| 10:00 |
DaKahuna,
satanklawz
|
Introduction to SDR and the Wireless Village |
Anderson,
Reed
|
Hardware and Trust Security: Explain it like I’m 5 |
|
| 11:00 |
IrishMASMS,
Tottenkoph
|
Hackers Hiring Hackers - How to Do Things Better |
White
|
Hacking Web Apps |
|
| 12:00 |
Kronenberg,
Petruzzi,
Plug,
PushPin,
Rogers
|
DEF CON 101: The Panel. |
Fasel
|
Seeing through the Fog |
|
| 13:00 |
Huerta
|
Alice and Bob are Really Confused |
| 14:00 |
Small
|
Beyond the Scan: The Value Proposition of Vulnerability Assessment |
Polstra
|
Hacker in the Wires |
|
| 15:00 |
LosT
|
Responsible Incident: Covert Keys Against Subverted Technology Latencies, Especially Yubikey |
Laygui
|
Forensic Artifacts From a Pass the Hash Attack |
|
| 16:00 |
Brierton,
Desfigies,
Islam
|
Guests N’ Goblins: Exposing Wi-Fi Exfiltration Risks and Mitigation techniques |
McNeil,
Owen
|
Sorry, Wrong Number: Mysteries Of The Phone System - Past and Present |
|
| 17:00 |
Federico,
Shoshitaishvili
|
Dark side of the ELF - leveraging dynamic loading to pwn noobs |
Menerick
|
Backdooring Git |
|
| 18:00 |
Collao,
Erven
|
Medical Devices: Pwnage and Honeypots |
Engler
|
Secure Messaging for Normal People |
| 00:00 |
Forrest
|
Workshop: How Do I TAILS? A Beginner's Guide to Anonymous Computing |
Shultz
|
Pwning IoT with Hardware Attacks |
|
Yang
|
Advanced SOHO Router Exploitation |
|
Compton,
Gershman
|
Phishing: Recon to Creds with the SpeedPhishing Framework |
|
grecs
|
Creating REAL Threat Intelligence With Evernote |
|
Schwartzberg
|
Hacking the Next Generation |
|
Ramachandran
|
802.11 Monitoring with PCAP2XML/SQLite |
|
Simmons
|
The Digital Cockroach Bait Station: How to Build Spam Honeypots |
|
Kennedy
|
Understanding End-User Attacks – Real World Examples |
|
Crowder
|
Fishing To Phishing: It's All About Slimy Creatures |
|
Talmat
|
Hacking Satellite TV Receivers |
|
Lodge,
Munro
|
Hacking You Fat: The FitBit Aria |
|
Street
|
Breaking in Bad! (I’m the one who doesn’t knock) |
|
Newberry
|
Twitter, ISIL, and Tech |
|
Hadnagy
|
A Peek Behind the Blue Mask: The Evolution of the SECTF |
|
Hernández
|
Brain Waves Surfing - (In)security in EEG (Electroencephalography) Technologies |
|
Caudill,
Hornby
|
Underhanded Crypto Contest Wrapup |
|
Fox,
Thorsheim
|
Protecting global email - status & the road ahead |
|
Brown,
Levison,
Nixon
|
Making Email Dark |
|
Phillips
|
CrypTag: Building Encrypted, Taggable, Searchable Zero-knowledge Systems |
|
Stealth
|
The Death of Privacy |
|
Marina
|
Hacking Quantum Cryptography |
|
Dahl,
Jones
|
What is Bitcoin Tumbling and why do it? |
|
Gandall,
Sosa
|
Biohacking at home: Pragmatic DNA design, assembly, and transformation |
|
Martin
|
From XSS to Root on Your NAS |
|
Carlson,
Doherty
|
Breaking CBC, or Randomness Never Was Happiness |
|
Titonis
|
How Machine Learning Finds Malware Needles in an AppStore Haystack |
|
Bhargavan
|
Skip, Freak, and Logjam: Moving past a legacy of weakness in TLS |
|
Simpson
|
