application Server's JSP Engine |
|
Krpata
|
Like a Boss: Attacking JBoss |
|
Guthrie
|
SCADA != SCARY! |
|
| 16:30 |
Metzger
|
Letting the Air Out of Tire Pressure Monitoring Systems |
| 17:00 |
Fifield,
Fyodor
|
Mastering the Nmap Scripting Engine |
Krick
|
DCFluX in: Moon-bouncer |
|
Burns,
Eckersley
|
An Observatory for the SSLiverse |
|
Siddharth
|
Hacking Oracle From Web Apps |
|
Amato
|
Evilgrade, You Still Have Pending Upgrades? |
|
Teissler
|
Winning Risky Internet Games |
|
| 17:30 |
Kane,
Kongs
|
Training the Next Generation of Hardware Hackers -- Teaching Computer Organization and Assembly Language Hands-on with Embedded Systems |
| 18:00 |
Bankston,
Galperin,
Granick,
Hofmann,
Opsahl
|
Meet the EFF |
Smith
|
Weaponizing Lady GaGa, Psychosonic Attacks |
|
Bursztein,
Gourdin,
Rydstedt
|
Bad Memories |
|
Huang
|
Drivesploit: Circumventing Both Automated AND Manual Drive-By-Download Detection |
|
Fagan
|
Be A Mentor! |
|
| 18:30 |
Eduardo
|
Your Boss is a Douchebag... How About You? |
| 19:00 |
Kaminsky
|
Black Ops Of Fundamental Defense: Web Edition |
Thieme
|
Getting Root: Remote Viewing, Non-local Consciousness, Big Picture Hacking, and Knowing Who You Are |
|
Alonso,
Palazon
|
FOCA2: The FOCA |
|
Fayó
|
Hacking and Protecting Oracle Database Vault |
|
Oberheide
|
Antique Exploitation (aka Terminator 3.1.1 for Workgroups |
|
| 19:30 |
Zoz
|
Pwned By The Owner: What Happens When You Steal A Hacker's Computer |
| 20:00 |
Geers
|
Live Fire Exercise: Baltic Cyber Shield 2010 |
Bankston,
Ozer
|
Big Brother on the Big Screen: Fact/Fiction? |
|
| 21:00 |
Bumgarner,
Clemens,
Fried,
Geers,
Ives,
Kaminsky,
Sachs,
Vixie
|
Panel: Internet Wars |
| 10:00 |
Granick
|
Legal Developments in Hardware Hacking |
Paget
|
Extreme-range RFID Tracking |
|
Marlinspike
|
Changing Threats To Privacy: From TIA To Google |
|
Brown
|
Exploiting SCADA Systems |
|
Quist
|
Improving Antivirus Scanner Accuracy with Hypervisor Based Analysis |
|
Aphelia
|
TBA |
|
| 11:00 |
Hering,
Mahaffey
|
App Attack: Surviving the Mobile Application Explosion |
Jack
|
Jackpotting Automated Teller Machines Redux |
|
Brooks
|
masSEXploitation |
|
Miller
|
Kim Jong-il and Me: How to Build a Cyber Army to Defeat the U.S. |
|
Maynor
|
Searching for Malware: A Review of Attackers’ Use of Search Engines to Lure Victims |
|
Marpet
|
Facial Recognition: Facts, Fiction, and Fsck-ups |
|
| 12:00 |
Papathanasiou,
Percoco
|
This is not the droid you're looking for... |
Bluzmanis,
Fiddler,
Tobias
|
Insecurity Engineering of Physical Security Systems: Locks, Lies, and Videotape |
|
Lodge,
Potter
|
This Needs to be Fixed, and Other Jokes in Commit Statements |
|
Cyber[Crime|War] Charting Dangerous Waters |
||
Dunning
|
Katana: Portable Multi-Boot Security Suite |
|
Oberheide,
Shutters
|
Android Security -- Overview and Potential Issues |
|
| 13:00 |
Paget
|
Practical Cellphone Spying |
Lee,
Pahl
|
