Image for post
Image for post

Welcome to the DEFCON 201 guide to Ultimate Hacker Summer Camp! This is part of a series where we are going to cover all the vairous hacker conventions and shenanigans in August. As more blog posts are uploaded, you will be able to jump through the guide via these links:







ULTIMATE HACKER SUMMER CAMP — Part Seven: Diana Inititive


Image for post
Image for post


Date: ThrusdayAugust 6sth (12:30 PM EST) — Sunday, August 9th (8:00 PM EST)

Website: https://defcon.org/

Platform(s): Discord via Twitch TV, YouTube and Restream.io in addition to DEF CON FORUMS

Scheduel: https://defcon.org/html/defcon-safemode/dc-safemode-schedule.html

Live Streams:

YouTube: https://www.youtube.com/user/BlackHatOfficialYT

Twitch: https://www.twitch.tv/defconorg


Discord: http://discord.gg/defcon

Forums: https://forum.defcon.org/node/231980

Accesability: DEF CON Safe Mode is FREE this year. You can go to the different rooms, participate in contests, events, listen to DJs and watch talks. Primarily uses text to send messages, uses the system emoji, use reactions, and you can listen to audio and video in channels that support them. However, Free Humans can upgrade to…Human Plus ($20). Same as Human with these additional permissions; You get a different role name to show you have supported Safe Mode, the ability to post pictures and embed links, you can use external emoji, you have the ability to change your nickname, join some Human Plus chill out rooms, and to engage with voice and video in the rooms that support it.

Tickets (Human Plus): https://plus.defcon.org/

Code Of Conduct: https://defcon.org/html/links/dc-code-of-conduct.html

DEFCON was started in 1993 by Dark Tangent (Jeff Moss) as a going away party for a friend who never showed. It has since grown to one of the biggest hacker security conventions around the world with over 20,000 attendees yearly.

For the health and safety of our community, the decision has been made to put DEF CON 28 into “safe-mode with networking”. The DEF CON in-person conference scheduled August 6–9, 2020 has been canceled. Even though the in-person Las Vegas event is canceled, DEF CON 28 Safe Mode August 7–9 (Friday through Sunday) will take place with a101 orientation Thursday — all of it remote.

Just like it’s physical counterpart, DEFCON Safe Mode is still what DEFCON 201 classifies it as a “Mega Convention” aka a convention with smaller mid-sized conventions nested in it. You will be covering many web-portals with a diverse mob of people with ten million activities going on all at once. It’s important to plan out each day, take your time and and be thankful that unlike the past this year you can see all of DEF CON Safe Mode at mostly your leasure since most of the content will be pre-recorded and archived. We highly suggest looking at their website and clicking around to give you a sense on what you would like to see!


What you need to access DEF CON SAFE MODE


You will need a Discord account to participate in the social aspects of SAFE MODE. You can find detailed instructions on getting on the DEF CON Discord server here. There is a FAQ for Humans on Discord as well. You can support DEF CON SAFE MODE and upgrade your account by purchasing the Human Plus role!

Join with the DEF CON Discord Server signup link: https://discord.gg/defcon


You will need to get on the DEF CON Twitch for live streamed talk Q&A sessions, evening fireside talks and evening contests. Not to mention the live entertainment!

YouTube/DEF CON Media Server

The Talks for DEF CON will be released daily on the DEF CON YouTube channel so you might want to susbscribe! They will also be released in torrents on https://media.defcon.org

Accessing talks

How to Access DEF CON SAFE Mode Talks and Q&A Sessions

DEF CON official presentations have been pre-recorded, and pre-released online individually and as a torrent on media.defcon.org and on our official YouTube channel.

The dates and times on the Speaker Page and Schedule Page are special live streamed Q&A sessions for each talk, as well as additional fireside lounges and panels. These sessions will be streamed on Twitch at https://www.twitch.tv/defconorg.

All discussions and attendee to speaker participation will be on the DEF CON Safe Mode Discord Server at: https://discord.com/channels/708208267699945503/733079621402099732

Main Tracks

DEF CON official presentations will be pre-recorded, each full day of talks will be pre-released online at midnight PDT (GMT -7) (GMT-7), as a torrent on media.defcon.org

Also watch the talks released everyday on YouTube: https://www.youtube.com/user/DEFCONConference

Track 1 Talks Chat

Q&A Schedule

Q&A Sessions will be streamed here

Speaker Q&A Live Chat — Ask a question

Fireside Lounge Panels

War Story Bunker & No Tech Talks


Master Channel (Alll Channels In One): https://multitwitch.tv/defconorg/defcon_dctv_one/defcon_dctv_four/defcon_music/defcon_chill/aivillage/biohackingvillage/blueteamvillage/bypassvillage/cryptovillage/dcpolicy/hackthesea/dchhv/hamradiovillage/ics_village/iotvillage/monerovillage/passwordvillage/paymentvillage/redteamvillage/roguesvillage/toool_us/votingvillagedc

DEF CON Streams

DEF CON org Twitch Stream // Schedule Newly Added
Hacker Jeopardy Twitch Stream Newly Added
DEF CON Music Twitch Stream
DEF CON Youtube Streams
DEF CON Chill Twitch Stream Newly Added
DEF CON TV One Twitch Stream Newly Added Short Films!!!!

DEF CON Village Streams

Blue Team Village Twitch Stream // Youtube Stream // Schedule
Red Team Village Twitch Stream // Youtube Stream // Schedule
Aerospace Village Twitch Stream // Youtube Stream // Schedule
BiohackingVillage Twitch Stream // Youtube Stream // Schedule
Career Hacking Village Twitch Stream // Youtube Stream Newly Added
Hack The Sea Twitch Stream // Youtube Stream // Schedule Newly Added
Car Hacking Village (Track1) Twitch Stream // Youtube Stream // Schedule Newly Added
Car Hacking Village (Track2) Twitch Stream // Youtube Stream // Schedule Newly Added
Car Hacking Village (CHV 101) Twitch Stream // Youtube Stream // Schedule Newly Added
CryptoVillage Twitch Stream // Youtube Stream // Schedule Newly Added
Ethics Village Twitch Stream // Youtube Stream // Schedule Newly Added
Wall of Sheep/Packet Hacking Village Twitch Steam // Youtube Stream // Schedule Newly Added
Recon Village Twitch Stream // Youtube Stream // Schedule Newly Added
Cloud Hacking Village Youtube Stream // Schedule Newly Added
Ham Radio Village Twitch Stream
ICS Village Twitch Stream
IoT Village Twitch Stream
ByPass Village Twitch Stream
Toool US/Lockpick Village Twitch Stream
Monero Village Twitch Stream
Payments Village Twitch Stream
Password Village Twitch Stream
AppSec Village Youtube Stream
cpxSatAmericas Twitch Stream
Voting Village Twitch Stream
Hardware Hacking Village Twitch Stream Newly Added
Rogues Village Twitch Stream
AI Village Twitch Stream Schedule Newly Added

Other Streams Related

Second Order Chaos Twitch Stream
Hacker Gameshow Twitch Stream
The Many Hats Club Twitch Stream
ZephrPhish Twitch Stream

(Thanks To AngusRed!)

Image for post
Image for post

DEFCON 201 will be streaming EVERY NIGHT of DEF CON Safe Mode!


Archvile: A Linux Perspective — Thursday, August 6th @ 7:00 PM EST

Dirty Jersey Represent: DEFCON 201 Show & Tell — Friday, August 7th @ 5:00 PM EST

EFF Trivia Night & DEF CON GROUPS TOUR LIVE — Friday, August 7th @ 8:00 PM EST

Crypto Barons — Saturday, August 8th @ 8:00 PM EST

DEF CON SAFE MODE LIVE — Sunday, August 9th @ 5:00 PM EST

Live Streams:

Twitch: https://www.twitch.tv/defcon201live

dLive: https://dlive.tv/defcon201

YouTube: https://www.youtube.com/channel/UCYDQaOHbK5trRU2CDgb0qSg

Invidious (TOR): http://axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion/channel/UCYDQa

Image for post
Image for post

This Year, DEFCON 201 and other DEFCON GROUPS from across the nation and around the world have put together our own virtual village…literally! We are hosting our own Virtual Reality space in a program called AltSpace VR and will be holding talks featuring various DEFCON GROUPS and also a way for us to all meet in person!


Image for post
Image for post



VR (3D or 2D): http://altspacevr.defcongroups.stream

Twitch: http://twitch.defcongroups.stream

YouTube: http://youtube.defcongroups.stream

Image for post
Image for post
Why yes, that is Jayson Street (Head of DEFCON GROUPS) wearing a VR Headset

Get AltSpace VR:

Steam (Windows 2D): https://store.steampowered.com/app/407060/AltspaceVR/

Linux Steam Proton (2D): https://www.protondb.com/app/407060

Windows Store (2D): https://www.microsoft.com/en-us/p/altspacevr/9nvr7mn2fchq?activetab=pivot:overviewtab

HTC Vive: https://store.steampowered.com/app/407060/AltspaceVRThe_Social_VR_App/

Windows Mixed Reality: https://altvr.com/altspacevr-on-windows-mixed-reality/

Occulus Rift(-S): https://www.oculus.com/experiences/rift/1072303152793390/

Occulus Quest: https://www.oculus.com/experiences/quest/2133027990157329

Occulus Go: https://www.oculus.com/experiences/go/941480505944712

Image for post
Image for post

Thursday, August 6th 7:00 PM EST — 9:00 PM EST

RSVP: https://sharethemicincyber.splashthat.com/


In response to anti-black racism and the deaths of countless black people, the country and the world are standing up against systemic racism. Many in the cybersecurity community have been searching for ways to amplify the voices of black and brown practitioners in the national security/foreign policy space. Inspired by the #ShareTheMic campaign on Instagram, Camille Stewart (@CamilleEsq on Twitter) and Lauren Zabierek (@LZXDC on Twitter) have teamed up to launch the #ShareTheMicInCyber Twitter campaign. On June 26, 2020, prominent members of the cybersecurity community will spend the day tweeting about a Black cybersecurity practitioner.

If you know a Black cybersecurity practitioner who you think should be profiled, reach out to Camille @CamilleEsq & Lauren @LZXDC on Twitter for more information.


Follow the hashtag #ShareTheMicInCyber & the participants.

Share the campaign with your network.

Retweet the professional stories of the Black Practitioners featured.

ACT. Find a way to support these practitioners and the countless other Black Practitioners in this space. Take steps to make the field more inclusive for EVERYONE & your work responsive to systemic racism.

Image for post
Image for post

DEF CON 28 Safe Mode Capture The Flag Competition

Every year we select the best CTF teams through a tough public qualifier game online. They then compete in an even tougher, live attack/defense CTF which will crown the best team in the league.

