| 10:00 |
HighWiz,
Lockheed,
LosT,
Pyr0,
Roamer
|
DEF CON 101 - The Talk |
Teoh
|
Data Protection 101 - Successes, Fails, and Fixes |
|
| 11:00 |
Wirth
|
Practical Foxhunting 101 |
| 12:00 |
Malley,
Thomas
|
Paging SDR... Why should the NSA have all the fun? |
Fulmer
|
RF Penetration Testing, Your Air Stinks |
|
| 13:00 |
Bayles
|
Protecting SCADA From the Ground Up |
van Ommen
|
AWS for Hackers |
|
| 14:00 |
McGuffin
|
One Man Shop: Building an effective security program all by yourself |
PushPin
|
Anatomy of a Pentest; Poppin' Boxes like a Pro |
|
| 15:00 | In the forest of knowledge with 1o57 |
|
Petruzzi
|
Standing Up an Effective Penetration Testing Team |
|
| 16:00 |
Gareau,
Thompson
|
Oh Bother, Cruising The Internet With Your Honeys, Creating Honeynets For Tracking Criminal Organizations |
Edwards
|
Reverse Engineering Mac Malware |
|
| 17:00 |
Franken,
Laurie
|
RFIDler: SDR.RFID.FTW |
Guthrie,
Thomas,
van Ommen
|
The Making of DEFCOIN |
| 09:00 |
George
|
ContradictionC2: A Takedown-Resistant Botnet Based on Dead Drops |
| 10:00 |
LosT
|
Welcome & Making of the DEF CON Badge |
Healey
|
Saving the Internet (for the Future) |
|
Vixie
|
Domain Name Problems and Solutions |
|
Litchfield
|
Oracle Data Redaction is Broken |
|
McDonald
|
Meddle: Framework for Piggy-back Fuzzing and Tool Development |
|
Quadling
|
Custodiet - The Open Source MSSP Framework |
|
| 11:00 |
Drapeau,
Dukes
|
Steganography in Commonly Used HF Radio Protocols |
Thieme
|
The Only Way to Tell the Truth is in Fiction: The Dynamics of Life in the National Security State |
|
Maxwell,
Pinto
|
Measuring the IQ of your Threat Intelligence feeds |
|
Alejandro,
Davisson
|
Abuse of Blind Automation in Security Tools |
|
Michael
|
USB for all! |
|
| 12:00 |
Ossmann
|
NSA Playset: RF Retroreflectors |
Zimmermann
|
How To Get Phone Companies To Just Say No To Wiretapping |
|
Chua,
Holt,
Smirnova
|
Stolen Data Markets: An Economic and Organizational Assessment |
|
Young
|
From root to SPECIAL: Pwning IBM Mainframes |
|
McAtee,
Morris
|
ShareEnum: We Wrapped Samba So You Don’t Have To |
|
| 12:30 |
Campbell
|
The $env:PATH less Traveled is Full of Easy Privilege Escalation Vulns |
| 13:00 |
Cerrudo
|
Hacking US (and UK, Australia, France, etc.) traffic control systems |
Rowley
|
Detecting and Defending Against a Surveillance State |
|
Nikolaos,
Zacharis
|
PoS Attacking the Traveling Salesman |
|
Zoltán
|
Bypass firewalls, application white lists, secure remote desktops under 20 seconds |
|
Hastings,
Kazanciyan
|
Investigating PowerShell Attacks |
|
Y3t1
|
Y3t1's mobile uberpwn drop unit -- or how I learned to love the tab |
|
| 14:00 |
Hoffman,
Kinsey
|
What the Watchers See: Eavesdropping on Municipal Mesh Cameras for Giggles (or Pure Evil) |
Shapiro
|
Hacking the FBI: How & Why to Liberate Government Records |
|
Arlen,
Graham,
Hoff,
Maynor,
Mogull,
Mortman,
Pesce,
Shostack
|
DEF CON Comedy Jam Part VII, Is This The One With The Whales? |
|
Kallenberg,
Kovah
|
Extreme Privilege Escalation On Windows 8/UEFI Systems |
|
Wyde
|
Client-Side HTTP Cookie Security: Attack and Defense |
|
Soto
|
Civilianization of War - Paramilitarization of Cyberspace and Its Implications for Civilian Information Security Professionals |
