| 10:00 |
HighWiz,
Lockheed,
LosT,
Pyr0,
Roamer
|
DEF CON 101 |
Hofmann,
Rennie
|
Hacker Law School |
|
| 12:00 |
Lockheed,
Naifx,
Roamer
|
Hacking Management: From Operations to Command |
Anch
|
Pentesters Toolkit |
|
| 13:00 |
Beaker,
Flipper
|
The Ninjaneers: Getting started in Building Your Own Robots for World Domination. |
Bayles
|
Oil & Gas Infosec 101 |
|
| 14:00 |
LosT
|
Decrypting DEFCON: Foundations Behind Some of the Games Hackers Play |
ZeroChaos
|
Meet Pentoo, the Longest Running Pen-testing Linux Distro |
|
| 15:00 |
Gareau
|
Intro to Web Application Hacking |
DaKahuna,
Mellendick
|
Wireless Penetration Testing 101 & Wireless Contesting |
| 09:00 |
Dallas,
Ohm
|
Liberator: 3-D printing a plastic gun |
| 10:00 |
DeTrani
|
Proliferation |
LosT,
Moss
|
The DEF CON 21 Badge |
|
DePerry,
Ritter
|
I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell |
|
Miller,
Valasek
|
Adventures in Automotive Networks and Control Units |
|
Seeber
|
All Your RFz Are Belong to Me - Hacking the Wireless World with Software Defined Radio |
|
Antitree
|
Bringing Intelligence back to the hacker community |
|
| 11:00 |
Keenan
|
Torturing Open Government Systems for Fun, Profit and Time Travel |
Weatherford
|
The Growing Irrelevance of US Government Cybersecurity Intelligence Information |
|
Butler,
Koscher
|
The Secret Life of SIM Cards |
|
Zoz
|
Hacking Driverless Vehicles |
|
Linn
|
Swiping Cards At The Source: POS & Cash Machine Security |
|
| 12:00 |
Soghoian
|
Backdoors, Government Hacking and The Next Crypto Wars |
Hitchcock,
Kennedy
|
The Dirty South – Getting Justified with Technology |
|
Smith,
Strazzere
|
DragonLady: An Investigation of SMS Fraud Operations in Russia |
|
Flipper
|
10000 Yen into the Sea |
|
Lovinger,
Scott
|
Making Of The DEF CON Documentary |
|
Matwyshyn
|
Hacked Up |
|
| 13:00 |
Perklin
|
ACL Steganography - Permissions to Hide Your Porn |
Werner
|
Prowling Peer-to-Peer Botnets After Dark |
|
Caudill
|
Offensive Forensics: CSI for the Bad Guy |
|
Alecu
|
Business logic flaws in mobile operators services |
|
Anch
|
The art of the Rig - Building a pen-test rig that isn't worthless |
|
| 13:30 |
Duszynski
|
Pwn'ing You(r) Cyber Offenders |
| 14:00 |
Griffin
|
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust |
Bowne,
Prince
|
Evil DoS Attacks and Strong Defenses |
|
Bandelgar,
Behrens
|
MITM All The IPv6 Things |
|
Burbidge,
Li,
Ocko,
Paul
|
Meet the VCs |
|
Auerbach,
Galperin,
Hofmann,
Jaycox,
Opsahl,
Stoltz
|
Ask the EFF: The Year in Digital Civil Liberties |
|
Dunning
|
The Glitch: Bringing Hacking Hardware to the Masses |
|
| 14:30 |
Gevorgyan,
Toukharian
|
HTTP Time Bandit |
| 15:00 |
Baker,
Etemadieh,
Heres,
Nielsen
|
Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot |
Lee,
Miu
|
Kill 'em All — DDoS Protection Total Annihilation! |
|
Lee
|
How to use CSP to stop XSS |
|
Abdo,
Crockford,
Crump,
Ozer,
Soghoian
|
The ACLU Presents: NSA Surveillance and More |
|
Carter
|
Hacking Interfaces with your Mind |
|
| 15:30 |
Hendricks
|
So You Think Your Domain Controller is Secure? |
| 16:00 |
Selifonov
|
A Password is Not Enough: Why disk encryption is broken and how we might fix it |
Ozavci
|
VoIP Wars: Return of the SIP |
|
Milam
|
Getting The Goods With smbexec |
|
Thieme
|
The Government and UFOs: A Historical Analysis by Richard Thieme |
|
Franken,
Laurie
|
Decapping Chips the Easy^W Hard Way |
|
Saher
|
Project CANCER: Bringing VX Back |
|
| 16:30 |
Ming
|
Abusing NoSQL Databases |
| 17:00 |
Zatko
|