We’re planning to live-broadcast the scores and graphs during the game. Some services will also have a broadcast component, so you’ll be able to follow teams as they tackle that challenge and fight among themselves.

This year the playing schedule accommodates players in multiple timezones, so it doesn’t fully overlap with the conference. However, we’re going to provide recaps of the game and you’re welcome to join to get a pulse of how things are evolving.

Info: https://oooverflow.io
Discord: CTF area

Schedule (PDT GMT -7):

>> Friday 5 AM -> 1 PM (game)
>> Friday 2 PM: we’ll publicly recap the game progress
>> Friday 10 PM -> Saturday 6 AM (game)
>> Saturday 1 PM: public recap
>> Saturday 3 PM -> 11 PM (game)
>> Sunday 8 AM -> 4 PM (game)
>> Sunday noon: public recap (during the game)

Qualifying Teams

1. A*0*E (prequalified via PlaidCTF)

2. /bin/tw

3. Cykor (prequalified via CodeBlue)

4. HITCON⚔Balsn

5. koreanbadass

6. mhackeroni

7. More Bush Smoked Whackers (prequalified via CTFZone)

8. NorseCode

9. pasten (prequalified via 36C3)

10. PPP (prequalified by winning in 2019)

11. r3kapig

12. rpisec

13. Samurai

14. Shellphish

15. Star-Bugs (fmr. CandySweetGuys)

16. Tea Deliverers (prequalified via HITCON)

Image for post
Image for post


The brainchild of BiaSciLab from Girls Who Hack, after attending DEF CON 26 and hacking the election reporting system, she decided something needed to be done. Working with her computer security expert friends, she started Secure Open Vote to create an easy to use election system that uses open source software and hardware as well as hand marked paper ballots.


You goal is to change to vote results on our Secure Open Vote Reporting system. The site will be made LIVE during DEF CON 28.

If you are successful, you MUST report HOW you did it to us here at Secure Open Vote. You will then get your pick of sone of these sweet HAK5 Prizes!

WiFi Pineapple — LAN Turtle SD — Packet Squirrel — USB Rubber Ducky

We will make the decision as to if the site was successfully hacked or not.



Image for post
Image for post

Join The Cause

Use our online donation form today and become a member of EFF! If you become a member at the titanium level you can even choose to receive a limited-edition DEF CON Safe Mode T-Shirt! These shirts have a puzzle incorporated design. Try your hand at cracking it!

EFF Talks

Detecting Fake 4G Base Stations in Real Time

Watch on Youtube
Download from media.defcon.org
Cooper Quintin
Friday August 7 at 12:30 pm PT
In this talk we will tell you how 4G IMSI Catchers might work to the best of our knowledge, and what they can and can’t do. We demonstrate a brand new software project to detect fake 4G base stations, with open source software and relatively cheap hardware. And finally we will present a comprehensive plan to dramatically limit the capabilities of IMSI catchers (with the long term goal of making them useless once and for all).

Ask the EFF/Meet the EFA

Kurt Opsahl, Eva Galperin, Alexis Hancock, Rory Mir, Hannah Zhao, Nash, Emilie St-Pierre, Abi Hassen, Elliot, Tracy Rosenberg
Saturday August 8 at 7 pm PT
Join the Electronic Frontier Foundation — the nation’s premiere digital civil liberties group fighting for freedom and privacy in the computer age — for a candid chat about how the law is racing to catch up with technological change and discovery.

Then meet representatives from Electronic Frontier Alliance (eff.org/fight) allied community and campus organizations from across the country. These technologists and advocates are working within their communities to educate and empower their neighbors in the fight for data privacy and digital rights.

Tech Trivia Contest

Join us for some tech trivia! EFF’s team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will come in first place! All teams will win great EFF gear. Register a team for tech trivia today!

Looking for Help?

As in past years, EFF staff attorneys will be here to support the community. If you have legal concerns regarding an upcoming talk or sensitive infosec research that you are conducting at any time, please email info@eff.org. Outline the basic issues and we will do our best to connect you with the resources you need.

Read more about EFF’s work defending, offering legal counsel, and publicly advocating for technologists on our Coders’ Rights Project page.

Image for post
Image for post


The core and heartblood of the convention are the “Villages”. These are spaces inside of DEFCON that act as their own minature convention, including talks, contests, badges and swag. Many of them focus around a particular special interest. Here is a master list of almost every village at the convention plus a special hilight of one talk or activity they will have there.

Aerospace Village

DEF CON 28 Aerospace Village is a researcher led, non-profit whose mission is to build a diverse community focussed on the security of everything from airports, air traffic management, aircraft and space.

Discussion Forum: https://forum.defcon.org/node/230955

Village Schedule: https://aerospacevillage.org/def-con-28-schedule/

More Info:

AI Village

Location: AI village Discord Channel

Artificial Learning techniques are becoming more prevalent in core security technologies like malware detection and network traffic analysis. Its use has opened up new vectors for attacks against non-traditional targets, such as deep learning based image recognition systems used in self driving cars. There are unique challenges in defending and attacking these machine learning systems that the security community needs to be made aware of. This AI Village will introduce DEF CON attendees to these systems and the state of the art in defending and attacking them. We will provide a setting to educate DEF CON at large through workshops and a platform for researchers in this area to share the latest research.
Forum Link: https://forum.defcon.org/node/231058

Appsec Village

The AppSec Village welcomes all travelers to choose from talks by expert community members, an awesome AppSec-focused (CTF)2, online workshops, and more. Bring your thirst for knowledge and passion for breaking things, and your visit to AppSec Village will be a thrill!

Discussion Forum: https://forum.defcon.org/node/232292

Village Schedule: https://www.appsecvillage.com/agenda/2020

More Info:

BioHacking Village

Borne in 2014, the Biohacking Village started with a small space and a big idea: Bring the forefront of citizen science and biomedical security to the world’s biggest hacker conference. With partners such as the FDA and Mayo Clinic, the Biohacking Village has become a primary conduit for the healthcare community to engage positively and proactively with security researchers.

Device Lab:
A high-collaboration environment to build trust and trustworthiness in healthcare, connecting security researchers, manufacturers, hospitals, and regulators, to learn from each other and develop their skills. Device Lab research benefits patients by providing manufacturers valuable feedback on cyber safety of their devices with high fidelity.

Speaker Lab:
Our speakers hail from varying fields in the biomedical ecosystem to engage security researchers and healthcare stakeholders. We welcome self made entrepreneurs, security researchers, inventors, government regulators makers, innovators to discuss real world solutions to some of humanity’s most pressing challenges and opportunities in the areas of health, security, and technology.

Catalyst Lab:
The Catalyst Lab provides the opportunity to interact with outstanding faculty, thought leaders and cutting edge experts in the biomedical industry who provide up-to-date advice and training in the developing field of translational medicine by fostering leadership, entrepreneurship, and commercialization activities.

Discussion Forum: https://forum.defcon.org/node/230956

Village Schedule: https://villageb.io

More Info:

Blockchain Village [BCOS Village]

Forum Link: https://forum.defcon.org/node/233036

Blue Team Village

Blue Team Village is returning for our third DEF CON! Focusing on the defensive side of hacking, we aim to offer our Safe Mode community the same kind of talks and workshops that you would experience in person, adapted for this year’s remote circumstances. Likewise, we’ll be seeing the return of our popular OpenSOC CTF — the schedule can be found on our website at blueteamvillage.org. Come join us to learn about defensive-side hacking, and join our community of like-minded hackers for fun, learning, and mentorship.

OpenSOC CTF starts 08/06 at 10:00 PT runs for 65 hours.

BTVMaskCon start 08/06 at 11:00 PT runs for 55 hours.

Discussion Forum: https://forum.defcon.org/node/231059

Village Schedule: https://cfc.blueteamvillage.org/call-for-content-2020/schedule

More Info:

Car Hacking

Learn, hack, play. The Car Hacking Village is an open, collaborative space to hack actual vehicles (this year virtually) that you don’t have to worry about breaking! Don’t have tools? No worries, since our challenges are virtual this year, you will only need a web browser and terminal access to access our challenges. Never connected to a car? We’ll show you how. Follow our CHV101 section to learn the basics of car hacking.

Additionally, we’ll be hosting multiple talks about the art of hacking automobiles and have launched a really cool Automotive Ethernet badge!!

To find out more about how we will be going virtual this year, please head on over to https://www.carhackingvillage.com/def-con-28

We also have great Car Hacking Village swag!! Head on over to our store and order today!! https://stores.customink.com/carhackingvillage

Discussion Forum: https://forum.defcon.org/node/230957

More Info:

Cloud Village

Cloud village is an open platform for researchers interested in area of cloud security. We plan to organize talks, tool demos, CTF and workshops around Cloud Security and advancements.

Discussion Forum: https://forum.defcon.org/node/232293

Village Schedule: https://cloud-village.org

More Info:

Crypto & Privacy Village

A place for puzzles, privacy, and pseudorandom permutations. We will be streaming talks on a variety of cryptography and privacy topics, as well as hosting our annual Goldbug puzzle. The Gold Bug starts Friday at 10am PT until Sunday 12pm PT

Discussion Forum: https://forum.defcon.org/node/231014

Village Schedule: https://cryptovillage.org/dc28/schedule

More Info:

Data Duplication Village

Yes, the Data Duplication Village is back for DC 28! If you’re looking for something to fill up all your unused storage, may I recommend a nice hash table or two with a side of all of the DefCon talks and everything else on infocon.org? It’s all part of our “free-to-you” service of simply handing you terabytes of useful data.

Check the schedule and/or dcddv.org for up-to-date information.

Ethics Village

The DEFCON Ethics Village is focused on fostering a discussion about ethics in the security domain. Unlike the professions of medicine and law, information security does not have a codified standard of ethics. Professionals in information security have yet to agree upon common ethical principles and many remain unconvinced of the possibility of establishing a universal framework that can address the realm of information security.
Forum Link: https://forum.defcon.org/node/232701

Hack the Sea

Reverse-engineers, makers, and hackers of all kinds are welcome to join us as Hack The Sea 2.0 — Voyage to Discovery continues the journey we began at DEF CON 27. Our core partners and volunteers will return to provide an expanded opportunity for attendees to explore the world of maritime industrial control systems, communications, and operational technology.