|
| 15:00 |
Polstra
|
Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance |
Eijah
|
Saving Cyberspace by Reinventing File Sharing |
|
Schroeder
|
Veil-Pillage: Post-exploitation 2.0 |
|
Nemus
|
An Introduction to Back Dooring Operating Systems for Fun and Trolling |
|
O'Connor
|
You Are Not A Soldier, and This Is Not A War |
|
| 16:00 |
Wilkinson
|
Practical Aerial Hacking & Surveillance |
Green,
White
|
The Open Crypto Audit Project |
|
Callas,
Lackey,
Shevinsky
|
Ephemeral Communications: Why and How? |
|
Sapozhnikov
|
Acquire current user hashes without admin privileges |
|
Soghoian
|
Blinding The Surveillance State |
|
Micon,
Perry,
YTCracker
|
Bitcoin Barons |
|
| 17:00 |
Levison,
Watt
|
Dark Mail |
Schrodinger
|
From Raxacoricofallapatorius With Love: Case Studies In Insider Threat |
|
Dorsey
|
Why Don’t You Just Tell Me Where The ROP Isn’t Supposed To Go |
|
Clark,
Imhoff-Dousharm,
Jolly,
Martin,
Paget,
Vyrus
|
Diversity in Information Security |
|
McAfee
|
Keynote |
|
| 17:30 |
Campbell
|
The Secret Life of Krbtgt |
| 18:00 |
Valtman
|
A Journey to Protect Points-of-sale |
| 10:00 |
Corman,
Percoco
|
The Cavalry Year[0] & a Path Forward for Public Safety |
Baker,
Etemadieh,
Heres,
Nielsen
|
Hack All The Things: 20 Devices in 45 Minutes |
|
Dameff,
Hefley,
Tully
|
Hacking 911: Adventures in Disruption, Destruction, and Death |
|
Graham,
McMillan,
Tentler
|
Mass Scanning the Internet: Tips, Tricks, Results |
|
Eiram,
Kouns
|
Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter! |
|
Aumasson
|
SHA1 backdooring and exploitation |
|
| 11:00 |
Zoz
|
Don't Fuck It Up! |
Lanier,
Stanislav
|
The Internet of Fails: Where IoT Has Gone Wrong and How We're Making It Right |
|
Jauregui
|
Girl… Fault-Interrupted. |
|
Tal
|
I Hunt TR-069 Admins: Pwning ISPs Like a Boss |
|
Valtman
|
Bug Bounty Programs Evolution |
|
McNeil
|
How To Make Money Fast Using A Pwned PBX |
|
| 12:00 |
Bazhaniuk,
Bulygin,
Furtak,
Loucaides
|
Summary of Attacks Against BIOS and Secure Boot |
Fasel
|
Logging ALL THE THINGS Without All The Cost With Open Source Big Data Tools </buzzwords> |
|
Polstra
|
Cyberhijacking Airplanes: Truth or Fiction? |
|
Burrell,
Self
|
Don't DDoS Me Bro: Practical DDoS Defense |
|
Beardsley,
Denaro
|
How to Disclose an Exploit Without Getting in Trouble |
|
Algorythm
|
For a good time, call.... |
|
| 13:00 |
Kaminsky
|
Secure Random By Default |
Bathurst,
Carey,
Clarke,
Rogers
|
PropLANE: Kind of keeping the NSA from watching you pee |
|
Erven,
Merdinger
|
Just What The Doctor Ordered? |
|
Pinto
|
Secure Because Math: A Deep Dive On Machine Learning-Based Monitoring |
|
McGrew
|
Instrumenting Point-of-Sale Malware: A Case Study in Communicating Malware Analysis More Effectively |
|
| 14:00 |
Leder
|
NinjaTV - Increasing Your Smart TV’s IQ Without Bricking It |
Grugq,
Lackey,
Rogers
|
Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring. |
|
Guthrie
|
The Monkey in the Middle: A pentesters guide to playing in traffic. |
|
| 15:00 |
Perrymon,
Smith
|
Advanced Red Teaming: All Your Badges Are Belong To Us |
Miller,
Valasek
|
A Survey of Remote Automotive Attack Surfaces |
|
Larsen,
Vedaa
|
Impostor — Polluting Tor Metadata |
|
Ozavci
|
VoIP Wars: Attack of the Cisco Phones |
