DEF CON に参加できることになったので事前調査をしてみる
DEF CON® Hacking Conference(以下DEFCON) は世界的なハッカーイベントの一つです。 DEFCONには様々な催し物があり、日本人よく知られているのは世界最高峰のハッキングコンテスト「DEFCON CTF」でしょう。 2018年に開催されたDEFCON26では、日本人チームとして「binja」が参戦し、586チーム中8位という成績を収めています。
2019年8月開催のDEF CONに参加できる(CTFではない)ことになったので、事前調査として、 この記事では、あまり知られていない、それ以外の催しを紹介していきたいと思います。 (記事は適宜修正予定)
詳細なスケジュールを確認したい場合は DEF CON® 27 Hacking Conference Schedule から。
Village
各テーマ毎に集まり、アクティビティを行うのがVillage(ビレッジ)です。
ブロックチェーンに関する集まり(Blockchain Village)や、 自動車セキュリティに特化した集まり(Car Hacking Village)など、 全29のVillageがあります。
- AI Village
- AppSec Village
- Aviation Village
- BioHacking Village
- Bits & Blocks (Monero Village)
- Blockchain Village
- Blue Team Village
- Car Hacking Village
- Cloud Village
- Crypto & Privacy Village
- Data Duplication Village
- Drone Wars
- Ethics Village
- Hack the Sea Village
- Ham Radio Village
- Hardware Hacking Village
- ICS Village
- IOT Village
- Lockpick Village
- Packet Hacking Village
- Queercon
- Recon Village
- Red Team Village
- r00tz
- 303 Skytalks
- Social Engineer Village
- Voting Village
- VX (Chip-off) Village
- Wireless Village
Main Tracks
様々なテーマについて発表される、講演形式の催し。 95もの発表が予定されています。
https://www.defcon.org/html/defcon-27/dc-27-speakers.html ids = Array.from(document.querySelectorAll('article.talk')).map((e)=>{return e.id}) titles = Array.from(document.querySelectorAll('h3.talkTitle')).map((e)=>{return e.innerText}) speakers = Array.from(document.querySelectorAll('h4.speaker')).map((e)=>{return e.innerText}) details = Array.from(document.querySelectorAll('p.details')).map((e)=>{return e.innerText.replace('\n', ' | ')}) titles.map((e,i)=>{ return '* <a href="https://www.defcon.org/html/defcon-27/dc-27-speakers.html#'+ids[i]+'">'+e+'</a>\n'+ ' * '+speakers[i]+'\n'+ ' * '+details[i] }).join("\n")
- HTTP Desync Attacks: Smashing into the Cell Next Door
- albinowaxHead of Research, PortSwigger
- Sunday at 12:00 in Track 3 | 45 minutes | Demo, Tool
- Want Strong Isolation? Just Reset Your Processor
- Anish AthalyePhD student at MIT
- Sunday at 13:00 in Track 4 | 45 minutes | Demo, Tool
- HackPac: Hacking Pointer Authentication in iOS User Space
- Xiaolong Bai
- Friday at 13:00 in Track 1 | 45 minutes | Demo, Tool, Exploit
- Help Me, Vulnerabilities. You're My Only Hope
- Min (Spark) Zheng
- Sunday at 12:00 in Track 4 | 45 minutes | Tool, Exploit
- Hacking WebAssembly Games with Binary Instrumentation
- Jacob BainesResearch Engineer, Tenable
- Sunday at 10:00 in Track 3 | 45 minutes | Demo, Tool
- The ABC of Next-Gen Shellcoding
- Jack Baker
- Sunday at 11:00 in Track 1 | 45 minutes | Demo, Tool
- Are Quantum Computers Really A Threat To Cryptography? A Practical Overview Of Current State-Of-The-Art Techniques With Some Interesting Surprises
- Hadrien BarralHacker
- Thursday at 12:00 in DC101, Paris Theatre | 45 minutes | Demo
- Backdooring Hardware Devices By Injecting Malicious Payloads On Microcontrollers
- Rémi Géraud-StewartHacker
- Sunday at 10:00 in Track 1 | 45 minutes | Demo, Tool
- Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware
- Georges-Axel JaloyanPhD Student at ENS
- Friday at 10:00 in Track 3 | 45 minutes
- .NET Malware Threats: Internals And Reversing
- Andreas BaumhofVice President Quantum Technologies, QuintessenceLabs Inc.