Our ship-based Capture the Flag (CTF), hands-on workshops, and talks by an international panel of experts, will bring an ocean of learning and fun to Las Vegas. A special focus this year will be on Unmanned Undersea Vehicles (UUVs), autonomous “floaters”, and other technology highlighting the growing role of robots in maritime.
Forum Link: https://forum.defcon.org/node/232914

Ham Radio Village

Ham Radio is all about overcoming obstacles and communicating over long distances without physical contact. That’s why Ham Radio Village is excited to return for a second year as part of DEF CON “Safe Mode”. Join us on the DEF CON discord where we will be giving everyone the opportunity to learn more about ham radio than they do today.
Discussion Forum: https://forum.defcon.org/node/231060

More Info:


A basic bar to working with embedded electronics is learning to properly meld metal, creating both a electrical and physical bond. You can only get so far with a breadboard and wires hanging out everywhere. At some point you will need to take the device out of the lab and introduce it to the rigors of the world. We supply the irons and the skills to help you, whether that is your first time fusing metal or getting those lead wires on a UART breakout. Details @ dcssv.org
Forum Link: https://forum.defcon.org/node/232704

ICS village

Connecting public, industry, media, policymakers, and others directly with ICS systems and experts.

Hack the Plan[e]t Capture the Flag (CTF) contest will feature Howdy Neighbor and the Industrial Control System (ICS) Range. Building off of last year’s, the CTF will integrate both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge.
Discussion Forum: https://forum.defcon.org/node/232698

Village Schedule: https://www.icsvillage.com/schedule-def-con-28

More Info:

IOT Village

IoT Village advocates for advancing security in the Internet of Things (IoT) industry through bringing researchers and industry together. IoT Village hosts talks by expert security researchers, interactive hacking labs, live bug hunting in the lastest IoT tech, and competitive IoT hacking contests. Over the years IoT Village has served as a platform to showcase and uncover hundreds of new vulnerabilities, giving attendees the opportunity to learn about the most innovative techniques to both hack and secure IoT. IoT Village is organized by security consulting and research firm, Independent Security Evaluators (ISE), and the non-profit organization, Village Idiot Labs (VIL).
Discussion Forum: https://forum.defcon.org/node/230960

Village Schedule: https://www.iotvillage.org/#dc28_schedule

More Info:

Lock Bypass Village

The Lock Bypass Village explores the world of hardware bypasses and techniques generally outside of the realm of cyber security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself.
Discussion Forum: https://forum.defcon.org/node/232070

More Info:

Lock Picking Village

Want to tinker with locks and tools the likes of which you’ve only seen in movies featuring secret agents, daring heists, or covert entry teams? Then come on by the Lockpick Village, run by The Open Organisation Of Lockpickers, where you will have the opportunity to learn the hands-on how the fundamental hardware of physical security operates and how it can be compromised.

The Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities.

Experts will be on hand to demonstrate and discuss pick tools, and other devices that are generally available. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sportpicking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.

Discussion Forum: https://forum.defcon.org/node/232909

More Info:

Monero Village

The Monero project is a privacy ecosystem which consists of several cryptocurrency relevant projects and workgroups. The village presents technology serving privacy-conscious novice and advanced cryptocurrency users, inviting participation in a well-equipped and comfortable environment.

Aside from village keynotes, panels, workshops, and networking programs, please visit our channel on Defcon Discord to chat about cryptocurrencies, blockchains, and privacy with leading experts. A variety of privacy projects, wallets, electronic badges, and village educational materials are made available for exploration. The Monero Village is curator of the Intervillage Badge this year.

Discussion Forum: https://forum.defcon.org/node/232221

Village Schedule: https://www.monerovillage.org/dc28/schedule/

More Info:

NEW! Career Hacking

How do you get to the next level in your career? What if you want to drastically change your skill set? The Career Hacking Village isn’t just about getting ready for your next step. We have career coaching, resume reviews, mock interviews, and a great set of speakers representing different opportunities. Don’t just do it for money. Do it for a lot of money! Or experience! Or Fun! Maybe all of the above!

Discussion Forum: https://forum.defcon.org/node/232220

More Info:

NEW! Payment Village

Payment technologies are an integral part of our lives, yet few of us know much about them. Have you ever wanted to learn how payments work? Do you know how criminals bypass security mechanisms on Point of Sales terminals, ATM’s and digital wallets? Come to the Payment Village and learn about the history of payments. We’ll teach you how hackers gain access to banking endpoints, bypass fraud detection mechanisms, and ultimately, grab the money!

Discussion Forum: https://forum.defcon.org/node/232911

Village Schedule: https://www.paymentvillage.org/schedule

More Info:
https://twitter.com/paymentvillageNEW! The Password Village
Forum Link: https://forum.defcon.org/node/232910

NEW! The Password Village

The Password Village provides training, discussion, and hands-on access to hardware and techniques utilized in modern password cracking, with an emphasis on how password cracking relates to your job function and the real world . No laptop? No problem! Feel free to use one of our terminals to access a pre-configured GPGPU environment to run password attacks against simulated real-world passwords. Village staff and expert volunteers will be standing by to assist you with on-the-spot training and introductions to Hashcat, as well as other FOSS cracking applications. Already a password cracking aficionado? Feel free to give a lightning talk, show off your skills, help a n00b learn the basics, or engage in riveting conversation with other password crackers. Regardless of whether you’re just a little hash-curious, a veteran cracker still relying on rainbow tables, a novice desiring to learn more, or an expert eager to share, we guarantee there will be something for everyone at the Password Village!

Discussion Forum: https://forum.defcon.org/node/232910

Village Schedule: https://passwordvillage.org/schedule

More Info:

Packet Hacking Village

The Packet Hacking Village welcomes all DC Safe Mode attendees and we have something for every level of security enthusiast, from beginners to those seeking a black badge. PHV Speakers, Workshops, and Walkthrough Workshops delivers high quality content for all skill levels. Packet Detective and Packet Inspector offers hands-on exercises to help anyone develop or improve their Packet-Fu. WoSDJCo has some of the hottest DJs at con spinning virtual for your enjoyment. And finally… Capture The Packet, the ultimate cyber defense competition that has been honored by DEF CON as a black badge event for nearly a decade.

Discussion Forum: https://forum.defcon.org/node/230961

Village Schedule: https://www.wallofsheep.com/pages/dc28

Policy Village

DEF CON Policy supports education and dialogue across the security researcher and public policy communities.

Discussion Forum: https://forum.defcon.org/node/230961

Village Schedule: https://www.wallofsheep.com/pages/dc28

More Info:
Twitter: #DC28Policy

Recon Village

Recon Village is an Open Space with Talks, Live Demos, Workshops, Discussions, Beginner Sessions, CTFs with a common focus on Reconnaissance. The village is meant for professionals interested in areas of Open Source Intelligence (OSINT), Threat Intelligence, Reconnaissance, and Cyber Situational Awareness, etc. with a common goal of encouraging and spreading awareness around these subjects.

For SAFE MODE we will be running a bunch of OSINT / RECON talks as well as our RECON CTF.

Website: https://reconvillage.org Twitter: https://twitter.com/reconvillage Recon CTF — Friday 10 AM to Saturday 11 PM Talks Schedule (To be published soon on the website, I will ill share the link as we announce it).

Discussion Forum: https://forum.defcon.org/node/230962

Red Team Village

The DEF CON Red Team Village is a community-driven effort for and by the offensive security community members (red teams and ethical hackers). The goal of the village is to expand the spectrum of red team and offensive security training, as well as to create opportunities for individuals to both, present and learn. The DEF CON Red Team Village community creates different activities including many technical presentations, hands-on workshops, trainings, demos, capture the flag (CTF), games, and other activities from participants.

Discussion Forum: https://forum.defcon.org/node/231062

Village Schedule: https://RedTeamVillage.io/schedule.html

More Info:

Rogues Village

Rogues Village is a place to explore alternative approaches to existing security concepts by looking to non-traditional areas of knowledge. Incorporating expertise from the worlds of magic, sleight of hand, con games, and advantage play, this village has a special emphasis on Social Engineering and Physical Security.

Discussion Forum: https://forum.defcon.org/node/232739

More Info:

Social Engineering Village

Established at DEF CON 18 the SEVillage at DEF CON has been the one-stop shop for all things social engineering. From our humble beginnings with a small room and our sound proof booth to now running 4 events and a “Human Track” where social engineering talks are given. The SEVillage at DEF CON is the place for not only our flag ship event, the Social-Engineer Capture The Flag (The SECTF), but also Mission SE Impossible, the SECTF4Kids and the SECTF4Teens!

Discussion Forum: https://forum.defcon.org/node/232915

Voting Machine Hacking Village

The Voting Machine Hacking Village (“Voting Village”) returns for its fourth year at DEF CON! As the only public third-party assessment of voting infrastructure in the world, the Voting Village attracts thousands of white hat hackers, government leaders, and members of the media to partake in the mission of rigorously researching voting systems and raising awareness of voting vulnerabilities.

The Voting Village gives hackers a unique opportunity to directly audit voting machines and other election equipment. With the 2020 elections looming and efforts to combat election vulnerabilities ongoing at the state and federal levels, the educational mission of the Voting Village remains as critical as ever.

Discussion Forum: https://forum.defcon.org/node/230966

Wireless Village

The Wireless Village is run by the RF Hackers Sanctuary as an environment where people come to learn about the security of radio frequency (RF) transmissions which includes wireless technology, applications of software defined radio (SDR), Bluetooth (BT), Zigbee, WiFi, Z-wave, RFID, and all other protocols within the useable RF spectrum. RF Hackers Sanctuary is supported by a group of experts in the areas of information security as it relates to RF technologies. RF Hackers Sanctuary’s common purpose is to provide an environment in which participants may explore these technologies with a focus on improving their skills through offense and defense. These learning environments are provided in the form of guest speakers, panels, and Wireless Capture the Flag games.

Discussion Forum: https://forum.defcon.org/node/231064


AppSec Village CTF

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

CTFs test your skills, challenge your ingenuity and push mental boundaries. But what is even MORE AWESOME than a regular CTF?

A (CTF)2!! A competition that stretches your creative mind as a task author and makes you step up your game as a task player. This year, AppSec Village @ DEF CON 28 invites you to compete in both roles!

More Info: https://www.appsecvillage.com/
Discord: https://discord.com/channels/708208267699945503/728703600586522739
Twitter: @appsec_village

Be the Match — registration drive

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

Be the Match registration drive is returning once again! Swing by and check out one of the coolest biohacks out there, and how you could be the next person to save a life through cellular therapy.

More Info: https://bethematch.org
Discord: https://discord.com/channels/708208267699945503/711643405004046457

Bio-Hacking — Hospital Under Siege

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

Adversaries have gained a foothold in your local hospital and are increasing their control over clinical systems and medical devices. Soon they make it clear they’re not after patient records or financial information, but are out to disrupt care delivery and put patients lives at risk. Your team received an urgent request to use your blue, red, and purple team skills to defend against the escalating attacks, attempt to unmask the adversary, and — above all — protect patient lives.