MITM 101: Easy Traffic Interception Techniques Using Scapy |
|
Asghari
|
Where are the privacy-preserving services for the masses? |
|
Sidorov
|
Should we trust crypto frameworks? A story about CVE-2015-2141 |
|
@CyberiseMe
|
Cloning Access Cards to Implants |
|
Mittal
|
Powershell for Penetraton Testers |
|
JoshInGeneral
|
Meeting People Over WiFi |
|
Catatonic
|
Tospo Virus: Weaponizing WiFi Pineapple Vulnerabilities |
|
Kinne,
Kitchen
|
Rollin’ Down the Street Sniffin’ WiFi, Sippin’ on Pineapple Juice |
|
O’Shea
|
GNU Radio Tools for Radio Wrangling and Spectrum Domination |
|
Ramachandran
|
Automatic Live WPA/WPA2 Attacks and WPA_Supplicant |
|
Beard,
Wohlwinder
|
I See You |
|
Koscher
|
DSP for SDR |
|
Ward
|
The Packets Made Me Do It: Getting Started with Distributed Full Packet Capture Using OpenFPC |
|
Bowne
|
Is Your Android App Secure? |
|
Sup3r S3cr3t! |
||
Calabro
|
Software Defined Radio Performance Trades and Tweaks |
|
Cyb3r-Assassin
|
Wireless Pentesting: So Easy a Cave Man Can Do It |
|
Ryan,
Spill
|
Seeing Blue: Tools, Tricks, and Techniques for Messin’ With Bluetooth |
|
| 10:00 |
Sistrunk
|
NSM 101 for ICS |
Szakaly
|
Shall We Play a Game? |
|
Mayorkas
|
Working together to keep the Internet safe and secure |
|
LoST,
Moss
|
Welcome to DEF CON |
|
Crowley,
Smith
|
Bugged Files: Is Your Document Telling on You? |
|
Chow
|
Tools and Techniques Used at the Wall of Sheep |
|
Bratus,
Goodspeed
|
PSK31 Modulation Polyglots |
|
indolering
|
DNS and the Future of Authenticity |
|
Powell
|
Parallels in BioSec and InfoSec |
|
Stanislav
|
The Hand that Rocks the Cradle: Hacking IoT Baby Monitors |
|
| 10:25 |
Goetzman
|
Social Implications of DNA Acquisition & Storage |
| 10:30 |
Hatti
|
Getting into the Trust Store We Trust |
| 11:00 |
Eijah
|
Crypto for Hackers |
Drake
|
Stagefright: Scary Code in the Heart of Android |
|
Aitel,
Blaze,
Cardozo,
Denaro,
Tam
|
Licensed to Pwn: The Weaponization and Regulation of Security Research |
|
Doctorow
|
Fighting Back in the War on General Purpose Computers |
|
Hecker
|
Goodbye Memory Scraping Malware: Hold Out Till "Chip And Pin” |
|
Raggo
|
Mobile Data Loss - Threats & Countermeasures |
|
D’Otreppe,
Ramachandran
|
WPA Enterprise Hacking |
|
Rogers,
Rogers
|
Using Privacy and Crypto Tools |
|
Weis
|
Modern Crypto: 15 Years of Advancement in Cryptography |
|
| 11:30 |
Kobeissi
|
Peerio: Productivity with end-to-end encryption |
| 12:00 |
Schneier
|
Bruce Schneier Q&A |
Allen,
Bower
|
Malware in the Gaming Micro-economy |
|
Dorrough
|
USB Attack to Decrypt Wi-Fi Communications |
|
Westin
|
Confessions of a Professional Cyber Stalker |
|
Koscher
|
Sniffing SCADA |
|
Arcieri,
Culbertson,
Kayyali,
Lacoste,
Merrill,
Teoh
|
Keynote: Crypto & Privacy Village |
|
| 12:30 |
Caudill,
Hornby
|
Keynote: Underhanded Crypto Contest |
| 13:00 |
Schrenk
|
Applied Intelligence: Using Information That's Not There |
Gooler,
Shipley
|
Insteon' False Security And Deceptive Documentation |
|
Kamkar
|
