| 10:00 |
DaKahuna
|
Breaking Wireless Encryption Keys |
| 11:00 |
Imhoff,
Ripshy
|
Intro to Digital Forensics: Tools & Tactics |
| 12:00 |
Siviak
|
The Cerebral Source Code |
| 13:00 |
AlxRogan,
Flipper,
HighWiz,
Lockheed,
LoST,
Pyro,
Roamer
|
DEF CON 101 |
| 14:00 |
AlxRogan,
Lockheed,
Roamer
|
Screw the planet, hack the job! |
| 15:00 |
Gareau
|
HF skiddies suck, don't be one, learn some basic python |
| 16:00 |
LoST
|
Hacking the hackers: How firm is your foundation? |
| 17:00 |
Dr. Tran
|
Introduction to lockpicking and bypassing physical security |
| 09:00 |
Chook,
Kemper
|
Prehack - How to create and/or prevent a backdoor during the design and development of a product |
| 10:00 |
Weatherford
|
The Christopher Columbus Rule and DHS |
Welcome & Making the DEF CON 20 Badge |
||
Bankston,
Blaze,
Granick
|
Should the Wall of Sheep Be Illegal? A Debate Over Whether and How Open WiFi Sniffing Should Be Regulated |
|
Beighley,
Noble
|
Making Sense of Static - New Tools for Hacking GPS |
|
Cui
|
Embedded Device Firmware Vulnerability Hunting Using FRAK, the Firmware Reverse Analysis Konsole |
|
Rowley
|
Juice Jacking: Hacking the Defcon Attendee's Smartphones |
|
| 10:30 |
Pan
|
APK File Infection on an Android System |
| 11:00 |
Mullen
|
Socialized Data: Using Social Media as a Cyber Mule |
DEF CON Documentary Trailer |
||
Granick,
Rennie
|
MegaUpload: Guilty or Not Guilty? |
|
Crump,
Kohlenberg,
Soghoian,
Soltani,
Wizner
|
Can You Track Me Now? Government And Corporate Surveillance Of Mobile Geo-Location Data |
|
Holeman
|
Passive Bluetooth Monitoring in Scapy |
|
Dawson
|
2005 Called - They want their Lotus Notes password hashes back |
|
| 11:20 |
Addict,
Thackeray
|
Before, During, and After |
| 11:30 |
Darkred
|
Not-So-Limited Warranty: Target Attacks on Warranties for Fun and Profit |
| 12:00 |
Mudge
|
Cortana: Rise of the Automated Red Team |
Alexander
|
Shared Values, Shared Responsibility |
|
Eckersley,
Fakhoury,
Galperin,
Hofmann,
Opsahl,
Timm
|
Meet the EFF |
|
Duggan
|
Not So Super Notes, How Well Does US Dollar Note Security Prevent Counterfeiting? |
|
Thomas
|
Appearance Hacking 101: The Art of Everyday Camouflage |
|
| 12:30 |
Butler
|
The Open Cyber Challenge Platform |
| 13:00 |
DeSimone,
Kennedy
|
Owning One to Rule Them All |
Geers
|
The Art of Cyberwar |
|
Panel: The Making of DEF CON 20 |
||
Miller
|
Don't Stand So Close To Me: An Analysis of the NFC Attack Surface |
|
Illera,
Street
|
How to Channel Your Inner Henry Rollins |
|
TBA-sky1 |
||
| 13:30 |
Conley
|
Bad (and Sometimes Good) Tech Policy: It's Not Just a DC Thing |
| 14:00 |
Henry
|
Changing the Security Paradigm: Taking Back Your Network and Bringing Pain to the Adversary |
Anderson
|
Drones! |
|
Hofmann
|
Crypto and the Cops: the Law of Key Disclosure and Forced Decryption |
|
Lee
|
NFC Hacking: The Easy Way |
|
Rodriguez,
Valderrama
|
Scylla: Because There's no Patch for Human Stupidity |
|
Mullen
|
TBA-sky2 |
|
| 14:30 |
Tentler
|
Drinking From the Caffeine Firehose We Know as Shodan |
| 15:00 |
King
|
Detecting Reflective Injection |
Kirk
|
An Inside Look Into Defense Industrial Base (DIB) Technical Security Controls: How Private Industry Protects Our Country's Secrets |
|
Arlen,
Graham,
Hoff,
Maynor,
Mogull,
Mortman,
Pesce
|
DEF CON Comedy Jam V, V for Vendetta |
|
Tarnovsky
|
Attacking TPM Part 2: A Look at the ST19WP18 TPM Device |
|
Petro
|
Network Anti-Reconnaissance: Messing with Nmap Through Smoke and Mirrors |
|
Pordon
|