Hospital Under Siege is a scenario-driven Capture the Flag contest run by the Biohacking Village, pitting teams of participants against adversaries and against a clock, to protect human life and public safety. Participants will compete against each other on both real and simulated medical devices, in the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. Teams of any size are welcome, as are players from all backgrounds and skill levels. Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others. You will hack actual medical devices and play with exotic protocols like DICOM, HL7 and FHIR.

More Info: https://www.villageb.io/
Discord: https://discord.com/channels/708208267699945503/711643365120278540
Twitter: @DC_BHV

Capture The Packet (CTP)

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

Come compete in the world’s most challenging cyber defense competition based on the Aries Security Cyber Range. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth, so only the best prepared and battle hardened will escape the crucible.

Follow us on Twitter or Facebook (links below) to get notifications for dates and times your team will compete, as well as what prizes will be awarded.

@capturetp, @wallofsheep

More Info: https://www.capturethepacket.com/
@capturetp, @wallofsheep

Car Hacking Village CTF

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

Come learn, hack, play at the Car Hacking Village. The village is an open, collaborative space to hack actual vehicles that you don’t have to worry about breaking! Don’t have tools? We’ll loan you some. Never connected to a car? We’ll show you how. Don’t know where the controllers are? We’ll show you how to take it apart.

Additionally we’ll host a Donkey Car race. Check out our web site for up to date info.

Want to race? Check out of full car simulator(s).

Want to learn more about automotive hacking and cyber security? Check out our talks.

Want to hack mobility scooters? Yes! We’ll do that to.

Also, check out the CHV CTF.

More Info: https://www.carhackingvillage.com/

CMD+CTRL CyberRange

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

CMD+CTRL has evolved! Slip into an immersive scenario, spanning an entire corporate cloud environment. Intelligent chatbots acting as skilled hackers will guide you every step of the way, as you perform recon, social engineering, data exfiltration, privilege escalation and much more. Move through websites, servers, accounts and cloud services, all in an effort to thwart an evil CEO and corrupt corporation. Just don’t get caught, or you may have to burn it all down to cover your tracks!

Discord: https://discord.com/channels/708208267699945503/711643642388807800

Crack Me If You Can (CMIYC)

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

In its tenth year, the premier password cracking contest “Crack Me If You Can” is returning to DEFCON. The world’s best password cracking teams are assembled and are awaiting the hardest 48 hours of their year.

Every year, the contest has a different surprise/twist. One year it was all international passwords, last year it was password rotation and BCRYPT, and 10 years ago it was capital letters. Oh the humanity!

This year the teams will be cracking hashes, generated by the CMIYC team, using plain-texts donated by famous hackers and Internet founders. Time for you to test your password cracking skills against your heroes.

Teams have 48 hours to crack as many passwords as possible using what ever resources they can legally assemble. Teams are split into “PRO” (for the large, professional password cracking teams) and “STREET” for smaller teams, or beginners.

Each year the “Crack Me If You Can” team gives away hundreds of free password cracking shirts in the Contest area.


More Info: https://contest-2020.korelogic.com/

(Before Con) Creative Writing Short Story Contest

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

The DEF CON Short Story contest is a pre-con contest that is run entirely online utilizing the DEF CON forums and subreddit. This contest follows the theme of DEF CON for the year and encourages hackers to roll up their sleeves and write the best creative story that they can. The Short Story Contest encourages skills that are invaluable in the hacker’s world, but are sometimes overlooked. Creative writing in a contest setting helps celebrate creativity and originality in arenas other than hardware or software hacking and provides a creative outlet for individuals who may not have another place to tell their stories.

Discord: https://discord.com/channels/708208267699945503/711643275584340069


Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

The year is 20X5 and humanity has fallen: now there are only Coindroids. The machines we designed to manage our finances have supplanted and destroyed the human race by turning our own economy against us. Now they battle each other in the ruins of our fallen cities, driven by a single directive: money is power.

Battle your way to the top of the leaderboard by attacking rival droids and completing hidden challenges.

New to cryptocurrencies? No DEFCOIN to play with? Not a problem! Just come visit our booth in the contest area and we can help get you started.

More Info: https://www.coindroids.com

Darknet Contest

Thursday: 0900 to 1800 PDT (GMT -7),Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1200 PDT (GMT -7)

Here at Darknet, We are a Real Life (RL) Massively Multiplayer Online Role Playing Game (MMORPG), where we teach you real life skills and you get in-game points for it. Some may call this Gamified learning. We assume no prior knowledge on a subject, teach you the basics, then challenge you to use what you have learned. Our contest has a range of quests, starting with simple tasks and working your way up to very complex problems.

In the past we have taught you how to lock pick, crack wifi, create a PGP Key and communicate online safely, as well as soldering, programming, and code cracking, just to name a few.From there we would have sent you on quests to go to the different villages to learn something from them, and then come back and test your skills.

But alas, we have been forced underground… And while the physical aspect of the conference has moved online, so have we. This year we will be focusing on the skills you will learn, past skills you will refresh, and your interactions with the community. There will not be a points scoreboard this year. Many of you who have previously bought the Darknet 8 Badge have not unlocked the full features. We have quests for you to learn how to interact, develop, and reprogram it. It’s time to Learn, Teach, and Play Agents, are you ready?

More Info: https://dcdark.net/
@DCDarknet, @Holon_Network

DEF CON Scavenger Hunt

Friday: 1000 to 2000 PDT (GMT -7), Saturday: 1000 to 2000 PDT (GMT -7), Sunday: 1000 to 1200 PDT (GMT -7)

While everyone in the world finds themselves socially distanced and in some level of quarantine, we are bringing the DEF CON Scavenger Hunt to you. As this year is so different, teams will be limited to one person.

The list will drop at 10AM on Friday, with items to produce and tasks to accomplish until the game ends at noon on Sunday. You will be competing for glory, bragging rights, and prizes (that you can pick up at the table, during the next in-person DEF CON).

More Info: http://defconscavhunt.com/

EFF Tech Trivia Pub Quiz

Friday: 1700 to 1900 PDT (GMT -7)

EFF’s team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Plaque and EFF swag pack. The second and third place teams will also win great EFF gear.

More Info: https://eff.org

The Gold Bug — Crypto and Privacy Village Puzzle

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

Love puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon — and questioning how deep the layers of cryptography go.

The Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all — and drop by for some kids’ puzzles too! PELCGBTENCUL VF UNEQ

More Info: https://goldbug.cryptovillage.org/


Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

Hackfortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers, TF2 players duke it out while hackers are busy solving puzzles. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store.

More Info: http://hackfortress.net


Friday: 0900 to 2359 PDT (GMT -7), Saturday: 0000 to 2359 PDT (GMT -7), Sunday: 0000 to 1600 PDT (GMT -7)

The United States Air Force, in conjunction with the Defense Digital Service, presents this year’s Space Security Challenge, Hack-A-Sat. This challenge asks hackers from around the world to focus their skills and creativity on solving cybersecurity challenges on space systems.

Security experts from around the globe are invited to pull together a team for our Hack-A-Sat Capture the Flag contest. Participants who successfully complete a set of qualification challenges on cybersecurity and space this spring will be invited to the ultimate challenge: to (ethically) hack a satellite.

More Info: https://www.HackASat.com/

H@cker Runw@y

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

For the second year, H@ck3r Runw@y is bringing together fashionistas out there. Make it SMART, LIGHT it up, OBFUSCATE something, or be GEEKY on fleek. Enter clothing, shoes, jewelry, hats or accessories. If you wear it, the runway can handle it. Predesign entry or create something on the fly. Just do it before the stage and bring proof.

Awards will be handed out in 4 categories for predesign and one (1) for anything designed during contest hours. There will also be a People’s Choice category where the winner is anyone’s guess:

Digital (electronic, led, etc)
Smart wear (interactive, temperature sensing, mood changing, etc)
Aesthetics (3d printed, geeky wear, passive design)
Miscellaneous (obfuscation, lock picks, shims, card skimmers)
Live creations
People’s Choice

Judgement based on, but not limited to:


More Info: hack3rrunway.github.io

Ham Exams

Friday: 1100 to 1700, Saturday: 1400 to 1700, Sunday: 1500 to 1700

Pre-register to take your ham radio exam remotely from the comfort of your home or wherever you happen to be and get your amateur radio license or upgrade to a new class! The fee is only $5 for DEFCON, if you happen to be a minor under 18, a student with student ID, active military or vet the fee is waived!

Friday: https://ham.study/sessions/5f0e7677295c50941c2cad5f/1

Discord: https://discord.com/channels/708208267699945503/732733631667372103

HomebrewHardware Contest

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

Have you learned how to build your own hacking hardware at home? Are you etching circuit-boards in your lab, or soldering in a toaster oven in your garage? Are you hosting a MUD on your helmet, or making malicious USB hardware? Did you make something to help you in your everyday life, a unique wearable, or something really nefarious? Are you discovering what old boards do, bending circuits, or re-appropriating the innards of your local e-waste?

We want to see the awesome things you’ve been building over the last year.

The HomebrewHardware competition is a place to showcase your skill, techniques, and project.

Check our website and twitter for this year’s rules.

More Info: https://homebrewhardwarecontest.github.io/

ICS Hack the Plan[e]t

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

Hack the Plan[e]t Capture the Flag (CTF) contest will feature Howdy Neighbor and the Industrial Control System (ICS) Range. Building off of last year’s, the CTF will integrate both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge.

Howdy Neighbor is an interactive IoT CTF challenge where competitors can test their hacking skills and learn about common oversights made in development, configuration, and setup of IoT devices. Howdy Neighbor is a miniature home — made to be “smart” from basement to garage. It’s a test-bed for reverse engineering and hacking distinct consumer-focused smart devices, and to understand how the (in)security of individual devices can implicate the safety of your home or office, and ultimately your family or business. Within Howdy Neighbor there are over 25 emulated or real devices and over 50 vulnerabilities that have been staged as challenges. Each of the challenges are of varying levels to test a competitors ability to find vulnerabilities in an IoT environment. Howdy Neighbor’s challenges are composed of real or simulated devices controlled by an App or Network interface and additional hardware sensors; each Howdy Neighbor device contains multiple staged vulnerabilities which when solved present a key for scoring/reporting that it was discovered.

In the same vein, this CTF challenge will also leverage the ICS Village’s ICS Ranges including physical and virtual environments to provide an additional testbed for more advanced challenges in critical infrastructure and ICS environments. New this year, there will be integrated elements from DHS/CISA with their newly built mobile environments that are realistically miniaturized assets (ie — operational oil and natural gas pipeline, etc.) and will be the first they’ll be opened to the public for hacking.