- Saturday at 15:00 in Track 4 | 45 minutes
- The JOP ROCKET: A Supremely Wicked Tool for JOP Gadget Discovery, or What to Do If ROP Is Too Easy
- Sheila Ayelen BertaSecurity Researcher
- Friday at 16:00 in Track 4 | 20 minutes | Demo, Tool
- How Deep Learning Is Revolutionizing Side-Channel Cryptanalysis
- Olivier BilodeauCybersecurity Research Lead at GoSecure
- Friday at 14:00 in Track 3 | 45 minutes | Demo, Tool
- SDR Against Smart TVs: URL and Channel Injection Attacks
- Masarah Paquet-CloustonCybersecurity Researcher at GoSecure
- Sunday at 11:00 in Track 2 | 45 minutes | Demo, Tool
- Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming
- Alexandre BorgesSecurity Researcher at Blackstorm Security
- Saturday at 12:00 in Track 2 | 45 minutes | Demo, Tool
- Malproxying: Leave Your Malware at Home
- Dr. Bramwell BrizendineAssistant Professor of Computer and Cyber Sciences, Dakota State University
- Sunday at 12:00 in Track 2 | 45 minutes | Demo, Tool
- Contests Awards Ceremony
- Dr. Joshua StroschienAssistant Professor of Cyber Security/Network & Security Administration, Dakota State University
- Sunday at 14:00 in Track 4 | 90 minutes
- Closing Ceremonies
- Elie BurszteinGoogle
- Sunday at 16:00 in Paris Ballroom | 120 minutes
- How You Can Buy AT&T, T-Mobile, and Sprint Real-Time Location Data on the Black Market
- Jean Michel PicodGoogle
- Saturday at 12:00 in Track 1 | 45 minutes
- Practical Key Search Attacks Against Modern Symmetric Ciphers
- Pedro Cabrera CamaraFounder, Ethon Shield
- Friday at 14:00 in Track 4 | 45 minutes | Demo
- I Know What You Did Last Summer: 3 Years of Wireless Monitoring at DEF CON
- Damien Cauquil (virtualabs)Senior Security Researcher @ Econocom Digital.Security
- Friday at 16:00 in Track 2 | 20 minutes | Demo, Tool
- D0 N0 H4RM: A Healthcare Security Conversation
- Hila CohenSecurity Researcher, XM Cyber
- Friday at 20:00 in Firesides Lounge | 120 minutes
- DEF CON 101 Panel
- Amit WaiselSenior Technical Leader, XM Cyber
- Thursday at 15:00 in DC101, Paris Theatre | 105 minutes
- Panel: DEF CON Groups
- Contests & Events Goons
- Friday at 22:15 in Firesides Lounge | 45 minutes
- Are Your Child's Records at Risk? The Current State of School Infosec
- The Dark Tangent & Goons
- Friday at 14:00 in Track 2 | 45 minutes
- Evil eBPF In-Depth: Practical Abuses of an In-Kernel Bytecode Runtime
- Joseph CoxSenior Staff Writer, Motherboard
- Friday at 11:00 in Track 4 | 45 minutes | Demo, Exploit
- The Tor Censorship Arms Race: The Next Chapter
- Daniel "ufurnace" CrowleyResearch Baron, X-Force Red
- Friday at 11:00 in Track 2 | 45 minutes | Tool
- Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks
- Daniel PaganStudent, Georgia Tech
- Sunday at 14:00 in Track 2 | 45 minutes | Demo, Tool
- State of DNS Rebinding - Attack & Prevention Techniques and the Singularity of Origin
- d4rkm4tter (Mike Spicer)Hacker
- Saturday at 15:00 in Track 3 | 45 minutes | Demo, Tool
- Go NULL Yourself or: How I Learned to Start Worrying While Getting Fined for Other’s Auto Infractions
- Christian “quaddi” DameffMedical Director of Security at The University of California San Diego
- Saturday at 16:30 in Track 3 | 20 minutes
- Meet the EFF - Meetup Panel
- Jeff “r3plicant” Tully MDAnesthesiologist at The University of California Davis
- Saturday at 20:00 in Firesides Lounge | 120 minutes
- Rise of the Hypebots: Scripting Streetwear
- Suzanne Schwartz MDAssociate Director for Science and Strategic Partnerships at the US Food and Drug Administration FDA
- Saturday at 10:00 in Track 2 | 45 minutes | Demo
- Reverse-Engineering 4g Hotspots for Fun, Bugs and Net Financial Loss
- Marie Moe PhDResearcher and Hacker
- Saturday at 15:00 in Track 2 | 45 minutes | Demo, Tool
- We Hacked Twitter… And the World Lost Their Sh*t Over It!