|
Bugher
|
Detecting Bluetooth Surveillance Systems |
|
Bug Hardy
|
Breaking MIFARE ULTRALIGHT... or how to get free rides and more |
|
| 15:30 |
Klafter,
Swanson
|
Check Your Fingerprints: Cloning the Strong Set |
| 16:00 |
Villiers,
White
|
Manna from Heaven: Improving the state of wireless rogue AP attacks |
Molina
|
Learn how to control every room at a luxury hotel remotely: the dangers of insecure home automation deployment |
|
Cardozo,
Galperin,
Jaycox,
Opsahl,
Zhu
|
Ask the EFF: The Year in Digital Civil Liberties |
|
Pickett
|
Abusing Software Defined Networks |
|
Metacortex
|
Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin |
|
Anch
|
Security with Anch: Another Talk, Another Drink. |
|
| 16:30 |
Hunt
|
Raspberry MoCA - A recipe for compromise |
| 17:00 |
McMillan
|
Attacking the Internet of Things using Time |
Bloxham
|
Getting Windows to Play with Itself: A Hacker's Guide to Windows API Abuse |
|
DEF CON the Mystery, Myth and Legend |
||
Bird
|
Security's in your DNA: Using Genomics & Big Data for Security |
|
| 18:00 |
Laurie
|
Old Skewl Hacking: Porn Free! |
Bankston,
Edgar,
Ozer
|
Surveillance on the Silver Screen- Fact or Fiction? |
| 09:00 |
Power
|
Penetrate your OWA |
| 10:00 |
Hecker
|
Burner Phone DDOS 2 dollars a day : 70 Calls a Minute |
Bransfield
|
Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog |
|
Bursztein,
Bursztein
|
I am a legend: Hacking Hearthstone with machine learning |
|
Street
|
Around the world in 80 cons - A Perspective |
|
| 11:00 |
Datko,
Reed
|
NSA Playset: DIY WAGONBED Hardware Implant over I2C |
Moore,
Wardle
|
Optical Surgery; Implanting a DropCam |
|
Bruno,
Graziano
|
Through the Looking-Glass, and What Eve Found There |
|
Schrenk
|
You're Leaking Trade Secrets |
|
Trojan banker turned DDoS - The bug that brought a Bank down |
||
| 12:00 |
Loki,
Pierce,
Polstra
|
NSA Playset: GSM Sniffing |
Menerick
|
Open Source Fairy Dust |
|
Mahjoub,
Reuille,
Toonk
|
Catching Malware En Masse: DNS and IP Style |
|
Crenshaw
|
Dropping Docs on Darknets: How People Got Caught |
|
Malvoni
|
Energy-efficient bcrypt cracking |
|
| 13:00 |
Gorenc,
Molinyawe
|
Blowing up the Celly - Building Your Own SMS/MMS Fuzzer |
Grand
|
Deconstructing the Circuit Board Sandwich: Effective Techniques for PCB Reverse Engineering |
|
Macaulay
|
Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What's Running on Your System |
|
Littlebury
|
Home Alone with localhost: Automating Home Defense |
|
Minga
|
Password Topology Histogram Wear-Leveling, aka PathWell |
|
| 13:30 |
Agix,
Such
|
Playing with Car Firmware or How to Brick your Car |
| 14:00 |
Elazari
|
Empowering Hackers to Create a Positive Impact |
Crabill,
FitzPatrick
|
NSA Playset: PCIe |
|
Moneger
|
Generating ROP payloads from numbers |
|
Sawyer,
Strazzere
|
Android Hacker Protection Level 0 |
|
Beck
|
SQL-Gestalt: A MS-SQL Rootkit Framework |
|
| 15:00 |
Ollam,
Payne
|
Elevator Hacking - From the Pit to the Penthouse |
Contests Awards Ceremony |
||
Gaivoronski,
Petrov
|
Shellcodes for ARM: Your Pills Don't Work on Me, x86 |
|
Anderson,
Kelley
|
Is This Your Pipe? Hijacking the Build Pipeline. |
|
| 16:30 | DEF CON Closing Ceremonies |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.