More Info: https://www.icsvillage.com

Defcon Ham Radio Fox Hunting Contest

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

- In the world of amateur radio, groups of hams will often put together a transmitter hunt (also called “fox hunting”) in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. Each transmitter will provide a clue or one time use ticket which will prove the player found the fox transmitter. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. A small prize to be determined will be given to each participant who locates all of the foxes each day. In previous years a custom made embroidered velcro-backed patch was given out or a “fun” trophy. The patches are always a big hit so it’s likely we’ll do that again this year if selected.

More Info: defcon27foxhunt.com

OpenSOC Blue Team CTF

Friday: 1000 to 2359 PDT (GMT -7), Saturday: 0000 to 2359 PDT (GMT -7), Sunday: 0900 to 1200 PDT (GMT -7)

OpenSOC is a Digital Forensics, Incident Response (DFIR), and Threat Hunting challenge meant to teach and test practical incident response skills in an environment that closely resembles a real enterprise network. This virtual environment is representative of what you would find in an enterprise network, including: workstations, servers, firewalls, email, web browsing, user activity, etc. Simulated users are browsing the Internet, downloading files, watching videos, and accessing LAN resources. This creates a high-fidelity training environment for unleashing real-world attacks and testing responders’ abilities to filter and detect malicious activity on the network. This isn’t just another CTF. We’ve built this platform to train real-world responders to handle real-world situations, and each year we incorporate new scenarios that are modeled after threat actors and breaches experienced by the OpenSOC team. From APT attacks using 0-days and heavily weaponized shellcode to sneaky lateral movement and exfiltration techniques, we expose contestants to a wide-range of techniques that we see actively used in the wild.We encourage team participation, and always have folks on hand to assist those just getting started out.Even better — 100% of the security tools demonstrated within OpenSOC are Free and/or Open Source! These projects include Velociraptor, Sysmon, osquery, Suricata, Moloch, pfSense and Graylog + ELK bringing it all together in an awesome way. This allows our contestants to not only have fun at DEF CON, but also learn skills and tools they can take back to work on Monday.

The Challenge:· Given an initial IOC (indicator of compromise), identify attacks that are being carried out against and within the enterprise environment, pivoting between key artifacts· Trace the attackers throughout the kill chain, submitting key IOCs and observables to the scoreboard as you reveal their tactics.· Reverse engineer any artifacts connected to hostile activities.· Perform forensics analysis on PCAPs (Packet Captures), memory images, etc.· Win awesome prizes, learn new skills, and get experience with some of the best Open Source tools for SecOps!

More Info: https://opensoc.io

Online MUD — EvilMog

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

DEFCON MUD is live and will be running until the day after defcon closing ceremonies. The game has gotten harder, players get 3 lives and their characters get deleted. Full details at https://mog.ninja

More Info: https://mog.ninja, https://ctf.mog.ninja

The Schemaverse Championship

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

The Schemaverse [skee-muh vurs] is a space battleground that lives inside a PostgreSQL database. Mine the hell out of resources and build up your fleet of ships, all while trying to protect your home planet. Once you’re ready, head out and conquer the map from other DEF CON rivals.

This unique game gives you direct access to the database that governs the rules. Write SQL queries directly by connecting with any supported PostgreSQL client or use your favourite language to write AI that plays on your behalf. This is DEF CON of course so start working on your SQL Injections — anything goes!

More Info: https://schemaverse.com

SEATF: Maritime Hacking CTF

Friday: 0600 ot 1600 PDT (GMT -7), Saturday: 0600 ot 1600 PDT (GMT -7), Sunday: 0600 ot 1600 PDT (GMT -7)

Fathom5’s Maritime-Industrial CTF event allows competitors to gain hands-on experience hacking real maritime hardware in a controlled environment using Fathom5’s Grace maritime cybersecurity testbed. Grace is an accessible, realistic configuration of maritime systems where competitors complete challenges in a simulated afloat environment, with real ICS components and fieldbus protocols. The Grace testbed replicates a series of different maritime-industrial environments, including navigation, fire main, and hydraulic steering systems. The testbed makes both physical and simulated components available to competitors in order to replicate performance of maritime systems at lifelike scale. The CTF challenges scale from novice to expert-level on both IT and OT fronts such that competitors can gain experience on either side of the system. This CTF event has been deployed at DEFCON 27 (Aug 2019) as part of the Hack The Sea Village v1.0 and at HACKtheMACHINE-NYC (Sept 2019). It is also planned for to be deployed at DEFC ON 28 and HACKtheMACHINE- Atlanta in Aug 2020. This CTF can support approximately 20 teams of 3–5 individuals concurrently and typically takes 14 hours for skilled teams to navigate the challenges. The number of teams, size of teams, and depth of challenges can be adjusted to fit within host event timelines.

Discord: https://discord.com/channels/708208267699945503/711644244753776640

IoT Village’s SOHOpelessly Broken CTF Contest

Friday: 1000 to 1700 PDT (GMT -7),Saturday: 1000 to 1700 PDT (GMT -7), Sunday: 1000 to 1400 PDT (GMT -7)

In this 3 time DEF CON Black Badge CTF hosted in IoT Village, players compete against one another by exploiting off-the-shelf IoT devices. These 25+ devices all have known vulnerabilities, but to successfully exploit these devices requires lateral thinking, knowledge of networking, and competency in exploit development. CTFs are a great experience to learn more about security and test your skills, so join up in a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.

More Info: https://www.iotvillage.org/


Friday: 0900 to 2359 PDT (GMT -7), Saturday: 0000 to 2359 PDT (GMT -7), Sunday: 0000 to 1200 PDT (GMT -7)

It’s Election 2020! The national vote-by-phone polls are about to open and it’s a knock down, drag-out battle of political wits between Presidential candidates Michael Key and Founder Jack Carson, VC. DEF CON hackers, team up and take to the phones: lie, cheat, and steal your way to the ultimate victory. Every hacker vote counts — so vote early and often!

More Info: https://telechallenge.org

ULTIMATE Secure Coding Throwdown

Friday: 0900 to 2359 PDT (GMT -7), Saturday: 0000 to 2359 PDT (GMT -7), Sunday: 0000 to 1600 PDT (GMT -7)

Are. You. Ready? Head to the AppSec battlefield and prove that you are the ultimate secure coding champion. Go head-to-head with your peers as you test your web application security knowledge of the OWASP Top 10. Strut your skills. Crush the competition. Score excellent prizes and take home the title of Secure Code Warrior!

Players will be presented with a series of vulnerable code challenges that will ask them to identify the problem, locate the insecure code, and fix the vulnerability. Select from a range of software languages to complete the tournament, including Java EE, Java Spring, C# MVC, C# WebForms, Ruby on Rails, Python Django, Scala Play & Node.JS. It’s gamified, it’s relevant, but most of all — it’s fun.

Watch as you earn points and climb to the top of the real-time leaderboard during the event. Prizes will be awarded to the top 3 point scorers, with one security superhero being crowned the ultimate Secure Code Warrior. Will it be you?

Psst: Want to test your secure coding skills at your own pace, without the competition? You’re welcome to come along and join the fun

More Info: SCW.IO/Trial

Wireless Capture the Flag

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0900 to 1700 PDT (GMT -7)

Do you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?

RF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Wireless Capture the Flag (WCTF) at DEF CON.

We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The WCTF can be completely done with a little knowledge, a pen tester’s determination, and $40 or $4000 worth of equipment; the key is to read the clues and determine the goal of each challenge.

Each WCTF event begins with a presentation: How to WCTF. There will be clues everywhere, and we will provide periodic updates. Make sure you pay attention to what’s happening at the WCTF desk, on Twitter @wctf_us, @rfhackers, and the interwebz, etc. If you have a question — ASK! We may or may not answer at our discretion.

More Info: https://wctf.us/

Whose Slide is It Anyway

Saturday: 2000 to 2200 PDT (GMT -7)

“Whose Slide Is It Anyway?”” is an unholy union of improv comedy, hacking and slide deck sado-masochism. Our team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.

Whether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, it’s a night of schadenfreude for the whole family.

Oh, and prizes. Lots and lots of prizes.

Sign ups will be the day of the contest with some special ways to secure your spot early.

Discord: https://discord.com/channels/708208267699945503/711644337942822925

lo57 Mystery Challenge

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0000 to 1600 PDT (GMT -7)

Discord: https://discord.com/channels/708208267699945503/732439421973954571


Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0000 to 1600 PDT (GMT -7)

Discord: https://discord.com/channels/708208267699945503/732439527213367346

Social Engineer SECTF4Teens

Friday: 0900 to 1800 PDT (GMT -7), Saturday: 0900 to 1800 PDT (GMT -7), Sunday: 0000 to 1600 PDT (GMT -7)

Discord: https://discord.com/channels/708208267699945503/726609125760434176


Image for post
Image for post


DEF CON Muisc will have it’s own LIVE Stream this year and feature prominate artist & favorite DJ’s from the hacker community!

Listen: https://www.twitch.tv/defcon_music

Discord Entertainment Chat: https://discord.com/channels/708208267699945503/735624334302904350
DEF CON Forums discussion: https://forum.defcon.org/node/230970

Terrestrial Access Network

Friday from 18:00–19:00 PDT (GMT -7) on the DEF CON Music Twitch

If packets could dance, they would surely dance to this…

Artist Info:

Acid T

Friday from 19:00–20:00 PDT (GMT -7) on the DEF CON Music Twitch

DEF CON 28 may be cancelled, but our parties cannot be stopped! Tune in for a massive virtual party that will shake the NET

Artist Info:

Twitter: @DJ_Sm0ke

Icetre Normal

Friday from 20:00–21:00 PDT (GMT -7) on the DEF CON Music Twitch

Icetre has been a premier jubilation hacker, and party host since DEF CON X. People are still talking about the various shenanigans he’s orchestrated and videos he’s played. Even with this long history, it’s still amazing how many people have to still tell him to turn it down. For what?

Artist Info:

Zebbler Encanti Experience

Friday from 21:00–22:00 PDT (GMT -7) on the DEF CON Music Twitch

Zebbler Encanti Experience (aka ZEE) is an audio/visual collaboration between video artist Zebbler and electronic music producer Encanti, based out of Boston and the Scottish Highlands. The Experience is a performance of mapped visuals on three custom winged projection screens, synchronized with heavy peak-hour psychedelic bass music, resulting in the creation of an immersive A/V fantasy world.


Friday from 22:00–23:00 PDT (GMT -7) on the DEF CON Music Twitch

#1 DJ in my mothers eyes

Artist Info:
Twitter: @countninjula


Friday from 23:00–00:00 PDT (GMT -7) on the DEF CON Music Twitch

Underground hacker, audio/visual artist and researcher of entheogenic blockchain technology. Music is magick.