Drive It Like You Hacked It: New Attacks and Tools to Wirelessly Steal Cars |
|
Metcalf
|
Red vs. Blue: Modern Active Directory Attacks & Defense |
|
O'Flynn
|
Don't Whisper my Chips: Sidechannel and Glitching for Fun and Profit |
|
Vixie
|
dnstap - A Standard Interface to Real Time DNS Transaction Flows |
|
Seeber
|
SIGINT and Blind Signal Analysis with GNU Radio + Advanced SDR |
|
Kloc
|
Life of PII: A Day in the Life of Your Personally Identifiable Information |
|
| 14:00 |
Nemus
|
Hacking SQL Injection for Remote Code Execution on a LAMP stack |
Shan,
Zheng
|
Build a free cellular traffic capture tool with a vxworks based femoto |
|
Mahaffey,
Rogers
|
How to Hack a Tesla Model S |
|
Latter
|
Remote Access, the APT |
|
Castellucci
|
Cracking Cryptocurrency Brainwallets |
|
Pidawekar
|
Hacker's Practice Ground |
|
Caudill
|
Opening Backdoors: The Importance of Backdoor Research |
|
Special Presentation |
||
| 14:30 |
Koscher
|
How to Engineer a Cryptographic 'Front Door' |
| 15:00 |
Ramachandran
|
Chellam – a Wi-Fi IDS/Firewall for Windows |
AmmonRa
|
How to hack your way out of home detention |
|
Huang,
Yang
|
Low-cost GPS simulator – GPS spoofing by SDR |
|
Davisson
|
REvisiting RE:DoS |
|
Aumasson
|
Quantum Computers vs. Computers Security |
|
Brink
|
Global Honeypot Trends |
|
Dunning
|
The Wireless World of the Internet of Things |
|
Budindgton
|
Let's Talk about Let's Encrypt |
|
Sullivan
|
CFSSL: the evolution of a PKI toolkit |
|
Aganovic,
Dameff,
Hefley,
Tully,
Whitlock
|
Physiology from the Perspective of Control: A Bio-hacker's Guide |
|
| 15:30 |
Wildani
|
Examining the Robustness of the Brain Against a Malicious Adversary |
| 16:00 |
Kline
|
LTE Recon and Tracking with RTLSDR |
Graham,
Maynor
|
HamSammich – long distance proxying over radio |
|
Kelley
|
Harness: Powershell Weaponization Made Easy (or at least easier) |
|
An
|
When the Secretary of State says: “Please Stop Hacking Us…” |
|
Løge
|
Tell me who you are and I will tell you your lock pattern |
|
Hosmer,
Raggo
|
Remaining Covert in an Overt World |
|
Beddome
|
Yellow Means Proceed with Caution - Applied De-escalation for Social Engineering |
|
Warrior
|
Covert Wireless: Practical Hacker LPI-LPD |
|
Helsby
|
Machine Learning and Manipulation |
|
Strobi,
Zillner
|
Security of Wireless Home Automation Systems - A World Beside TCP/IP |
|
| 16:30 |
Namazifar
|
Detecting Randomly Generated Strings; A Language Based Approach |
Amicelli,
David
|
How to secure the keyboard chain |
|
Rock
|
I Will Kill You |
|
miaubiz
|
Put on your tinfo_t hat if you're my type |
|
Mitchell
|
Separating Bots from the Humans |
|
Engler
|
Beginner Crypto for Application Developers |
|
Martinez
|
IMSI Catcher Counter-Surveillance |
|
| 17:00 |
Sconzo
|
I Am Packer And So Can You |
Auger,
Sandvik
|
When IoT attacks: hacking a Linux-powered rifle |
|
atlas
|
Fun with Symboliks |
|
Popescu
|
NetRipper - Smart traffic sniffing for penetration testers |
|
Kulach
|
Hack the Legacy! IBM i (aka AS/400) Revealed. |