- Billy RiosFounder of Whitescope
- Saturday at 22:15 in Firesides Lounge | 45 minutes
- Exploiting Qualcomm WLAN and Modem Over The Air
- Jay RadcliffeSecurity Researcher at Thermo Fisher Scientific
- Sunday at 11:00 in Track 3 | 45 minutes | Demo, Exploit
- MOSE: Using Configuration Management for Evil
- Highwiz
- Friday at 15:00 in Track 1 | 45 minutes | Demo, Tool
- Behind the Scenes of the DEF CON 27 Badge
- Nikita
- Friday at 10:00 in Track 1 | 45 minutes | Tool
- Unpacking Pkgs: A Look Inside Macos Installer Packages And Common Security Flaws
- Will
- Saturday at 16:30 in Track 1 | 20 minutes | Demo
- Duplicating Restricted Mechanical Keys
- n00bz
- Friday at 10:00 in Track 4 | 45 minutes | Exploit
- SELECT code_execution FROM * USING SQLite;—Gaining code execution using a malicious SQLite database
- Shaggy
- Saturday at 14:00 in Track 1 | 45 minutes | Demo, Tool, Exploit
- Next Generation Process Emulation with Binee
- SecBarbie
- Saturday at 14:00 in Track 4 | 45 minutes | Demo, Tool
- Hacking Congress: The Enemy Of My Enemy Is My Friend
- Tottenkoph
- Friday at 10:00 in Track 2 | 45 minutes
- Don't Red-Team AI Like a Chump
- Brent White / B1TK1LL3RGlobal Coordinator
- Friday at 11:00 in Track 1 | 45 minutes | Demo, Tool
- I'm on your phone, listening - Attacking VoIP Configuration Interfaces
- Jayson E. StreetAmbassador
- Saturday at 14:00 in Track 2 | 45 minutes | Demo, Tool, Exploit
- Weaponizing Hypervisors to Fight and Beat Car and Medical Devices Attacks
- DaringtonWeb Master
- Saturday at 10:00 in Track 1 | 45 minutes | Demo, Tool
- Say Cheese - How I Ransomwared Your DSLR Camera
- April WrightWelcoming Committee & Liaison
- Sunday at 11:00 in Track 4 | 45 minutes | Demo, Exploit
- Meticulously Modern Mobile Manipulations
- Tim Roberts (byt3boy)Volunteer
- Saturday at 11:00 in Track 4 | 45 minutes | Demo
- Vacuum Cleaning Security—Pinky and the Brain Edition
- Casey BourbonnaisVolunteer
- Saturday at 16:00 in Track 4 | 20 minutes | Exploit
- Your Car is My Car
- s0upsSocial media
- Saturday at 11:00 in Track 1 | 45 minutes | Demo, Tool, Exploit
- Surveillance Detection Scout - Your Lookout on Autopilot
- Bill DemirkapiIndependent Security Researcher
- Friday at 16:00 in Track 3 | 20 minutes | Demo, Tool
- 100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans
- Jeff DileoResearch Director, NCC Group
- Friday at 15:00 in Track 3 | 45 minutes | Demo, Tool, Exploit
- Confessions of an Nespresso Money Mule: Free Stuff & Triangulation Fraud
- Roger DingledineThe Tor Project
- Saturday at 16:00 in Track 3 | 20 minutes
- Process Injection Techniques - Gotta Catch Them All
- Brad DixonSecurity Consultant, Carve Systems
- Friday at 12:00 in Track 1 | 45 minutes | Tool
- Intro to Embedded Hacking—How you too can find a decade old bug in widely deployed devices. [REDACTED] Deskphones, a case study.
- Gerald DoussotPrincipal Security Consultant, NCC Group
- Thursday at 13:00 in DC101, Paris Theatre | 45 minutes | Demo, Exploit
- EDR Is Coming; Hide Yo Sh!t
- Roger MeyerPrincipal Security Consultant, NCC Group
- Saturday at 10:00 in Track 4 | 45 minutes | Demo, Tool
- API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web
- droogieSecurity Consultant at IOActive
- Friday at 12:00 in Track 4 | 45 minutes | Demo, Exploit
- HVACking: Understand the Difference Between Security and Reality!
- Kurt OpsahlDeputy Executive Director And General Counsel, EFF
- Friday at 13:00 in Track 2 | 45 minutes | Demo
- Change the World, cDc Style: Cow tips from the first 35 years
- Camille FischerFrank Stanton Fellow, EFF
- Friday at 15:00 in Track 2 | 45 minutes
- Get off the Kernel if you can’t Drive
- Bennett CyphersStaff Technologist, EFF
- Saturday at 15:00 in Track 1 | 45 minutes | Demo. Tool, Exploit
- RACE - Minimal Rights and ACE for Active Directory Dominance
- Nathan 'nash' SheardGrassroots Advocacy Organizer, EFF
- Saturday at 13:00 in Track 1 | 45 minutes | Demo, Tool
- I'm In Your Cloud... Pwning Your Azure Environement
- Shahid ButtarPanel Host and Director of Grassroots Advocacy, EFF
- Sunday at 12:00 in Track 1 | 45 minutes | Demo, Tool, Exploit
- More Keys Than A Piano: Finding Secrets In Publicly Exposed Ebs Volumes
- finalphoenixEngineer & Hypebae
- Friday at 13:00 in Track 4 | 45 minutes | Demo, Tool
- The Ether Wars: Exploits, counter-exploits and honeypots on Ethereum
- g richterSenior Researcher, Pen Test Partners LLP
- Sunday at 14:00 in Track 3 | 45 minutes | Demo, Tool
- SSO Wars: The Token Menace
- Mike GodfreyPenetration Tester, INSINIA Security
- Saturday at 13:00 in Track 4 | 45 minutes | Demo, Tool, Exploit
- Re: What's up Johnny? – Covert Content Attacks on Email End-to-End Encryption
- Matthew CarrPenetration Tester, INSINIA Security
- Friday at 16:30 in Track 4 | 20 minutes | Demo, Exploit
- GSM: We Can Hear Everyone Now!