Artist Info:
Twitter: @shadowvex

tense future

Saturday from 18:00–19:00 PDT (GMT -7) on the DEF CON Music Twitch

Los Angeles, CA. Trapped in an autonomous car during a solar flare. Anxiety attack over spying home appliances that tip their hand. General AI caretaker grappling over competing logical fallacies. Dark techno sounds from the tense future that was once distant.

Artist Info:
Twitter: @tensefutur3

Mica Husky

Saturday from 19:00–20:00 PDT (GMT -7) on the DEF CON Music Twitch

Mica has been absolutely obsessed with electronic music since she was a small child. She has been producing electronica for over a decade and DJing at house parties and conventions for 5 years. She first discovered psytrance in particular after going to Equinox 2015 because it “sounded fun”. She was instantly hooked. Mica’s favorite noises are reminiscent of psychedelic crystals shattering into a million pieces on a forest floor. She can take a crowd on a journey through the world of psychedelia by catching them at the perfect time with the best of alien music.

Artist Info:

Dj St3rling

Saturday from 20:00–21:00 PDT (GMT -7) on the DEF CON Music Twitch

Performing for his second year in a row at DEF CON, Dj St3rling loves to spin electronic music. When he’s not making music, he enjoys: bowling, eating tacos, sleeping, and CTF!

Artist Info:

Skittish & Bus

Saturday from 21:00–22:00 PDT (GMT -7) on the DEF CON Music Twitch

Married DJ/Producer duo, and hosts of underground dance music show Sonic Electronic.

Artist Info:
@skittishandbus on instagram/twitter/facebook/soundcloud/mixcloud

Miss Jackalope

Saturday from 22:00–23:00 PDT (GMT -7) on the DEF CON Music Twitch

DEF CON’s Resident Community DJ. Miss Jackalope has been DJing drum and bass and breakbeats for a long time and doing InfoSec stuff, too! ($dayjob) She can be seen DJing parties, swagulating in the Vendor room, and making sure everyone is having a good time. Mega thanks to the Jackalope Army for their support.

Artist Info:
Twitter: @djjackalope


Saturday from 23:00–00:00 PDT (GMT -7) on the DEF CON Music Twitch

LA/Seattle Underground Music 1997-present. DEF CON SoundGuy. Moontribe collective. So,many parties and so much good music made me picky but I love halftime beats! Twice as much opportunity for intricate layers!

Image for post
Image for post


Oy! Friendos! Baby bats & tech nerds who just like to wear black.

It wouldn’t be #DEFCONSafeMode without a little #gothcon action. Put us on your dance card next Friday! Lineup:





Image for post
Image for post


Thursday, 5PM PST:


DROPPING EAR & EYE CANDY https://mixcloud.com/live/archwisp/

Image for post
Image for post


Website: https://illuminatiparty.org/index.html

Puzzle: https://dc28.minervallux.com/

  • The Illuminati Party is a hybrid-venture between the DEFCON (Defense Readiness Condition Conference) Community and the Masonic Community founded in 2012 to provide a “circle-of-trust” wherein members and their guests can exchange knowledge and foster stronger relationships in an effort to bolster awareness in the areas of:

o Big Data
o Information and Cyber Security / Pen Testing
o Counter Corporate Espionage / Red Teaming
o Physical Security
o Communication Encryption Technology
o Medical and Biological Vulnerabilities

Image for post
Image for post


An anual gathering of hackers who have served the US Military (and other worldwide miltaries) VET CON is a space where vetertains can share their stories, experience and interact with one another as well as help others transition from military life to secrutiy civilian life and vice versa.

They have a VETCON channel on the official DEF CON Safe Mode DISCORD that will be made public within 24hours.

They also have swag we are selling http://shop.miltonsecurity.com , and donating all proceeds to the GarySiniseFoundation.

Image for post
Image for post

Blacks In CyberSecurity

After a very successful in person meet up last year, Blacks In CyberSecurity are during a virtual meet up on Friday, August 7th at 7:00 PM EST!

Twitch: https://www.twitch.tv/blacksincybersecurity

Image for post
Image for post


Image for post
Image for post


All Con

Everyone Builds a Blanket Fort, then films a Home and Garden Style House tour of their Fort, then we vote on the best fort, prizes for the best ones. Follow @blanketfortcon on twitter or email blanketfortcon@gmail.com

More Info: blanketfortcon@gmail.com
Twitter: @blanketfortcon

No Tech Talks

Saturday: 1800 to 2000 PDT (GMT -7)

No tech? No problem. Come tell your no-tech stories here. It’s like karaoke, except without the music, or cheesy lyrics, or singing. OK, it’s not exactly like karaoke but it’ll still be entertaining. Suggested theme: “Discovery” and “Apocalypse”

Selected speakers will get 15 minutes to tell their stories on the Discord voice channel, and audience members will be able to ask questions, or discuss on the text channel.

The sign up form won’t be open until the night of the event, participation will be first come first serve, and subject to moderation.

Discord: https://discord.com/channels/708208267699945503/733562213796937728/737022326226288662

War Story Bunker

Friday: 1800 to 2000 PDT (GMT -7)

One of our favorite parts of DEF CON every year is hearing about what other hackers have been up with harrowing tales of red team exercises gone wrong, or so very right. We’ve also heard of valiant efforts of defense from our blue team folks while waiting in Linecon. Do you have a cool “war story” to share? Would you like to listen to some fun stories from your fellow hackers? This is the place to be. Join the DEF CON CFP Board, Goons, and fellow hackers around the bunker.

Selected speakers will get 15 minutes to tell their stories on the Discord voice channel, and audience members will be able to ask questions, or discuss on the text channel.

The sign up form won’t be open until the night of the event, participation will be first come first serve, and subject to moderation.

Discord: https://discordapp.com/channels/708208267699945503/733562251285495818/736711109037522944

Image for post
Image for post

Sadly this year becasue of COVID-19, r00tz Asylum (the part of DEF CON that is designed for children) has been cancled. But fear not young ones, the awesome deep-dish folks at Hak4Kidz will be streaming every day featuring setup the space, solder, make, break, game, and a Hoodie give away thanks to @J0hnnyXm4s!

Watch: https://www.twitch.tv/Hak4Kidz

Image for post
Image for post


DEF CON 28 Safe Mode Edition
Aug. 7 & 8 @ 6pm PST (9pm EST)

Discord: https://discord.com/channels/708208267699945503/732439600391389184

Image for post
Image for post

Telephreak Party

August 9th, ???

@TProphet has invites for all our players for an afterparty hang out to share stories about 2020’s @telechallenge.

… hit him up to hang out later tonight!


Image for post
Image for post


Demo Labs will be held in the Demo Labs section of the DEF CON Discord Server on the channels listed in the descriptions.

Full List: https://defcon.org/html/defcon-safemode/dc-safemode-demolabs.html

Carnivore (Microsoft External Attack Tool)

Chris Nevin

Sun from 12:00–13:50 PDT (GMT -7)
Discord Channel: #dl-nevin-carnivore-text
Audience: Offense

Carnivore is a username enumeration and password spraying tool for Microsoft services (Skype for Business, ADFS, RDWeb, Exchange and Office 365). It originally began as an on-premises Skype for Business enumeration/spray tool as I was finding that these days, organizations often seem to have locked down their implementations of Exchange, however, Skype for Business has been left externally accessible, and has not received as much attention from previous penetration tests due to the lack of tools as impactful as Mailsniper. Overtime this was improved and built upon to bring the same service discovery, username enumeration and password spraying capability to Skype, ADFS, RDWeb, Exchange, and O365 all in the same tool. Carnivore includes new post compromise functionality for Skype for Business (pulling the internal address list and user presence through the API), and smart detection of the username format for all services. As a practical means of entry into an organisation — numerous external penetration tests have uncovered an on-premises Skype for Business or ADFS server even for organisations that have moved Mail/SSO/etc to the cloud.

Project Link: https://github.com/ReverendThing/Carnivore
DEF CON Forums Link: https://forum.defcon.org/node/233116

Chris Nevin
Senior Security Consultant at NCCGroup

Cotopaxi: IoT Protocols Security Testing Toolkit

Jakub Botwicz

Sat from 16:00–17:55 PDT (GMT -7)
Discord Channel: #dl-botwicz-cotopaxi-text
Audience: IoT, AppSec

Cotopaxi is a set of tools for security testing of Internet of Things devices using specific network IoT/IIoT/M2M protocols (e.g. AMQP, CoAP, MQTT, DTLS, mDNS, QUIC).

Project Link: https://github.com/Samsung/cotopaxi/
DEF CON Forums Link: https://forum.defcon.org/node/233117

Jakub Botwicz
Jakub Botwicz works as a Principal Security Engineer at Samsung Poland R&D Center leading a team of security researchers. He has more than 15 years of experience in information security and previously worked in one of the worlds leading payment card service providers, Big4 consulting company and vendor of network encryption devices. Jakub holds a PhD degree from Warsaw University of Technology and security community certificates including: GWAPT, CISSP, ECSA. Currently, he works providing security assessments (static and dynamic analysis) of different mobile and IoT components.

CIRCO v2: Cisco Implant Raspberry Controlled Operations

Emilio Couto

Fri from 10:00–11:50 PDT (GMT -7)
Discord Channel: #dl-couto-circo-v2-text
Audience: Offense/Hardware

Designed under Raspberry Pi and aimed for Red Team Ops, we take advantage of “Sec/Net/Dev/Ops” enterprise tools to capture network credentials in stealth mode

Project Link: https://github.com/ekiojp/circo
DEF CON Forums Link: https://forum.defcon.org/node/233127

Emilio Couto
Emilio Couto (@ekio_jp) is a Security Consultant with more than 20 years of experience in the network and security field.Born and raised in Argentina, he is currently located in Japan where multitasking between language, culture and technologies is a must.Over the last decade focusing mainly on Finance IT and presenting tools in conferences (DEF CON, BlackHat Asia, HITB, Code Blue, AV Tokyo and SECCON).In his spare time he enjoys 3D printing, tinkering electronics and home-made IoT devices.


Utku Sen

Fri from 14:00–15:50 PDT (GMT -7)
Discord Channel: #dl-sen-jeopardize-text
Audience: Defense

Jeopardize tool is developed to provide basic threat intelligence&response capabilities against phishing domains at the minimum cost as possible. It detects registered phishing domain candidates (typosquatting, homograph etc.), analyzes them and assigns a risk score to them. After then, it sends valid-looking credentials to the login forms on those phishing sites. Main goals are to confuse the attackers and to buy organizations some time to take precautions.

