| 00:00 |
Schrenk
|
Social Engineering The News |
MacPherson
|
Uncovering useful and embarrassing info with Maltego |
|
| 10:00 |
Young
|
There's no place like 127.0.0.1 - Achieving reliable DNS rebinding in modern browsers |
Medina
|
Where are the SDN Security Talks? |
|
| 11:00 |
DeSantis
|
From Box to Backdoor: Using Old School Tools and Techniques to Discover Backdoors in Modern Devices |
Hecker
|
Opt Out or Deauth Trying !- Anti-Tracking Bots Radios and Keystroke Injection |
|
| 12:00 |
Suiche
|
Porosity: A Decompiler For Blockchain-Based Smart Contracts Bytecode |
Bazaliy
|
Jailbreaking Apple Watch |
|
| 13:00 |
Joyce
|
Amateur Digital Archeology |
Rozner
|
Wiping out CSRF |
|
| 13:30 | Village Setup (Volunteers and Organizers Only) |
|
| 14:00 |
Metcalf,
Steere
|
Hacking the Cloud |
Wixey
|
See no evil, hear no evil: Hacking invisibly and silently with light and sound |
|
| 15:00 |
Forgety
|
Inside the "Meet Desai" Attack: Defending Distributed Targets from Distributed Attacks |
Maldonado
|
Real-time RFID Cloning in the Field |
|
| 15:20 |
Mendoza
|
Exploiting 0ld Mag-stripe information with New technology |
| 15:30 | Volunteer Huddle |
|
| 16:00 |
HighWiz,
Niki7a,
Roamer,
Shaggy,
Unicorn,
Wiseacre
|
DEF CON 101 Panel |
Caezar,
Eagle,
Invisigoth,
John,
Myles,
Vulc@n
|
The Last CTF Talk You'll Ever Need: AMA with 20 years of DEF CON Capture-the-Flag organizers |
| 10:00 |
Zheng
|
macOS/iOS Kernel Debugging and Heap Feng Shui |
Tangent
|
Welcome to DEF CON 25 |
|
Kasparov
|
The Brain's Last Stand |
|
Engel
|
Secret Tools: Learning about Government Surveillance Software You Can't Ever See |
|
Welcome - Friday |
||
| 10:20 |
Wardle
|
Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server |
Sosonkin
|
Hacking travel routers like it's 1999 |
|
Bailey,
Matwyshyn,
McSweeny,
Schwartz,
Wiswell
|
Panel: Meet The Feds |
|
| 10:30 |
Cheung
|
Hacking on Multiparty Computation |
| 11:00 |
Sumner
|
Rage Against the Weaponized AI Propaganda Machine |
Cauquil
|
Weaponizing the BBC Micro:Bit |
|
Karagiannis
|
Hacking Smart Contracts |
|
Wong
|
SHA-3 vs the world |
|
| 11:30 |
Wheeler
|
WS: Mansion Apartment Shack House: How To Explain Crypto To Practic |
| 12:00 |
Zatko
|
CITL and the Digital Standard - A Year Later |
Seidle
|
Open Source Safe Cracking Robots - Combinations Under 1 Hour! (Is it bait? Damn straight it is.) |
|
Tsai
|
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! |
|
Kanuck
|
Hacking Democracy: A Socratic Dialogue |
|
Huerta
|
Alice and Bob are Slightly Less Confused |
|
WS: Breaking the Uber Badge Ciphers |
||
| 13:00 |
Madrigal
|
Controlling IoT devices with crafted radio signals |
Pitts
|
Teaching Old Shellcode New Tricks |
|
Behrens,
Heffner
|
Starting the Avalanche: Application DoS In Microservice Architectures |
|
Dingledine
|
Next-Generation Tor Onion Services |
|
Forgety
|
Protecting Users' Privacy in a Location-Critical Enterprise: The Ch |
|
Crowley
|
WS: FeatherDuster and Cryptanalib workshop |
|
| 14:00 |
Robinson
|
Using GPS Spoofing to control time |
Wardle
|
Death By 1000 Installers; on macOS, it's all broken! |
|
Domas
|
Breaking the x86 Instruction Set |
|
Bursztein
|
How we created the first SHA-1 collision and what it means for hash security |
|
Brandt
|
Breaking TLS: A Year in Incremental Privacy Improvements |
|
| 15:00 |
XlogicX
|
Assembly Language is Too High Level |
Owen
|
Phone system testing and other fun tricks |
|
Dewes,
Eckert
|
Dark Data |
|
Böck
|
Abusing Certificate Transparency Logs |
|
Mook,
Wallenstrom
|
A New Political Era: Time to start wearing tin-foil hats following |
|
Dain,
Ermishkin
|
WS: NoiseSocket: Extending Noise to Make Every TCP Connection Secur |
|
| 16:00 |
Knight,
Newlin
|
Radio Exploitation 101: Characterizing, Contextualizing, and Applying Wireless Attack Methods |