- Xiling GongConsultant, NCC Group
- Saturday at 13:00 in Track 2 | 45 minutes | Demo, Exploit
- NOC NOC. Who's there? All. All who? All the things you wanted to know about the DEF CON NOC and we won't tell you about
- Peter PiSenior Security Researcher of Tencent Blade Team
- Saturday at 16:00 in Track 2 | 105 minutes
- Poking the S in SD cards
- Jayson GracePenetration Tester, Splunk
- Friday at 16:30 in Track 1 | 20 minutes | Demo, Tool, Exploit
- No Mas – How One Side-Channel Flaw Opens Atm, Pharmacies and Government Secrets Up to Attack
- Joe Grand (Kingpin)
- Friday at 13:00 in Track 3 | 45 minutes | Demo, Exploit
- Breaking The Back End! It Is Not Always A Bug. Sometimes, It Is Just Bad Design!
- Andy GrantTechnical Vice President, NCC Group
- Friday at 16:30 in Track 3 | 20 minutes | Demo, Exploit
- Hacking Your Thoughts - Batman Forever meets Black Mirror
- Bill GraydonPresident and Principal, Physical Security Analytics
- Saturday at 11:00 in Track 3 | 45 minutes
- Breaking Google Home: Exploit It with SQLite(Magellan)
- Robert GraydonPrincipal, GGR Security
- Thursday at 11:00 in DC101, Paris Theatre | 45 minutes | Demo, Exploit
- Firmware Slap: Automating Discovery of Exploitable Vulnerabilities in Firmware
- Omer GullSecurity Researcher at Check Point Software Technologies
- Sunday at 14:00 in Track 1 | 45 minutes | Demo, Tool
- Why You Should Fear Your “mundane” Office Equipment
- Kyle GwinnupSenior Threat Researcher, Carbon Black
- Saturday at 12:00 in Track 3 | 45 minutes | Demo, Tool, Exploit
- Owning The Clout Through Server-Side Request Forgery
- John HolowczakThreat Researcher
- Sunday at 13:00 in Track 3 | 45 minutes | Demo, Tool
- Information Security in the Public Interest
- Former Rep. Jane HarmanPresident, The Wilson Center, Former Rep. (D-CA), aka Surfer Jane
- Saturday at 10:00 in Track 3 | 45 minutes
- Zero bugs found? Hold my Beer AFL! How To Improve Coverage-Guided Fuzzing and Find New 0days in Tough Targets
- Rep. James Langevin(D-RI)
- Saturday at 14:00 in Track 3 | 45 minutes | Demo, Tool, Exploit
- Relaying Credentials Has Never Been Easier: How to Easily Bypass the Latest NTLM Relay Mitigations
- Jen EllisDirector of Public Affairs, Rapid 7
- Friday at 15:00 in Track 4 | 45 minutes | Demo, Tool, Exploit
- Adventures In Smart Buttplug Penetration (testing)
- Zombie Ant Farm: Practical Tips for Playing Hide and Seek with Linux EDRs
- Rep. Ted Lieu(D-CA)
- Saturday at 12:00 in Track 4 | 45 minutes | Demo, Tool
- Apache Solr Injection
- Ariel Herbert-VossPhD student, Harvard University
- Saturday at 16:30 in Track 4 | 20 minutes | Demo, Exploit
- Reverse Engineering 17+ Cars in Less Than 10 Minutes
- Stephan HuberFraunhofer SIT
- Saturday at 16:00 in Track 1 | 20 minutes | Demo, Tool
- HAKC THE POLICE
- Philipp Roskosch
- Saturday at 11:00 in Track 2 | 45 minutes | Demo, Tool
- [ MI CASA-SU CASA ] My 192.168.1.1 is Your 192.168.1.1
- Ali IslamCEO, Numen Inc.
- Sunday at 13:00 in Track 1 | 45 minutes | Demo, Tool
- Infiltrating Corporate Intranet Like NSA ̶Pre-auth RCE on Leading SSL VPNs
- Dan Regalado (DanuX)CTO, Numen Inc
- Friday at 12:00 in Track 3 | 45 minutes | Demo, Exploit
- Tag-side attacks against NFC
- Eyal ItkinVulnerability Researcher at Check Point Software Technologies
- Saturday at 13:00 in Track 3 | 45 minutes | Demo, Tool
- Harnessing Weapons of Mac Destruction
- Leon JacobsResearcher - SensePost
- Friday at 14:00 in Track 1 | 45 minutes | Demo, Exploit
- Please Inject Me, a x64 Code Injection
- jiskaTU Darmstadt, Secure Mobile Networking Lab
- Friday at 16:00 in Track 1 | 20 minutes | Demo
- Phreaking Elevators
- clou (Fabian Ullrich)
- Friday at 12:00 in Track 2 | 45 minutes | Demo
- Sound Effects: Exploring Acoustic Cyber-weapons
- Jmaxxz
- Sunday at 13:00 in Track 2 | 45 minutes | Tool
- Can You Track Me Now? Why The Phone Companies Are Such A Privacy Disaster