Project Link: https://github.com/utkusen/jeopardize
DEF CON Forums Link: https://forum.defcon.org/node/233129

Utku Sen
Utku Sen is a security researcher who is mostly focused on application security, network security and tool development. He presented his different tools and researches in Black Hat USA Arsenal, DEF CON Demo Labs, Packet Hacking Village and Recon Village in the recent years. He’s also nominated for Pwnie Awards on “Best Backdoor” category in 2016. He is currently working for HackerOne.

MalConfScan with Cuckoo

Tomoaki Tani

Shusei Tomonaga

Sun from 10:00–11:50 PDT (GMT -7)
Discord Channel: #dl-tani-malconfscan-text
Audience: Defense (Malware Analyst, BlueTeam)

“MalConfScan with Cuckoo” is a tool for automatically extracting known Windows and Linux malware’s configuration data.

Project Link: https://github.com/JPCERTCC/MalConfScan-with-Cuckoo
DEF CON Forums Link: https://forum.defcon.org/node/233121

Tomoaki Tani
Tomoaki Tani works as a Forensic Analyst at Incident Response Group of JPCERT/CC. His primary responsibility is in providing coordination and assistance for cybersecurity incidents related to Japanese constituents. With his technical insight, he is also in charge of analyzing incident trends and attack methods. He presented at CODE BLUE, BsidesLV, BlackHat USA Arsenal, PHDays, VB Conference, and more. Prior to joining JPCERT/CC, he was engaged in security analysis operations and incident handling at a major Japanese telco.

Shusei Tomonaga
Shusei Tomonaga is a member of the Incident Response Group of JPCERT/CC. Since December 2012, he has been engaged in malware analysis and forensic investigation. In particular, he spearheads the analysis of targeted attacks affecting critical Japanese industries. In addition, he has written blog posts on malware analysis and technical findings (https://blogs.jpcert.or.jp/en/). Prior to joining JPCERT/CC, he was engaged in security monitoring and analysis operations at a foreign-affiliated IT vendor. He has presented at CODE BLUE, BsidesLV, Botconf, VB Conference, PHDays, PacSec, FIRST Conference, BlackHat USA Arsenal, and more.

Mobile Security Framework — MobSF

Ajin Abraham

Fri from 12:00–13:50 PDT (GMT -7)
Discord Channel: #dl-ajin-mobile-securit-framework-text
Audience: Mobile, AppSec

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Project Link: https://mobsf.github.io/Mobile-Security-Framework-MobSF/
DEF CON Forums Link: https://forum.defcon.org/node/233122

Ajin Abraham
Ajin Abraham is a Security Engineer with 7+ years of experience in Application Security and Offensive Security Research. He is passionate on developing new and unique security tools. Some of his contributions to Hacker’s arsenal include OWASP Xenotix XSS Exploit Framework, Mobile Security Framework (MobSF), Droid Application Fuzz Framework (DAFF), NodeJsScan etc to name a few. He has been invited to speak at multiple security conferences including ClubHack, Nullcon, OWASP AppSec Eu, OWASP AppSec AsiaPac, BlackHat Europe, Hackmiami, Confidence, BlackHat US, BlackHat Asia, ToorCon, Ground Zero Summit, Hack In Paris, Hack In the Box, c0c0n and PHDays.


Viral Maniar

Sat from 12:00–13:50 PDT (GMT -7)
Discord Channel: #dl-maniar-phirautee-text
Audience: Offense

Over the past few years, ransomware has gone wild and organisations around the world are getting targeted leading to the damage and disruption. As we all know that the threat landscape is changing rapidly and we hear the fuss about ransomware infection at the offices or read about it in the news. Have you ever wondered how threat actors are writing ransomwares? What level of sophistication and understanding is required to target an organisation? In this demo, we will utilise the native Windows commands to build ransomware and target a host via phishing. Introducing Phirautee, a proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data. The tool uses public-key cryptography to encrypt the data on the disk. Before encrypting, it exfiltrates the files from the network to the attacker. Once the files are encrypted and exfiltrated, the original files are permanently deleted from the host and then tool demands a ransom. The ransom is asked using the cryptocurrency for payments, so transactions are more difficult for law enforcement to trace. During the demonstration of Phirautee, you will see a complete attack chain i.e. from receiving ransomware attack via a phishing email and how the files get encrypted on the compromised systems. A detailed walkthrough of the source code would be provided to understand how hackers utilise simple methods to create something dangerous. I will end the demo with several defence mechanisms by performing forensics analysis on Phirautee using publicly available tools.

Project Link: https://github.com/Viralmaniar/Phirautee

Viral Maniar
Viral Maniar is currently working as Technical Manager at RiskIQ managing the attack surface outside of the firewall for clients in the APAC region through his boutique cyber security firm Preemptive Cyber Security (www.preemptivecybersec.com) providing offensive and defensive consulting services based in Australia. Viral has provided security consulting services for over 8 years including infrastructure (internal-external), application penetration testing, vulnerability assessments, wireless penetration testing, social engineering, red team engagements, API testing, Thick & Thin client testing and cloud architecture security reviews to numerous clients across various industries in the APAC region. Viral has presented at conferences like Black Hat, ROOTCON and (ISC)2. Viral has also participated in a number of bug bounty programs and won awards for responsible disclosure of security vulnerabilities. In his leisure time, he enjoys developing security tools and maintains several projects on the GitHub. He has achieved industry certifications such as Offensive Security Certified Professional (OSCP) and SANS GPEN — Network Penetration Testing. Twitter: @ManiarViral / @PreemptiveCyber

PyRDP: Remote Desktop Protocol Monster-in-the-Middle (MITM) and Library

Olivier Bilodeau

Alexandre Beaulieu

Sat from 14:00–15:50 PDT (GMT -7)
Discord Channel: #dl-bilodeau-pyrdp-text
Audience: Offense and Malware Researchers

PyRDP is a Remote Desktop Protocol (RDP) monster-in-the-middle (MITM) tool and library useful in intrusion testing and malware research. Its out of the box offensive capabilities can be divided in three broad categories: client-side, MITM-side and server-side. On the client-side PyRDP can actively steal any clipboard activity, crawl mapped drives and collect all keystrokes. On the MITM-side PyRDP records everything on the wire in several formats (logs, json events), allows the attacker to take control of an active session and performs a pixel perfect recording of the RDP screen. On the server-side, on-logon PowerShell or cmd injection can be performed when a legitimate client connects. Over the last year, we implemented several features that we are going to uncover in this brand-new demo lab workshop: a headless mode that allows deployment on systems with less resources or without an X11 stack, a fully transparent layer-2 deployment capability leveraging IP_TRANSPARENT sockets, a brand new Windows Graphical Device Interface (GDI) implementation and the ability to convert recorded sessions into MP4 videos. On the malware research side, PyRDP can be used as part of a fully interactive honeypot. It can be placed in front of a Windows RDP server to intercept malicious sessions. It can replace the credentials provided in the connection sequence with working credentials to accelerate compromise and malicious behavior collection. It also saves a visual and textual recording of each RDP session, which is useful for investigation or to generate IOCs. Additionally, PyRDP saves a copy of the files that are transferred via the drive redirection feature, allowing it to collect malicious payloads.

Project Link: https://github.com/GoSecure/pyrdp
DEF CON Forums Link: https://forum.defcon.org/node/233124

Olivier Bilodeau
Olivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 10 years of infosec experience, he enjoys luring malware operators into his traps, writing tools for malware research, reverse-engineering all-the-things and vulnerability research. Passionate communicator, Olivier has spoken at several conferences like BlackHat, Defcon, Botconf, SecTor, Derbycon, HackFest and more. Invested in his community, he co-organizes MontréHack, a monthly workshop focused on hands-on CTF problem solving, and NorthSec, a large non-profit conference and CTF based in Montreal.

Alexandre Beaulieu
Alexandre is a security researcher working for GoSecure. His area of expertise is reverse engineering, binary exploitation and tool development. His previous experience as a software developer covers a broad spectrum of topics ranging from low-level systems and binary protocols to web applications. Prior to joining the research team, Alexandre spent time as an Ethical Hacker honing his offensive security skills. His areas of interest include binary analysis, compiler theory and systems programming. Alexandre gives back to the Montréal infosec community by volunteering his time, contributing workshops and designing application security challenges for events like MontréHack and REcon.


Matthew Creel

Fri from 16:00–17:55 PDT (GMT -7)
Discord Channel: #dl-creel-redlure-text
Audience: Offense

redlure can be descirbed as a distributed phishing platform. There is a centeralized API (redlure-console) where you can create the different aspects of your phishing campaigns. This console controls secondary servers running a more basic API (redlure-workers) that do the actual hosting of your phishing sites/files and communicate results back to the main server. Obviosuly there are existing tools that can accomplish phishing, but here are a few features to this tool that differentiate it and will be descirbed in the abstract.

Project Link:
DEF CON Forums Link: https://forum.defcon.org/node/233131

Matthew Creel
Matt has been a member of the Schneider Downs cybersecurity practice since 2017 where he helps provide clients with penetration testing, red teaming and incident response services. One of Matt’s focuses is offensive tool development, notably password spraying and phishing tools. Matt has served clients in manufacturing, healthcare, automotive, finanaical and higher education industires.


Vincent “Vinnybod” Rose

Sat from 10:00–11:50 PDT (GMT -7)
Discord Channel: #dl-rose-starkiller-text
Audience: Offense, Defense

The ultimate goal for any security team is to increase resiliency within an organization and adapt to the modern threat. Starkiller aims to provide red teams with a platform to emulate Advanced Persistent Threat (APT) tactics. Starkiller is a frontend for the post-exploitation framework, PowerShell Empire, which incorporates a multi-user GUI application that interfaces with a remote Command and Control (C2) server. Empire is powered by Python 3 and PowerShell and includes many widely used offensive security tools for Windows, Linux, and macOS exploitation. The framework’s flexibility to easily incorporate new modules allows for a single solution for red team operations. Both red and blue teams can utilize Starkiller to emulate and defend against the most used APT attack vectors.

Project Link: https://www.bc-security.org/post/an-introduction-to-starkiller
DEF CON Forums Link: https://forum.defcon.org/node/233126

Vincent “Vinnybod” Rose
Vincent “Vinnybod” Rose is a software engineer with experience in cloud services. He has a decade of experience in software development and networking. Recently, his focus has been on building ad-serving technologies, web and server-side applications. He is the lead developer for Starkiller, the graphical user interface for the Empire framework.