|
Taylor
|
Violating Web Services |
|
Fincher
|
"I Didn’t Think it was Loaded" and Other Mental Derps |
|
Fernick
|
Breaking RSA - new cryptography for a post-quantum world |
|
| 18:00 |
Krotofil,
Larsen
|
Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion |
Young
|
How to Train Your RFID Hacking Tools |
|
Selifonov
|
Drinking from LETHE: New methods of exploiting and mitigating memory corruption vulnerabilities |
|
Frichot
|
Hooked Browser Meshed-Networks with WebRTC and BeEF |
|
Selvi
|
Breaking SSL Using Time Synchronisation Attacks |
|
Harris
|
Understanding Social Engineering Attacks with Natural Language Processing |
|
| 19:00 |
Polstra
|
One Device to Pwn Them All |
Ridpath
|
I Am Not What I Am: Shakespeare and Social Engineering |
|
| 20:00 |
Guan
|
Classify Targets to Make Social Engineering Easier to Achieve |
| 10:00 |
Potter
|
A Hacker’s Guide to Risk |
Michael,
Mickey Shkatov
|
Scared Poopless – LTE and *your* laptop |
|
Hudson,
Kallenberg,
Kovah
|
ThunderStrike 2: Sith Strike |
|
Anderson,
Cross
|
Do Export Controls on “Intrusion Software” Threaten Vulnerability Research? |
|
Sood
|
Dissecting the Design of SCADA Web Human Machine Interfaces (HMIs) - Hunting Vulnerabilities |
|
| 11:00 |
Zoz
|
And That's How I Lost My Other Eye: Further Explorations In Data Destruction |
Balmas,
Oppenheim
|
Key-Logger, Video, Mouse — How To Turn Your KVM Into a Raging Key-logging Monster |
|
Walker,
Wiens
|
Machine vs. Machine: Inside DARPA’s Fully Automated CTF |
|
Wardle
|
'DLL Hijacking' on OS X? #@%& Yeah! |
|
Dalvi,
Trummer
|
QARK: Android App Exploit and SCA Tool |
|
| 12:00 |
Maldonado
|
Are We Really Safe? - Bypassing Access Control Systems |
Petro,
Salazar
|
Hacking Smart Safes: On the "Brink" of a Robbery |
|
Guarnieri,
Marquis-Boire,
Marschalek
|
F*ck the attribution, show us your .idb! |
|
McGrew
|
I Hunt Penetration Testers: More Weaknesses in Tools and Procedures |
|
Ramachandran
|
Chigula — a framework for Wi-Fi Intrusion Detection and Forensics |
|
| 13:00 |
Bugher
|
It's The Only Way To Be Sure: Obtaining and Detecting Domain Persistence |
Moore
|
Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex Data Service |
|
Shoshitaishvili,
Wang
|
Angry Hacking - the next generation of binary analysis |
|
Ballenthin,
Graeber,
Teodorescu
|
WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis |
|
Ferber,
Valtman
|
From 0 To Secure In 1 Minute — Securing IAAS |
|
| 14:00 |
Arnaboldi
|
Abusing XSLT for Practical Attacks |
Beccaro,
Collura
|
Extracting the Painful (blue)tooth |
|
Miller,
Valasek
|
Remote Exploitation of an Unaltered Passenger Vehicle |
|
Douba
|
BurpKit - Using WebKit to Own the Web |
|
| 15:00 |
El-Sherei,
Stalmans
|
Extending Fuzzing Grammars to Exploit Unexplored Code Paths in Modern Web Browsers |
Albert,
Banks
|
Looping Surveillance Cameras through Live Editing of Network Streams |
|
Healey,
Ryan
|
Hacking Electric Skateboards: Vehicle Research For Mortals |
|
Smith
|