- Truman KainSr. Information Security Analyst at Tevora
- Friday at 16:30 in Track 2 | 20 minutes
- All the 4G modules Could be Hacked
- Jatin KatariaPrincipal Scientist, Red Balloon Security
- Friday at 11:00 in Track 3 | 45 minutes | Exploit
- Exploiting Windows Exploit Mitigation for ROP Exploits
- Rick HousleyResearch Scientist, Red Balloon Security
- Thursday at 10:00 in DC101, Paris Theatre | 45 minutes | Demo
- Your Secret Files Are Mine: Bug Finding And Exploit Techniques On File Transfer App Of All Top Android Vendors
- Ang CuiChief Scientist, Red Balloon Security
- Sunday at 10:00 in Track 4 | 45 minutes | Demo, Tool, Exploit
- Web2Own: Attacking Desktop Apps From Web Security's Perspective
- Nina KollarsAssociate Professor Naval War College Strategic and Operational Research Department
- Thursday at 14:00 in DC101, Paris Theatre | 45 minutes
- "First-try" DNS Cache Poisoning with IPv4 and IPv6 Fragmentation
- Kitty Hegemon
- | 45 minutes | Demo, Exploit
Demo Labs
自作ツールのデモや、ハッキングテクニックの解説などが行われます。
https://www.defcon.org/html/defcon-27/dc-27-demolabs.html ids = Array.from(document.querySelectorAll('article.talk')).map((e)=>{return e.id}) titles = Array.from(document.querySelectorAll('h3.talkTitle')).map((e)=>{return e.innerText}) speakers = Array.from(document.querySelectorAll('h4.speaker')).map((e)=>{return e.innerText}) details = Array.from(document.querySelectorAll('p.details')).map((e)=>{return e.innerText.replace('\n', ' | ')}) titles.map((e,i)=>{ return '* <a href="https://www.defcon.org/html/defcon-27/dc-27-demolabs.html#'+ids[i]+'">'+e+'</a>\n'+ ' * '+speakers[i]+'\n'+ ' * '+details[i] }).join("\n")
- Antennas for Surveillance applications
- Kent Britain & Alexander Zakharov
- Friday from 10:00 – 11:50 in Sunset 1 at Planet Hollywood | Audience: All
- bedr
- Mark Ignacio
- Saturday from 12:00 – 13:50 in Sunset 6 at Planet Hollywood | Audience: Defense, Linux
- BEEMKA – Electron Post-Exploitation Framework
- Pavel Tsakalidis
- Friday from 10:00 – 11:50 in Sunset 3 at Planet Hollywood | Audience: Offense – Especially red teamers that want to establish persistence and egress data.
- Burpsuite Team Server for Collaborative Web App Testing
- Tanner Barnes
- Saturday from 14:00 – 15:50 in Sunset 1 at Planet Hollywood | Audience: Offense, AppSec
- Chaos Drive, because USB is still too trustworthy
- Mike Rich
- Friday from 14:00 – 15:50 in Sunset 4 at Planet Hollywood | Audience: Offense, Social Engineers, Hardware, Privacy
- CIRCO: Cisco Implant Raspberry Controlled Operations
- Emilio Couto
- Saturday from 10:00 – 11:50 in Sunset 2 at Planet Hollywood | Audience: Offense, Hardware
- Combo Password
- Fabian Obermaier
- Friday from 14:00 – 15:50 in Sunset 5 at Planet Hollywood | Audience: Defense
- Cotopaxi: IoT Protocols Security Testing Toolkit
- Jakub Botwicz
- Saturday from 10:00 – 11:50 in Sunset 3 at Planet Hollywood | Audience: IoT, AppSec
- Burp Plugin: Cyber Security Transformation Chef (CSTC)
- Ralf Almon & Sebastian Puttkammer
- Saturday from 12:00 – 13:50 in Sunset 1 at Planet Hollywood | Audience: Offense, Defense, AppSec, Mobile.
- Dr.ROBOT: Organized Chaos and the Shotgun Approach
- Aleksandar Straumann & Jayson Grace
- Saturday from 12:00 – 13:50 in Sunset 5 at Planet Hollywood | Audience: Defense/Offense
- EAPHammer
- Gabriel Ryan
- Friday from 12:00 – 13:50 in Sunset 1 at Planet Hollywood | Audience: Offensive security professionals, security analysts and network administrators, executive leadership, end-users
- EXPLIoT - IoT Security Testing and Exploitation Framework
- Aseem Jakhar & Murtuja Bharmal
- Friday from 14:00 – 15:50 in Sunset 3 at Planet Hollywood | Audience: Offense, Hardware, IoT, Pentesters
- Flatline
- East
- Friday from 12:00 – 13:50 in Sunset 4 at Planet Hollywood | Audience: Hardware and OpSec.