Bypassing Smart-card Authentication and Blocking Debiting: Vulnerabilities in Atmel Cryptomemory-based Stored-value Systems |
|
Frank^2
|
Trolling Reverse-Engineers with Math: Ness... It hurts... |
|
Appelbaum,
Lai,
Oberheide
|
The Power of Chinese Security |
|
Wise
|
From "No Way" to 0-day: Weaponizing the Unweaponizable |
|
Linn
|
Multiplayer Metasploit -- Double Penetration Made Easy |
|
| 14:00 |
Mohney
|
HD Voice - The Overdue Revolution |
Merdinger
|
We Don't Need No Stinkin' Badges: Hacking Electronic Door Access Controllers |
|
Smith
|
pyREtic - In-memory Reverse Engineering for Obfuscated Python Bytecode |
|
Keltner,
Moyer
|
Wardriving the Smart Grid: Practical Approaches to Attacking Utility Packet Radios |
|
Ahn,
Ha
|
Malware Migrating To Gaming Consoles: Embedded Devices, An Antivirus-Free Safe Hideout For Malware |
|
Moore
|
Fun with VxWorks |
|
| 15:00 |
Lineberry,
Richardson,
Wyatt
|
These Aren't the Permissions You're Looking For |
Delchi
|
Physical Security : You're Doing It Wrong! |
|
Ahmad
|
WPA Too! |
|
Arlen
|
SCADA and ICS for Security Experts: How to Avoid Cyberdouchery |
|
Pejski
|
My Life As A Spyware Developer |
|
Nickerson
|
What you lookin' at...Punk. |
|
| 16:00 |
Bonetti
|
Mobile Privacy: Tor on the iPhone and Other Unusual Devices |
Street
|
Deceiving the Heavens to Cross the Sea: Using the the 36 stratagems for Social Engineering |
|
Heffner
|
How to Hack Millions of Routers |
|
Picchioni,
Weisshaar
|
The Night The Lights Went Out In Vegas: Demystifying Smartmeter Networks |
|
Ilyas,
Percoco
|
Malware Freak Show 2: The Client-Side Boogaloo |
|
Timmay
|
Browser Extension Malware |
|
| 17:00 |
Brown
|
Resilient Botnet Command and Control with Tor |
Follower,
Honeywell
|
Physical Computing, Virtual Security: Adding the Arduino Devel Environment to Your Security Toolbox |
|
bitemytaco,
Self
|
SHacking DOCSIS For Fun and Profit |
|
McNabb
|
Cyberterrorism and the Security of the National Drinking Water Infrastructure |
|
McCoy
|
Hacking .Net Applications: A Dynamic Attack |
|
Panel
|
Flame WAR! |
|
| 18:00 |
HONEY
|
Ripping Media Off Of the Wire |
Elkins
|
Hacking with Hardware: Introducing the Universal RF Usb Keboard Emulation Device - URFUKED |
|
Haas
|
Advanced Format String Attacks |
|
Huang,
Yu
|
The Chinese Cyber Army - An Archaeological Study from 2001 to 2010 |
|
Lindner
|
Blitzableiter - the Release |
|
| 19:00 |
Scott
|
You're Stealing It Wrong! 30 Years of Inter-Pirate Battles |
Crenshaw
|
Programmable HID USB Keystroke Dongle: Using the Teensy as a Pen Testing Device |
|
Alonso,
Palazon
|
Connection String Parameter Attacks |
|
West
|
An Examination of the Adequacy of the Laws Related to Cyber Warfare |
|
Panel
|
Defcon Security Jam III: Now in 3-D? |
|
| 20:00 |
Malkewicz,
Novak,
Polk
|
Industrial Cyber Security |
| 10:00 |
Ollam
|
The Search for Perfect Handcuffs... and the Perfect Handcuff Key |
Bailey
|
Web Services We Just Don't Need |
|
Shewmaker
|
Browser Based Defenses |
|