Making Lockpicks the Legion303 Way |
|
| 15:30 |
Minozhenko
|
How to Hack VMware vCenter Server in 60 Seconds |
| 16:00 |
Baucom,
Gavin,
Smith
|
Post-Exploitation Nirvana: Launching OpenDLP Agents over Meterpreter Sessions |
Conti,
Hartzog,
Shay
|
Life Inside a Skinner Box: Confronting our Future of Automated Law Enforcement |
|
Polstra
|
Bypassing Endpoint Security for $20 or Less |
|
Gaivoronski,
Gamayunov
|
Demorpheus: Getting Rid Of Polymorphic Shellcodes In Your Network |
|
DC-949
|
Stiltwalker, Round 2 |
|
| 16:30 |
Galbreath
|
New Techniques in SQLi Obfuscation: SQL never before used in SQLi |
| 17:00 |
Perklin
|
Anti-Forensics and Anti-Anti-Forensics: Attacks and Mitigating Techniques for Digital-Forensic Investigations |
The Art Of The Con |
||
Bluzmanis,
Fiddler,
Tobias
|
Safes and Containers: Insecurity Design Excellence |
|
Deaton
|
DivaShark - Monitor your Flow |
|
Hirsch,
Patterson
|
Hammer: Smashing Binary Formats Into Bits |
|
| 17:30 |
Baldwin
|
Blind XSS |
| 18:00 |
Smith
|
Taking Back Our Data - An Invitation To Discussion |
| 09:00 |
Beddome
|
The Devil is in the Details - Why the way you used to do Social Engineering Sucks |
| 10:00 |
Marlinspike
|
Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2 |
Thieme
|
Twenty Years Back, Twenty Years Ahead: The Arc of DEF CON Past and Future |
|
Beckstrom,
Corman,
Gross,
Kaminsky,
Moss
|
World War 3.0: Chaos, Control & the Battle for the Net |
|
Doctorow
|
Beyond the War on General Purpose Computing: What's Inside the Box? |
|
Perrine
|
Creating an A1 Security Kernel in the 1980s (Using “Stone Knives and Bear Skins”) |
|
Crowley,
Savage
|
The Patsy Proxy - Getting Others To Do Your Dirty Work |
|
| 11:00 |
Claudius,
Reynolds
|
Stamp Out Hash Corruption! Crack All The Things! |
Dameff,
Tully
|
Hacking Humanity: Human Augmentation and You |
|
Schneier
|
Bruce Schneier Answers Your Questions |
|
Alonso,
Manu
|
Owning Bad Guys {And Mafia} With Javascript Botnets |
|
Brashars
|
Exploit Archaeology: Raiders of the Lost Payphones |
|
Bird,
McOmie
|
TBA-sky3 |
|
| 12:00 |
Bitweasil
|
Cryptohaze Cloud Cracking |
Brown
|
DIY Electric Car |
|
Carroll,
Christy,
Fried,
Iadonisi,
Marshall,
McCallum,
Wykes
|
Meet the Feds 1 - Law Enforcement |
|
Enbody,
Sood
|
Botnets Die Hard - Owned and Operated |
|
Cannon
|
Into the Droid: Gaining Access to Android User Data |
|
Crypt0s
|
Grepping the Gropers - Airport Security |
|
| 13:00 |
Borskey,
Feinauer,
Ostrom
|
The End of the PSTN As You Know It |
Grand,
Zoz
|
More Projects of Prototype This! |
|
Beckstrom,
Christy,
Dixon,
Joyce,
Kwon,
Marshall,
Repko,
Sachs,
Weatherford,
Wells
|
Meet the Feds 2 - Policy |
|
Brossard
|
Hardware Backdooring is Practical |
|
Floren
|
Hellaphone: Replacing the Java in Android |
|
Bowne
|
The Breach That Wasn't |
|
| 13:30 |
Vandevanter
|
Interface Puncher |
| 14:00 |
Bratus,
Shapiro
|
Programming Weird Machines with ELF Metadata |
Atlas
|
<ghz or bust: DEF CON |
|
Priest
|
Q&A with the Men (and Women) in Black |
|
Griffin
|
Hacking Measured Boot and UEFI |
|
Robble,
Thomas
|
Off-Grid Communications with Android: Meshing the Mobile World |
|
Timmay
|
Why You Should Not Get a CISSP |
|
| 15:00 |
Gallo
|
Uncovering SAP Vulnerabilities: Reversing and Breaking the Diag Protocol |
Antoniewicz,
Portvilet
|
The Safety Dance - Wardriving the Public Safety Band |
|
Abdo,
Bamford,
Binney,
Jaffer
|
Bigger Monster, Weaker Chains: The National Security Agency and the Constitution |
|
Chung,
Lai,
Miu,
Wong
|