- Go Reverse Engineering Tool Kit
- Joakim Kennedy
- Saturday from 10:00 – 11:50 in Sunset 5 at Planet Hollywood | Audience: Defense
- Hachi: An Intelligent threat mapper
- Parmanand Mishra
- Friday from 10:00 – 11:50 in Sunset 5 at Planet Hollywood | Audience: Defense, Malware, Threat Intelligence
- Browser extension to hunt low hanging fruits (Hacking by just browsing)
- Rewanth Cool
- Friday from 14:00 – 15:50 in Sunset 1 at Planet Hollywood | Audience: Bug bounty hunters, Penetration testers, developers, open source contributors
- ioc2rpz
- Vadim Pavlov
- Saturday from 12:00 – 13:50 in Sunset 2 at Planet Hollywood | Audience: Defense
- Let's Map Your Network
- Pramod Rana
- Friday from 14:00 – 15:50 in Sunset 2 at Planet Hollywood | Audience: Defense, Monitoring
- Local Sheriff
- Konark Modi
- Saturday from 12:00 – 13:50 in Sunset 3 at Planet Hollywood | Audience: AppSec, Code Assesments, and privacy researchers
- Memhunter - Automated hunting of memory resident malware at scale
- Marcos Oviedo
- Saturday from 10:00 – 11:50 in Sunset 6 at Planet Hollywood | Audience: Defense
- OSfooler-NG: Next Generation of OS fingerprinting fooler
- Jaime Sanchez
- Friday from 14:00 – 15:50 in Sunset 6 at Planet Hollywood | Audience: Defense
- OWASP Amass
- Jeff Foley & Anthony Rhodes
- Saturday from 14:00 – 15:50 in Sunset 2 at Planet Hollywood | Audience: Red Team, Blue Team, Bug Bounty Hunters, Penetration Testers
- PcapXray
- Srinivas Piskala Ganesh Babu
- Friday from 12:00 – 13:50 in Sunset 2 at Planet Hollywood | Audience: Defense, Forensics, Networks
- PCILeech and MemProcFS
- Ulf Frisk & Ian Vitek
- Saturday from 12:00 – 13:50 in Sunset 4 at Planet Hollywood | Audience: Offense, Defense, Forensics, Hardware
- PhanTap (Phantom Tap)
- Diana Dragusin & Etienne Champetier
- Friday from 10:00 – 11:50 in Sunset 2 at Planet Hollywood | Audience: Red Teams, it could also be used by Blue Teams.
- Phishing Simulation
- Jyoti Raval
- Friday from 12:00 – 13:50 in Sunset 5 at Planet Hollywood | Audience: Defense
- PivotSuite: Hack The Hidden Network - A Network Pivoting Toolkit
- Manish Gupta
- Saturday from 14:00 – 15:50 in Sunset 3 at Planet Hollywood | Audience: Offense (Red Teamers / Penetration Testers)
- QiLing
- KaiJern, Lau & Dr. Nguyen Anh Quynh
- Sunday from 10:00 – 11:50 in Sunset 6 at Planet Hollywood | Audience: Reverse Engineers, Hardware (IoT) Hackers
- Reverse Engineering Embedded ARM with Ghidra
- Max Compston
- Friday from 10:00 – 11:50 in Sunset 4 at Planet Hollywood | Audience: Offense, Defense, AppSec, Mobile, Hardware
- Rhodiola
- Utku Sen
- Sunday from 10:00 – 11:50 in Sunset 5 at Planet Hollywood | Audience: Offense
- Shadow Workers: Backdooring with Service Workers
- Emmanuel Law & Claudio Contin
- Saturday from 14:00 – 15:50 in Sunset 6 at Planet Hollywood | Audience: Offensive Security, AppSec
- Shellcode Compiler
- Ionut Popescu
- Saturday from 14:00 – 15:50 in Sunset 5 at Planet Hollywood | Audience: Anyone interested in shellcode development
- SILENTTRINITY
- Marcello Salvati
- Saturday from 14:00 – 15:50 in Sunset 4 at Planet Hollywood | Audience: Offense
- soFrida - Dynamic Analysis Tool for Mobile Apps with Cloud Backend
- Hyunjun Park & Soyeon Kim
- Friday from 10:00 – 11:50 in Sunset 6 at Planet Hollywood | Audience: Offense: Mobile Application Pentesters, Hackers Defense: Cloud Backend Operators Mobile Application Developers who use cloud SDK
- Spartacus as a Service (SaaS)
- Mike Kiser
- Friday from 12:00 – 13:50 in Sunset 3 at Planet Hollywood | Audience: Offense for the end user
- Srujan: Safer Networks for Smart Homes
- Sanket Karpe & Parmanand Mishra
- Saturday from 10:00 – 11:50 in Sunset 4 at Planet Hollywood | Audience: Defense, Network, Hardware, IOT Security
- TaintedLove
- Benoit Côté-Jodoin
- Friday from 12:00 – 13:50 in Sunset 6 at Planet Hollywood | Audience: AppSec
- USB-Bootkit – New Bookit via USB Interface in Supply Chain Attacks
- Haowen Bai
- Sunday from 10:00 – 11:50 in Sunset 4 at Planet Hollywood | Audience: Offense, Defense and Hardware.