High-Def Fuzzing: Exploring Vulnerabilities in HDMI-CEC |
|
Eckersley,
Kasten,
Zhu
|
Let's Encrypt - Minting Free Certificates to Encrypt the Entire Web |
|
| 16:00 |
Haddix
|
How to Shot Web: Web and mobile hacking in 2015 |
Cassidy,
Lee,
Leverett
|
Switches Get Stitches |
|
Kaminsky
|
I want these * bugs off my * Internet |
|
Young
|
Investigating the Practicality and Cost of Abusing Memory Errors with DNS |
|
FitzPatrick,
King
|
NSA Playset: JTAG Implants |
|
| 17:00 |
Talabis
|
The Bieber Project: Ad Tech 101, Fake Fans and Adventures in Buying Internet Traffic |
Bull,
Matthews
|
Exploring Layer 2 Network Security in Virtualized Environments |
|
Rikansrud,
Young
|
Security Necromancy: Further Adventures in Mainframe Hacking |
|
Blanco,
Gazzoli
|
802.11 Massive Monitoring |
|
Thieme
|
Hacking the Human Body/brain: Identity Shift, the Shape of a New Self, and Humanity 2.0 |
|
| 18:00 |
Ashbel,
Siman
|
Game of Hacks: Play, Hack & Track |
Pickett
|
Staying Persistent in Software Defined Networks |
|
Cardozo,
Eckersley,
Jaycox,
Kayyali,
McSherry,
Opsahl
|
Ask the EFF: The Year in Digital Civil Liberties |
|
Berlin,
Blow,
Crain,
Moussouris,
Pesce,
Sistrunk,
Tentler
|
DEF CON Comedy Inception: How many levels deep can we go? |
|
3AlarmLampscooter
|
DIY Nukeproofing: a new dig at "data-mining" |
|
| 19:00 |
Grattafiori
|
Linux Containers: Future or Fantasy? |
Jun,
Qing
|
I’m A Newbie Yet I Can Hack ZigBee – Take Unauthorized Control Over ZigBee Devices |
| 10:00 |
Pierce
|
Abusing native Shims for Post Exploitation |
Gorenc,
Hariri,
Spelman
|
Abusing Adobe Reader’s JavaScript APIs |
|
Mortman
|
Docker, Docker, Give Me The News, I Got A Bad Case Of Securing You |
|
McSweeny,
Soltani
|
How to Hack Government: Technologists as Policy Makers |
|
| 11:00 |
Edwards
|
Ubiquity Forensics - Your iCloud and You |
Cagle,
Cheng
|
Who Will Rule the Sky? The Coming Drone Policy Wars |
|
Bathurst,
Thomas
|
Canary: Keeping Your Dick Pics Safe(r) |
|
Domas
|
REpsych: Psychological Warfare in Reverse Engineering |
|
| 12:00 |
Timzen
|
Hijacking Arbitrary .NET Application Control Flow |
Robinson
|
Knocking my neighbor’s kid’s cruddy drone offline |
|
Kennedy,
Walton
|
Pivoting Without Rights – Introducing Pivoter |
|
Wardle
|
Stick That In Your (root)Pipe & Smoke It |
|
| 13:00 |
Brown,
Shah
|
RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID |
Bazhaniuk,
Bulygin,
Furtak,
Gorobets,
Matrosov
|
Attacking Hypervisors Using Firmware and Hardware |
|
Coskun
|
Why nation-state malwares target Telco Networks: Dissecting technical capabilities of Regin and its counterparts |
|
Seymour
|
"Quantum" Classification of Malware |
|
| 14:00 | Contest Closing Ceremonies |
|
Martineau
|
Inter-VM data exfiltration: The art of cache timing covert channel on x86 multi-core |
|
Lawshae
|
Let's Talk About SOAP, Baby. Let's Talk About UPNP |
|
O'Neill
|
Advances in Linux Process Forensics Using ECFS |
|
| 16:30 | Closing Ceremonies |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.