Unexpected Stories From a Hacker Who Made it Inside the Government |
Schultz
|
Examining the Bitsquatting Attack Surface |
|
Schrenk
|
How my Botnet Purchased Millions of Dollars in Cars and Defeated the Russian Hackers |
|
Heid,
Roamer,
Soto,
Tuna
|
Digital Warfare, InfoSec Research, and The 2nd Amendment |
|
| 17:30 |
Oberli
|
Please Insert^W Inject More Coins |
| 09:00 |
McDevitt,
Shah,
Shaw
|
Discovering Dark Matter: Towards better Android Malware Heuristics -- Skytalk edition |
| 10:00 |
Elder
|
From Nukes to Cyber – Alternative Approaches for Proactive Defense and Mission Assurance |
Illera,
Vidal
|
Dude, WTF in my car? |
|
Davidoff,
Fretheim,
Harrison,
Price
|
Do-It-Yourself Cellular IDS |
|
Sumner,
Wald
|
Predicting Susceptibility to Social Bots on Twitter |
|
Bluzmanis,
Tobias
|
Insecurity - A Failure of Imagination |
|
Bourget,
Potter
|
Cycling and Hacking to Defcon |
|
| 11:00 |
Fulton,
Zolnikov
|
The Politics of Privacy and Technology: Fighting an Uphill Battle |
pukingmonkey
|
The Road Less Surreptitiously Traveled |
|
Alonso
|
Fear the Evil FOCA: IPv6 attacks in Internet connections |
|
dlaw,
gdkar,
robj
|
Key Decoding and Duplication Attacks for the Schlage Primus High-Security Lock |
|
Regan,
Thomas
|
All Your Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches |
|
| 12:00 |
Wiley
|
Defeating Internet Censorship with Dust, the Polymorphic Protocol Engine |
Bryan,
Crowley,
Savage
|
Home Invasion 2.0 - Attacking Network-Controlled Consumer Devices |
|
Thomas
|
BoutiqueKit: Playing WarGames with expensive rootkits and malware |
|
Clark
|
Legal Aspects of Full Spectrum Computer Network (Active) Defense |
|
Arlen,
Graham,
Hoff,
Maynor,
Mogull,
Mortman
|
DEF CON Comedy Jam Part VI, Return of the Fail |
|
N00bz,
Raj
|
#FreeCrypt0s: Using SDR to prevent him from getting rooted! |
|
| 13:00 |
Dudley
|
Privacy In DSRC Connected Vehicles |
Brown
|
RFID Hacking: Live Free or RFID Hard |
|
Young
|
Android WebLogin: Google's Skeleton Key |
|
Polstra
|
We are Legion: Pentesting with an Army of Low-power Low-cost Devices |
|
Roberts
|
Hacking the Brew |
|
| 13:30 |
Sanchez
|
Building an Android IDS on Network Level |
| 14:00 |
Hill
|
Phantom Network Surveillance UAV / Drone |
O'Connor
|
Stalking a City for Fun and Frivolity |
|
Oliva
|
Defeating SEAndroid |
|
McGrew
|
Pwn The Pwn Plug: Analyzing and Counter-Attacking Attacker-Implanted Devices |
|
FirmWarez,
Grand,
LosT,
RenderMan,
Smith
|
Hardware Hacking with Microcontrollers: A Panel Discussion |
|
Panel
|
Oldtimers v. N00bz 2.0 |
|
| 14:30 |
Bathurst,
Carey
|
Doing Bad Things to 'Good' Security Appliances |
| 15:00 |
Sandvik
|
Safety of the Tor network: a look at network diversity, relay operators, and malicious relays |
Scott
|
Hacking Wireless Networks of the Future: Security in Cognitive Radio Networks |
|
DC Awards |
||
Stamos
|
An Open Letter - The White Hat's Dilemma: Professional Ethics in the Age of Swartz, PRISM and Stuxnet |
|
Bird
|
Occam's Katana: defeating big data analytics |
|
| 15:30 |
Staggs
|
How to Hack Your Mini Cooper: Reverse Engineering Controller Area Network (CAN) Messages on Passenger Automobiles |
| 16:00 |
Ritter
|
De-Anonymizing Alt.Anonymous.Messages |
Hoover,
Snodgrass
|
BYO-Disaster and Why Corporate Wireless Security Still Sucks |
|
Engler,
Vines
|
Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO) |
|
Mittal
|
PowerPreter: Post Exploitation Like a Boss |
|
Baldet
|
Suicide Risk Assessment and Intervention Tactics |
|
| 16:30 |
Bowne
|
Data Evaporation from SSDs |
| 17:00 |