- Vulmap: Online Local Vulnerability Scanners Project
- Yavuz Atlas & Fatih Ozel
- Sunday from 10:00 – 11:50 in Sunset 3 at Planet Hollywood | Audience: Offense, Defense
- WiFi Kraken – Scalable Wireless Monitoring
- Mike Spicer
- Saturday from 10:00 – 11:50 in Sunset 1 at Planet Hollywood | Audience: Offense, Defense, Hardware
- Zigbee Hacking: Smarter Home Invasion with ZigDiggity
Workshop
様々なテーマをワークショップ形式で、手を動かしながら学べる催し。 しばらく休止をしていたが、DEFCON27(2019年)で復活したらしい? 各ワークショップともに人数制限(40名など)があり、募集開始とともにすぐ予約に空きがなくなる模様。 バックレを防止するために2,500円かかりますが、内容を考えるとこんな価格で受講できるとは驚きです。
https://www.defcon.org/html/defcon-27/dc-27-workshops.html ids = Array.from(document.querySelectorAll('article.talk')).map((e)=>{return e.id}) titles = Array.from(document.querySelectorAll('h3.talkTitle')).map((e)=>{return e.innerText}) abstracts = Array.from(document.querySelectorAll('h3.talkTitle+p.abstract')).map((e)=>{return e.innerText.replace('\n', ' | ')}) speakers = Array.from(document.querySelectorAll('h4.speaker')).map((e)=>{return e.innerText}) titles.map((e,i)=>{ return '* <a href="https://www.defcon.org/html/defcon-27/dc-27-workshops.html#'+ids[i]+'">'+e+'</a>\n'+ ' * '+speakers[i]+'\n'+ ' * '+abstracts[i] }).join("\n")
- Breaking and Pwning Docker Containers and Kubernetes Clusters
- Madhu Akula
- Friday, 1430-1830 in Red Rock II
- Modern DebuggingHWarfare with WinDbg Preview
- Chris AlladoumSecurity Researcher, Sophos Labs
- Saturday, 1430-1830 in Flamingo, Lake Mead II
- Advanced Wireless Exploitation for Red Team and Blue Team
- Axel SouchetHacker
- Thursday, 1430-1830 in Flamingo, Red Rock II
- Pwning Serverless Applications
- Besim AltinokFounder & CEO,Pentester Training
- Thursday, 1000-1400 in Flamingo, Red Rock V
- Reverse Engineering Android Apps
- Bahtiyar BircanSenior Consultant, Eurocontrol / EATM-CERT
- Friday, 1430-1830 in Flamingo, Red Rock III
- Purple Team CTF
- Abhay BhargavFounder, we45
- Thursday, 1430-1830 in Flamingo, Red Rock III
- Exploit Development for Beginners
- Nithin Jois
- Friday, 1000-1400 in Flamingo, Red Rock VII
- Understanding and Analyzing Weaponized Carrier Files
- Tilak Thimmappa
- Friday, 1000-1400 in Flamingo, Red Rock III
- Introduction to Cryptographic Attacks
- Sam BowneProprietor, Bowne Consulting
- Thursday, 1000-1400 in Flamingo, Red Rock VIII
- Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows.
- Elizabeth BiddlecomeSenior Researcher, Bowne Consulting
- Saturday, 1430-1830 in Flamingo, Valley of Fire I
- An Introduction to Deploying Red Team Infrastructure
- Sam BowneProprietor, Bowne Consulting
- Thursday, 1430-1830 in Flamingo, Red Rock I
- Hacking Wifi
- Elizabeth BiddlecomeSenior Researcher, Bowne Consulting
- Thursday, 1430-1830 in Flamingo, Red Rock VIII
- Attacking Layer 2 Network Protocols
- Sam BowneProprietor, Bowne Consulting
- Friday, 1430-1830 in Flamingo, Red Rock I
- Functional Programming for the Blue Team
- Elizabeth BiddlecomeSenior Researcher, Bowne Consulting
- Saturday, 1000-1400 in Flamingo, Valley of Fire II
- Finding Vulnerabilities at Ecosystem-Scale
- Ryan ChapmanIncident Response Analyst
- Friday, 1000-1400 in Flamingo, Red Rock IV
- Malware Triage - Analyzing The Modern Malware Delivery Chain
- Matt CheungHacker
- Friday, 1000-1400 in Flamingo, Red Rock II
- Mind the Gap Between Attacking Windows and Mac: Breaking In and Out of Protected MacOS environments
- Dino CovotsosFounder & CEO, Telspace Systems
- Saturday, 1000-1400 in Flamingo, Lake Mead I
- Hacking Wi-Fi for Beginners
- Troy DeftyHacker
- Thursday, 1000-1400 in Flamingo, Red Rock III
- Learning to Hack Bluetooth Low Energy with BLE CTF
- Erik DulHacker
- Thursday, 1000-1400 in Flamingo, Red Rock IV
- Hacking the Android APK
- Philippe DelteilComputer Science Engineer
- Thursday, 1430-1830 in Flamingo, Red Rock V
- Introduction to Reverse Engineering With Ghidra
- Victor FaraggiStudent, University of Chile
- Friday, 1430-1830 in Flamingo, Red Rock V
- Hands on Adversarial Machine Learning
- Ilana Mergudich ThalStudent, University of Chile
- Friday, 1000-1400 in Flamingo, Red Rock VI
- Advanced Custom Network Protocol Fuzzing
- Erik DulHacker
- Friday, 1430-1830 in Flamingo, Red Rock VI
- Hacking Medical Devices
- Troy DeftyHacker
- Thursday, 1000-1400 in Flamingo, Red Rock II
- From EK to DEK: Analyzing Document Exploit Kits
- eigentouristSoftware Engineer, Data Scientist
- Thursday, 1000-1400 in Flamingo, Red Rock I
- Introduction to Sandbox Evasion and AMSI Bypasses
- Isaac EvansHacker
- Friday, 1430-1830 in Flamingo, Red Rock IV
- Defending environments and hunting malware with osquery
- Sergei FrankoffCo-Founder, Open Analysis
- Friday, 1430-1830 in Flamingo, Red Rock VII
- Constructing Kerberos Attacks with Delegation Primitives
- Sean WilsonCo-Founder, Open Analysis
- Thursday, 1000-1400 in Flamingo, Red Rock VII