DDoS Black and White "Kungfu" Revealed |
|
Hannay
|
Exchanging Demands |
|
Claudius,
Konda
|
Builders vs. Breakers |
|
| 16:00 |
Kaminsky
|
Black Ops |
Haines
|
Hacker + Airplanes = No Good Can Come Of This |
|
Anarchy Angel,
blakdayz,
Farr,
Marcus
|
Connected Chaos: Evolving the DCG/Hackspace Communication Landscape |
|
Branco,
Bratus,
Oakley
|
Overwriting the Exception Handling Cache PointerDwarf Oriented Programming |
|
Robinson,
Taylor
|
Spy vs Spy: Spying on Mobile Device Spyware |
|
Alonso,
Delgado
|
Bureaucratic Denial of Service |
|
| 17:00 |
Hoffman,
Rezchikov
|
Busting the BARR: Tracking “Untrackable” Private Aircraft for Fun & Profit |
Coleman,
Haefer,
Hofmann,
Leiderman,
Lyon,
O'Neill
|
Anonymous and the Online Fight for Justice |
|
Fried,
Vixie
|
The DCWG Debriefing - How the FBI Grabbed a Bot and Saved the Internet |
|
Anch,
Omega
|
The Darknet of Things, Building Sensor Networks That Do Your Bidding |
|
Claudius,
Heid,
Roamer,
Soto
|
Cyber Weapons, Castle Doctrine, and the Second Amendment |
| 09:00 |
Farina,
N00bz,
Raj
|
Fun with Software Defined Radios |
| 10:00 |
Blaze,
Clark
|
SIGINT and Traffic Analysis for the Rest of Us |
Levinson
|
Robots: You're Doing It Wrong 2 |
|
Maletic,
Pogue
|
OPFOR 4Ever |
|
Kohlenberg,
Shkatov
|
We Have You by the Gadgets |
|
Antitree,
JustBill
|
Jukebox Jacking |
|
| 11:00 |
McGrew
|
SCADA HMI and Microsoft Bob: Modern Authentication Flaws With a 90's Flavor |
Bryner
|
KinectasploitV2: Kinect Meets 20 Security Tools |
|
Zulla
|
Improving Web Vulnerability Scanning |
|
Kallenberg,
Kovah
|
No More Hooks: Detection of Code Integrity Attacks |
|
Weiss
|
Following the Digital Footprints |
|
| 12:00 |
Cutaway
|
Looking Into The Eye Of The Meter |
Percoco,
Schulte
|
Adventures in Bouncerland |
|
egyp7
|
Post Metasploitation: Improving Accuracy and Efficiency in Post Exploitation Using the Metasploit Framework |
|
Coppola
|
Owning the Network: Adventures in Router Rootkits |
|
Anch
|
Your Network Sucks |
|
| 13:00 |
Brown,
Ragan
|
Tenacious Diggity: Skinny Dippin' in a Sea of Bing |
DC RECOGNIZE Awards |
||
Maloney
|
Weaponizing the Windows API with Metasploit’s Railgun |
|
FX,
Greg
|
Hacking [Redacted] Routers |
|
Devious,
Phantomworks,
Skunkworks
|
PWN'D by SIGINT: Applied TEMPEST |
|
| 14:00 |
Sumner,
Wald
|
Can Twitter Really Help Expose Psychopath Killers' Traits? |
Bursztein,
Samy
|
Fuzzing Online Games |
|
Poulsen
|
Kevin Poulsen Answers Your Questions |
|
Cutlip
|
SQL Injection to MIPS Overflows: Rooting SOHO Routers |
|
Constantine
|
The Leverage of Language - Advanced Workflow Environment for Security Intelligence and Exposure Management |
|
| 15:00 |
Douba
|
Sploitego - Maltego's (Local) Partner in Crime |
Dwenger,
Etemadieh,
Heres,
Rosenberg
|
Hacking the Google TV |
|
Fasel
|
Owned in 60 Seconds: From Network Guest to Windows Domain Admin |
|
Behrens,
Toews
|
bbqSQL - Rapid Blind SQL Injection Exploitation |
|
Weidman
|
Introducing the Smartphone Pentesting Framework |
|
| 16:00 | How to Hack All the Transport Networks of a Country |
|
CIFO,
Dotaero,
Esden,
Misterj
|
The Paparazzi Platform: Flexible, Open-Source, UAS Software and Hardware |
|
Shields,
Toussain
|
Subterfuge: The Automated Man-in-the-Middle Attack Framework |
|
London,
Novak
|
SQL ReInjector - Automated Exfiltrated Data Identification |
|
Mar,
Yoder
|
Dr. Strangenerd: How I learned to collaborate and love the Maker Movement |
|
| 17:30 | Closing Ceremonies |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.