Elliott
|
Noise Floor: Exploring the world of unintentional radio emissions |
Lanier,
Manning
|
GoPro or GTFO: A Tale of Reversing an Embedded System |
|
Stucke
|
DNS May Be Hazardous to Your Health |
|
bughardy,
Eagle1753
|
OTP, It won't save you from free rides! |
|
Ball,
Heid,
Snyder,
Tolle,
YTcracker
|
Bitcoin, Litecoin, and Alternative Cryptocurrencies - Pros, Cons, and Threats |
|
| 17:30 |
Grand
|
JTAGulator: Assisted Discovery Of On-Chip Debug Interfaces |
| 18:00 |
Denaro
|
How to Disclose or Sell an Exploit Without Getting in Trouble |
| 20:00 |
Wexler
|
Reality Hackers |
The Policy Wonk Lounge |
| 10:00 |
Corman,
Percoco
|
The Cavalry Isn't Coming: Starting the Revolution to Fsck it All! |
Filson,
Fuller
|
gitDigger: Creating useful wordlists from public GitHub repositories |
|
Payer
|
Exploiting Music Streaming with JavaScript |
|
Riley
|
Defense by numbers: Making problems for script kiddies and scanner monkeys |
|
| 10:30 |
Bonnewell
|
Made Open: Hacking Capitalism |
| 11:00 |
Schiffman,
SkyDog
|
The Dark Arts of OSINT |
Gorenc,
Spelman
|
Java Every-Days: Exploiting Software Running on 3 Billion Devices |
|
Cruz,
Kang
|
Resting on Your Laurels will get you Pwned: Effectively Code Reviewing REST Applications to avoid getting powned |
|
Acr0nym,
Hybinette
|
LAZZORS! PEW! PEW! |
|
| 11:30 |
Caceres,
Rogers
|
The dawn of Web 3.0: website mapping and vulnerability scanning in 3D, just like you saw in the movies |
| 12:00 |
Sikka
|
EMET 4.0 PKI Mitigation |
Baumgarten
|
Combatting Mac OSX/iOS Malware with Data Visualization |
|
Malone
|
HiveMind: Distributed File Storage Using JavaScript Botnets |
|
London,
O'Meara
|
This presentation will self-destruct in 45 minutes: A forensic deep dive into self-destructing message apps |
|
Dudley
|
Strange interactions in personal data: Brokers and the CFAA |
|
| 12:30 |
Marschalek
|
A Thorny Piece Of Malware (And Me): The Nastiness of SEH, VFTables & Multi-Threading |
| 13:00 |
Costello,
Cui
|
Stepping P3wns: Adventures in full spectrum embedded exploitation (and defense!) |
Blacher
|
Transcending Cloud Limitations by Obtaining Inner Piece |
|
Pinto
|
Defending Networks with Incomplete Information: A Machine Learning Approach |
|
Ortiz
|
Fast Forensics Using Simple Statistics and Cool Tools |
|
0nlychick
|
The Continued Rise of Idiocracy: CCSS, PBI and other education acronyms that nobody understands |
|
| 13:30 |
Chechik,
Davidi
|
Utilizing Popular Websites for Malicious Purposes Using RDI |
| 14:00 |
Thabet
|
EDS: Exploitation Detection System |
Burroughs
|
Open Public Sensors, Trend Monitoring and Data Fusion |
|
Cohen
|
Blucat: Netcat For Bluetooth |
|
Perklin,
Robi
|
Forensic Fails - Shift + Delete won't help you here |
|
Costello
|
Network Survival WCS |
|
| 14:30 |
Kottmann,
Steele
|
Collaborative Penetration Testing With Lair |
| 15:00 |
Caceres
|
Conducting massive attacks with open source distributed computing |
Bialek
|
PowerPwning: Post-Exploiting By Overpowering PowerShell |
|
Yavor
|
BYOD PEAP Show |
|
Pickett
|
Let's screw with nmap |
|
Krabec
|
Owning Management with Standards |
|
| 15:30 |
soen
|
Evolving Exploits Through Genetic Algorithms |
| 16:00 |
Davis
|
Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions |
Holeman
|
The Bluetooth Device Database |
|
Thompson
|
C.R.E.A.M. Cache Rules Evidently Ambiguous, Misunderstood |
|
Public
|
Challenges being a criminal defense digital forensics expert |
|
| 17:00 | Closing Ceremonies |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.