- Evil Mainframe Jr: Mainframe hacking from recon to privesc
- Richard GoldHacker
- Friday, 1000-1400 in Flamingo, Red Rock I
- Advanced Wireless Attacks Against Enterprise Networks
- Alex HammerHacker
- Thursday, 1430-1830 in Flamingo, Red Rock VII
- Hacking ICS: From Open Source Tools to Custom Scripts
- Penelope 'Pip' Pinkerton
- Friday, 1000-1400 in Flamingo, Red Rock V
- Red Teaming Techniques for Electronic Physical Security Systems
- Ryan HolemanGlobal Security Overlord, Atlassian
- Saturday, 1000-1400 in Flamingo, Valley of Fire I
- Pentesting ICS 102
- Ben HughesHacker
- Saturday, 1430-1830 in Flamingo, Valley of Fire II
- scapy_dojo_v_1
- Liana ParakesyanHacker
- Saturday, 1430-1830 in Flamingo, Lake Mead I
- Writing custom backdoor payloads using C#
- Mattia CampagnanoHacker
- Saturday, 1000-1400 in Flamingo, Lake Mead II
- Analysis 101 for Hackers and Incident Responders
- Wesley McGrewHacker
- Thursday, 1430-1830 in Flamingo, Red Rock IV
Contests & Events
DEFCON CTF本戦以外にも、様々なコンテストやCTFが開催されています。
https://www.defcon.org/html/defcon-27/dc-27-ce.html titles = Array.from(document.querySelectorAll('h3.talkTitle')).map((e)=>{return e.innerText}) details = Array.from(document.querySelectorAll('h3.talkTitle+p.details')).map((e)=>{return e.innerText.replace('\n', ' | ')}) titles.map((e,i)=>{ return '<a href="https://www.defcon.org/html/defcon-27/dc-27-ce.html">'+e+'</a>\n '+details[i] }).join("\n")
AI Village CTF Contest | Location: AI Village | Beverage Cooling Contraption Contest Contest | Location: Contest Stage (PH Mezzanine) | Friday: 1300-1500 Car Hacking Village CTF Contest | Location: Car Hacking Village | CMD+CTRL CyberRange Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Coindroids Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Crack Me If You Can Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Creative Writing Short Story Contest Contest | Location: Online | DarkNet Project Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 DEF CON Beard Contest Contest | Location: Contest Stage (PH Mezzanine) | Saturday: 1300-1500 Defcon Ham Radio Fox Hunting Contest Contest | Location: HAM Radio Village (Flamingo) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Defcon Scavenger Hunt Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Drunk Hacker History Contest | Location: Contest Stage (PH Mezzanine) | Saturday: 2200-2400 Dungeons@Defcon Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 10:00-20:00, Sunday: 1000-1200 EFF Tech Trivia Contest | Location: Contest Stage (PH Mezzanine) | Friday: 1700-1900 Hack the Plan[e]t Contest | Location: ICS Village | Hacker Jeopardy Contest | Location: Contest Stage (PH Mezzanine) | Friday: 2000-2200, Saturday: 20:00-22:00 Hackfortress Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 H@ck3r Runw@y Contest | Location: Contest Stage (PH Mezzanine) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Homebrew Hardware Contest Contest | Location: Contest Stage (PH Mezzanine) | Saturday: 1500-1700 Hospital Under Siege Contest | Location: BioHacking Village | Maps of the Digital Lands Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 OpenCTF Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 OpenSOC Blue Team CTF Contest | Location: Blue Team Village | OSINT CTF for Missing Persons Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Red Alert ICS CTF Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Schemaverse Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 SECTF Contest | Location: SE Village | SECTF4Kids Contest | Location: SE Village | SECTF4Teens Contest | Location: SE Village | Secure Code Review Challenge Contest | Location: AppSec Village | SOHOpelessly Broken Contest | Location: IoT Village | SpellCheck: The Hacker Spelling Bee Contest | Location: Contest Stage (PH Mezzanine) | Friday: 1500-1700 Spy Contest (Who's the Best Social Engineer) Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 TD Francis X-hour Film Contest Contest | TeleChallenge Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 The d(struction)20 CTF Contest | Location: Contest Stage (PH Mezzanine) | Saturday: 1100-1300 The Gold Bug - Crypto & Privacy Village Puzzle Contest | Location: Crypto Village | Threat Modeling Challenge Contest | Location: AppSec Village | Tinfoil Hat Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 warl0ck gam3z CTF Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Whose Slide Is It Anyway? Contest | Location: Contest Stage (PH Mezzanine) | Friday: 2200-2400 Wireless Capture the Flag Contest | Location: Wireless Village | 8th Annual DEF CON Bike Ride Event | Location: | Friday: 0600-0600 DEAF CON Meetup Event | Location: DEAF CON Village | Ham Radio Exams Event | Location: Ham Radio Village | Mohawk-Con Event | Location: Vendor Area | Toxic BBQ Event | Location: Sunset Park, Pavilion F | Thursday 1600-2200