Klein,
Kotler
|
The Adventures of AV and the Leaky Sandbox |
|
Robbins,
Schroeder
|
An ACE Up the Sleeve: Designing Active Directory DACL Backdoors |
|
McSweeny,
Merrill
|
"Tick, Tick, Tick. Boom! You're Dead." — Tech & the FTC |
|
Susanka
|
Security Analysis of the Telegram IM |
|
Underhanded Crypto Announcement |
||
| 16:30 | Cryptanalysis in the Time of Ransomware |
|
| 17:00 |
Kondratenko
|
Cisco Catalyst Exploitation |
Grifter,
Li,
Malfunction,
Moss,
S0ups,
Street,
Waz,
White
|
Panel: DEF CON Groups |
|
Cramb,
Schwartz
|
MEATPISTOL, A Modular Malware Implant Framework |
|
Hill,
Quintin
|
The Internet Already Knows I'm Pregnant |
|
Connolly
|
WS: Supersingular Isogeny Diffie-Hellman |
|
| 17:30 |
panel]
|
Unfairplay (NOT RECORDED) |
| 20:00 |
Kanuck
|
Hacking Democracy |
Kentaro
|
Horror stories of a translator and how a tweet can start a war with less than 140 characters |
|
Buttar,
Cardozo,
Galperin,
Opsahl,
Walsh
|
Panel - An Evening with the EFF |
| 10:00 |
Knowles
|
Persisting with Microsoft Office: Abusing Extensibility Options |
Doctorow
|
$BIGNUM steps forward, $TRUMPNUM steps back: how can we tell if we're winning? |
|
Holmes
|
Get-$pwnd: Attacking Battle-Hardened Windows Server |
|
Lei,
Yunhai
|
The spear to break the security wall of S7CommPlus |
|
Welcome - Saturday |
||
| 10:20 |
Staggs
|
Breaking Wind: Adventures in Hacking Wind Farm Control Networks |
Coltel,
Provost
|
WSUSpendu: How to hang WSUS clients |
|
K2
|
(Un)Fucking Forensics: Active/Passive (i.e. Offensive/Defensive) memory hacking/debugging. |
|
| 10:30 |
J4RV1S
|
The Surveillance Capitalism Will Continue Until Morale Improves |
| 11:00 |
Baxendale
|
Microservices and FaaS for Offensive Security |
FitzPatrick,
Leibowitz
|
Secure Tokin' and Doobiekeys: How to roll your own counterfeit hardware security devices |
|
Stanley,
Williams
|
If You Give a Mouse a Microchip... It will execute a payload and cheat at your high-stakes video game tournament |
|
Anderson
|
Evading next-gen AV using artificial intelligence |
|
Tankersley
|
WS: Implementing An Elliptic Curve in Go |
|
| 11:20 |
Snezhkov
|
Abusing Webhooks for Command and Control |
0x00string,
CJ_000,
Maximus64,
Zenofex
|
All Your Things Are Belong To Us |
|
| 11:30 |
Kloc
|
Privacy is Not An Add-On: Designing for Privacy from the Ground Up |
| 12:00 |
Bazhaniuk,
Michael,
Shkatov
|
Driving down the rabbit hole |
Thieme
|
When Privacy Goes Poof! Why It's Gone and Never Coming Back |
|
Nitterauer
|
DNS - Devious Name Services - Destroying Privacy & Anonymity Without Your Consent |
|
Nangle
|
Operational Security Lessons from the Dark Web |
|
| 12:30 |
Johnson
|
WS: Secrets Management in the Cloud |
| 13:00 |
El-Sherei
|
Demystifying Windows Kernel Exploitation by Abusing GDI Objects. |
Dillon,
Harding
|
Koadic C3 - Windows COM Command & Control Framework |
|
Manfred
|
Twenty Years of MMORPG Hacking: Better Graphics, Same Exploits |
|
Raggo,
Tully
|
A Picture is Worth a Thousand Words, Literally: Deep Neural Networks for Social Stego |
|
The Symantec/Chrome SSL debacle - how to do this better... |
||
| 14:00 |
Eissa
|
Attacking Autonomic Networks |
Cvrcek,
Mavroudis
|
Trojan-tolerant Hardware & Supply Chain Security in Practice |
|
Haltmeyer,
Woodbury
|
Linux-Stack Based V2X Framework: All You Need to Hack Connected Vehicles |
|
Cano
|
XenoScan: Scanning Memory Like a Boss |
|
Rucker
|
Have you seen my naked selfies? Neither has my snoopy boyfriend. Pr |
|
Guirao
|
WS: SECURE COMMUNICATIONS IN ANDROID WITH TLS/SSL |
|
| 15:00 |
Thompson
|
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt) |
Hernandez,
MacDonald-Evoy,
Richards
|
Tracking Spies in the Skies |
|
trixr4skids
|
DOOMed Point of Sale Systems |
|
Professor Plum
|
Digital Vengeance: Exploiting the Most Notorious C&C Toolkits |
|
Corman,
Hurd,
Langevin