Linn
|
Multiplayer Metasploit: Tag-Team Penetration and Information Gathering |
|
aSMig,
Goldy,
Pierce
|
WiMAX Hacking 2010 |
|
de Oliveira
|
I know where your credit card is... |
|
| 11:00 |
datagram,
Towne
|
Attack the Key, Own the Lock |
Curran
|
IPv6: No Longer Optional |
|
Hamiel,
Wielgoszewski
|
Constricting the Web: Offensive Python for Web Hackers |
|
Ames,
Lai,
Smith
|
Balancing the Pwn Trade Deficit |
|
King
|
Hardware Hacking for Software Guys |
|
Bransfield
|
Why Security People Suck |
|
| 12:00 |
Daniel
|
PCI, Compromising Controls and Compromising Security |
Avraham
|
Exploitation on ARM - Technique and Bypassing Defense Mechanisms |
|
Madou,
West
|
Repelling the Wily Insider |
|
Kelley,
Kennedy
|
Powershell...omfg |
|
Otto
|
Electronic Weaponry or How To Rule the World While Shopping at Radio Shack |
|
Marcus
|
Social Engineering and Target Profiling with 100% Accuracy |
|
| 13:00 |
Kamkar
|
How I Met Your Girlfriend |
Ryanczak
|
Implementing IPv6 at ARIN |
|
Fiekert
|
The Anatomy of Drug Testing |
|
Pyorre
|
Build Your Own Security Operations Center for Little or No Money |
|
mc.fly,
no_maam,
ryd,
Vyrus
|
ChaosVPN for Playing CTFs |
|
Smith
|
Roman Profiles: The Six Mistakes |
|
| 14:00 |
Houck
|
Decoding reCAPTCHA |
Dunning
|
Breaking Bluetooth By Being Bored |
|
Petreski,
Smith
|
A New Approach to Forensic Methodology - !!BUSTED!! Case Studies |
|
Breedijk
|
Seccubus - Analyzing vulnerability assessment data the easy way... |
|
Nesbit
|
The Games We Play |
|
Hoopes
|
You want me to let you do WHAT! |
|
| 15:00 |
strace
|
So Many Ways to Slap A Yo-Ho:: Xploiting Yoville and Facebook for Fun and Profit |
Self,
Zage,
Zage
|
SMART Project: Applying Reliability Metrics to Security Vulnerabilities |
|
Mullen,
Pentney
|
Open Source Framework for Advanced Intrusion Detection Solutions |
|
Pridgen
|
Toolsmithing an IDA Bridge, Case Study For Building A Reverse Engineering Tool" |
|
Boneh,
Bursztein,
Lagarenne
|
Kartograph : Finding a Needle in a Haystack or How to Apply Reverse Engineering Techniques to Cheat at Video Games |
|
Yeti
|
TBA |
|
| 16:00 |
Suggmeister
|
Social Networking Special Ops: Extending Data Visualization Tools for Faster Pwnage |
Oh
|
ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches Automatically |
|
Pogue
|
Sniper Forensics - One Shot, One Kill |
|
McCray
|
You Spent All That Money And You Still Got Owned... |
|
Schober
|
Gaming in the Glass Safe - Games, DRM and Privacy |
|
Panel
|
Story Time |
|
| 17:00 |
Flick,
Morehouse
|
Getting Social with the Smart Grid |
Damato
|
Function Hooking for Mac OSX and Linux |
|
Chiu,
Huang
|
0box Analyzer: AfterDark Runtime Forensics for Automated Malware Analysis and Clustering |
|
Schearer
|
SHODAN for Penetration Testers |
|
metr0
|
Securing MMOs: A Security Professional's View From the Inside |
|
| 18:00 |
Moss
|
Awards Ceremonies hosted by Dark Tangent |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.