|
DC to DEF CON: Q&A with Congressmen James Langevin and Will Hurd |
|
Sidorov
|
Yet another password hashing talk |
|
| 15:30 |
Geers
|
Core Illumination: Traffic Analysis in Cyberspace |
| 16:00 |
Ayoul3
|
Dealing the perfect hand - Shuffling memory blocks on z/OS |
Raz,
Shochat
|
From "One Country - One Floppy" to "Startup Nation" - the story of the early days of the Israeli hacking community, and the journey towards today's vibrant startup scene |
|
Grayson,
Lamb,
Newlin
|
CableTap: Wirelessly Tapping Your Home Network |
|
Brown,
Latimer
|
Game of Drones: Putting the Emerging "Drone Defense" Market to the Test |
|
Birr-Pixton
|
rustls: modern\, fast\, safer TLS |
|
| 17:00 |
Gofman,
Simakov
|
Here to stay: Gaining persistency by abusing advanced authentication mechanisms |
Schenk
|
Taking Windows 10 Kernel Exploitation to the next level - Leveraging write-what-where vulnerabilities in Creators Update |
|
Haddix
|
Introducing HUNT: Data Driven Web Hacking & Manual Testing |
|
Plore
|
Popping a Smart Gun |
|
Brotherston
|
Blue Team TLS Hugs |
|
| 17:30 |
Romailler
|
Automated Testing using Crypto Differential Fuzzing (DO NOT RECORD) |
| 20:00 |
Bailey,
Dowsett,
Friedman,
Koran,
Leiserson
|
Panel - Meet the Feds (who care about security research) |
Corman,
Dameff,
McNeil,
Radcliffe,
Schwartz,
Tully,
Woods
|
D0 No H4RM: A Healthcare Security Conversation |
| 10:00 |
Bashan,
Makkaveev
|
Unboxing Android: Everything you wanted to know about Android packers |
Gentry
|
I Know What You Are by the Smell of Your Wifi |
|
Datko,
Quartier
|
Breaking Bitcoin Hardware Wallets |
|
0ctane
|
Untrustworthy Hardware and How to Fix It |
|
| 10:20 |
Redezem
|
PEIMA (Probability Engine to Identify Malicious Activity): Using Power Laws to address Denial of Service Attacks |
Azouri
|
BITSInject |
|
chaosdata
|
Ghost in the Droid: Possessing Android Applications with ParaSpectre |
|
| 10:30 | Welcome - Sunday |
|
| 11:00 |
Schrodinger
|
Total Recall: Implanting Passwords in Cognitive Memory |
Fritschie,
Teitelman
|
Backdooring the Lottery and Other Security Tales in Gaming over the Past 25 Years |
|
spaceB0x
|
Exploiting Continuous Integration (CI) and Automated Build systems |
|
Huang,
Zheng
|
'Ghost Telephonist' Impersonates You Through LTE CSFB |
|
Manian
|
WS: Reasoning about Consensus Algorithms |
|
| 11:30 |
Lackey
|
Cypherpunks History |
| 12:00 |
Ryan
|
The Black Art of Wireless Post Exploitation |
Sprundel
|
Are all BSDs are created equally? A survey of BSD kernel vulnerabilities. |
|
Bjarnason,
Jones
|
The call is coming from inside the house! Are you ready for the next evolution in DDoS attacks? |
|
Sotos
|
Genetic Diseases to Guide Digital Hacks of the Human Genome: How the Cancer Moonshot Program will Enable Almost Anyone to Crash the Operating System that Runs You or to End Civilization... |
|
Duero
|
The Key Management Facility of the Root Zone DNSSEC KSK |
|
| 12:30 |
Curevac
|
The Policy & Business Case for Privacy By Design |
| 13:00 |
Cohen
|
Game of Chromes: Owning the Web with Zombie Chrome Extensions |
Huber,
Rasthofer
|
Bypassing Android Password Manager Apps Without Root |
|
Mahjoub,
Mathew
|
Malicious CDNs: Identifying Zbot Domains en Masse via SSL Certificates and Bipartite Graphs |
|
Bohannon,
Holmes
|
Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science |
|
| 13:30 |
Arciszewski
|
The Why and How for Secure Automatic Patch Management |
| 14:00 |
Cohen
|
Call the plumber - you have a leak in your (named) pipe |
Morris,
Petro
|
Weaponizing Machine Learning: Humanity Was Overrated Anyway |
|
Shan,
Yuan
|
Man in the NFC |
|
Mirosh,
Muñoz
|
Friday the 13th: JSON attacks! |
|
Closing |
||
| 15:00 |
Shoshitaishvili
|
25 Years of Program Analysis |
| 16:30 | Closing Ceremony |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.