Image for post
Image for post


This is the section where we have comb through the entire list of talks on both days and list our hilights for the talks that stand out to us. Note that this does not invalidate any talks we didn’t list, in fact, we highly recommend you take a look at the full convention scheduel beforehand and make up your own talk hilight lists. These are just the talks that for us had something stand out, either by being informative, unique or bizzare. (Sometimes, all three!)

Hacking Traffic Lights

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Thursday, August 6th at 13:30
30 minutes

Wesley NeelenHacker & co-founder at Zolder

Rik van DuijnHacker & co-founder at Zolder

New systems are connected to the internet every day to make our lives easier or more comfortable. We are starting to see connected traffic and smart traffic lights innovations to improve traffic flow, safety and comfort. With smart systems entering and controlling our physical world, ethical hacking such systems to find possible ways of manipulation becomes even more important to society.

In the Netherlands there are some public innovations where traffic light systems are being connected to smartphone apps. We have looked at these innovations to see if these systems could be manipulated and how manipulation could benefit an attacker. Specifically, we found a way in two different platforms, that allows us to successfully fake a continuous flow of bicyclists that turns the cyclist traffic light instantly green or decreases the time to green.

More than 10 municipalities in the Netherlands connected a part of their cyclist traffic lights to the affected platforms. It was possible to perform these hacks from any remote location, which allows someone to remotely influence the traffic at scale. The hack results in turning the cyclists lights to green, while other lights on the intersection will turn to red.

The regular security systems that make sure lights are not turned green simultaneously stays intact. There are similar projects that turn the car traffic lights green for ambulances or trucks. If an attacker succeeds to exploit these projects with a similar attack, he could remotely influence the car traffic lights directly.

Wesley Neelen
Wesley has about 7 years’ experience in the offensive security area working as a penetration tester. Next to his work assessing the security of infrastructures, he spends time researching trends within IT security and on developing defensive measures. Wesley likes to actively assess the security of home automation, internet of things and ‘smart’ innovations. One of the vulnerabilities discovered by Wesley, is a remote command execution (RCE) vulnerability in the Fibaro home center appliance. The vulnerability allowed to remotely obtain root access on the Fibaro device whenever the web interface is reachable. Also, he discovered vulnerabilities within a smartwatch cloud that disclosed the location history of about 300.000 of its users.


Rik van Duijn
Rik is a security researcher with 7+ years of experience as a penetration tester. Nowadays Rik focusses on malware research and defense. His hobbies include cooking, bouldering and long walks on the beach. Rik has presented at SHA2017, (whiskey|fristi)leaks, DefCon BlueTeam Village and Tweakers Security/DEV Meetups.


Hacking the Supply Chain — The Ripple20 Vulnerabilities Haunt Hundreds of Millions of Critical Devices

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Thursday, August 6th at 14:30

Shlomi ObermanCEO, JSOF

Moshe KolSecurity Researcher

Ariel SchönSecurity Researcher, JSOF

This is the story of how we found and exploited a series of critical vulnerabilities (later named Ripple20) affecting tens or hundreds of millions of IoT devices across all IoT sector conceivable — industrial controllers, power grids, medical, home, networking, transportation, enterprise, retail, defense, and a myriad of other types of IoT devices, manufactured and deployed by the largest American and international vendors in these fields.

These vulnerabilities were found in a TCP/IP software library located at the very beginning of a complex supply chain and have lurked undetected for at least 10 years, likely much more. Over the past two decades this library has spread around the world by means of direct use as well as indirectly, through “”second hand”” use, rebranding, collaborations, acquisitions and repackaging, having been embedded and configurated in a range of different ways. Many of the vendors indirectly selling and using this library were not aware of their using it. Now that they know, the patch propagation dynamics are very complex and may not be possible in some cases.

This library is a little known, but widely used, embedded library developed by Treck Inc.known for its high reliability, performance, and configurability. Its features make it suitable for real-time operating system usage and low-power devices.

Despite being used by many large, security-aware vendors, these vulnerabilities lay dormant and undiscovered — while actors of all types could have discovered these vulnerabilities by finding one of several bugs in any of the components, exposing hundreds of others immediately. This would provide a field day of affected devices for the picking.

In this presentation, we will discuss one of the vulnerabilities in technical depth, demonstrating an RCE exploit on a vulnerable device. We will explain how the vulnerabilities became so widespread, and what we still don’t know. We will speculate as to why these vulnerabilities survived for so long and show why some vendors are worse affected than others.

Shlomi Oberman
Shlomi Oberman is an experienced security researcher and leader with over a decade of experience in security research and product security. In the past few years his interest has been helping secure Software — while it is being written and after it has shipped. Shlomi is a veteran of the IDF Intelligence Corps and has many years of experience in the private sector working with companies who are leaders in their field. He has spoken internationally and his research has been presented in industry conferences such as CodeBlue Tokyo and Hack-In-The-Box as well as other conferences. He is also an experienced teacher, training researchers and engineers in Embedded Exploitation and Secure Coding, as well as an organizer of local community cyber-security events. Shlomi has the unique advantage of a broad technical understanding of the Security Field as well as deep knowledge of the attacker’s mindset, which is extremely useful when securing software.

Moshe Kol
Moshe is a wickedly talented security researcher, currently finishing his Computer Science studies at the Hebrew University of Jerusalem. He has many years of networking and security research experience working for the MOD where he honed his skills originally developed at home — as he was led by sheer curiosity into the world of reverse engineering and security research.

Ariel Schön
Ariel Schön is an experienced security researcher with unique experience in embedded and IoT security as well as vulnerability research.

Ariel is a veteran of the IDF Intelligence Corps, where he served in research and management positions. Currently, he is consuming caffeine and doing security research at JSOF.

Demystifying Modern Windows Rootkits

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Thursday, August 6th at 15:30
Demo, Tool, Exploit

Bill DemirkapiIndependent Security Researcher

This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says “Hello World” to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common patterns seen in malware and the drawbacks that come with malware in kernel-mode rather than user-mode.

We’ll walk through writing a rootkit from scratch, discussing how to load a rootkit, how to communicate with a rootkit, and how to hide a rootkit. With every method, we’ll look into the drawbacks ranging from usability to detection vectors. The best part? We’ll do this all under the radar, evading PatchGuard and anti-virus.

Bill Demirkapi
Bill is a student at the Rochester Institute of Technology with an intense passion for Windows Internals. Bill’s interests include game hacking, reverse engineering malware, and exploit development. In his pursuit to make the world a better place, Bill constantly looks for the next big vulnerability following the motto “break anything and everything”.


Domain Fronting is Dead, Long Live Domain Fronting: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Thursday, August 6th at 16:30
Demo, Tool

Erik HunstadCTO, SIXGEN

Domain fronting, the technique of circumventing internet censorship and monitoring by obfuscating the domain of an HTTPS connection was killed by major cloud providers in April of 2018. However, with the arrival of TLS 1.3, new technologies enable a new kind of domain fronting. This time, network monitoring and internet censorship tools are able to be fooled on multiple levels. This talk will give an overview of what domain fronting is, how it used to work, how TLS 1.3 enables a new form of domain fronting, and what it looks like to network monitoring. You can circumvent censorship and monitoring today without modifying your tools using an open source TCP and UDP pluggable transport tool that will be released alongside this talk.

Erik Hunstad
Erik Hunstad is a security expert and researcher who realized the power of programming and security when he coded an algorithm to reduce the search space of possible Master Lock combinations in RAPTOR. Erik is the CTO and Adversary Emulation Lead at SIXGEN where he specializes in deploying the latest offensive security techniques against customers. He previously worked for the Department of Defense.


Finding and Exploiting Bugs in Multiplayer Game Engines

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Friday, August 7th at 14:30
Demo, Tool, Exploit

Jack Baker

Unreal Engine 4 and Unity3D dominate the multiplayer gaming landscape. They’re also complicated pieces of software written in C and C++. In this talk, Jack will share the results of months of bug hunting in multiplayer game networking protocols. Be prepared for memory disclosures, speedhacks, and WONTFIX vulnerabilities.

Jack Baker
Jack Baker is a professional reverse engineer and amateur video game hacker. Jack is most known for having the same name as a Resident Evil villain.

Don’t Be Silly — It’s Only a Lightbulb

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Friday, August 7th at 15:30
Demo, Exploit

Eyal ItkinVulnerability Researcher at Check Point Software Technologies

A few years ago, a team of academic researchers showed how they can take over and control smart lightbulbs, and how this in turn allows them to create a chain reaction that can spread throughout a modern city. Their research brought up an interesting question: aside from triggering a blackout (and maybe a few epilepsy seizures), could these lightbulbs pose a serious risk to our network security? Could attackers somehow bridge the gap between the physical IoT network (the lightbulbs) and even more appealing targets, such as the computer network in our homes, offices or even our smart cities?

We’re here to tell you the answer is: Yes.

Join us as we take a deep dive into the world of ZigBee IoT devices. Continuing from where the previous research left off, we go right to the core: the smart hub that acts as a bridge between the IP network and the ZigBee network. And let me tell you this, this harsh embedded environment is surely not on our side. With a maximal message size of less than 128 bytes, complex state machines and various strict timing constraints, this challenge is going to be tough.

After a long journey, we finally made it. By masquerading as a legitimate ZigBee lightbulb, we were able to exploit vulnerabilities we found in the bridge, which enabled us to infiltrate the lucrative IP network using a remote over-the-air ZigBee exploit.

Eyal Itkin
Eyal Itkin is a vulnerability researcher in the Malware and Vulnerability Research group at Check Point Software Technologies. Eyal has an extensive background in security research, that includes years of experience in embedded network devices and protocols, bug bounties from all popular interpreter languages, and an award by Microsoft for his CFG enhancement white paper. When not breaking RDP or FAX, he loves bouldering, swimming, and thinking about the next target for his research.


Exploiting Key Space Vulnerabilities in the Physical World

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Friday, August 7th at 16:30
Demo, Tool, Exploit

Bill Graydon Principal, Research, GGR Security

Imagine being able to get together with a few of your co-workers, look at your office keys and derive a building master key. Or you may not have any working key at all: you could impression the lock, or use one of the many ways we’ll present in this talk to put together little bits of information from a lock to create a working key.

We apply information theory — the concept behind the “entropy” of a password — in an easy to understand way to show how every little bit of information about a system can be used to defeat it. The audience will be able to pull any key out of their pocket and understand how it works and how an attacker can create it covertly, and open whatever lock it is for, or even a lock it isn’t for, that shares the same system.

We’ll explain how to produce either a single final key, or a set small enough to economically brute force — and release a software tool to let anyone quickly try out all possibilities in an easy-to-visualize way.

Finally, we will discuss possible solutions to these problems and introduce vulnerabilities our research has uncovered in high-security systems like Medeco, Abloy, and Mul-T-Lock — including releasing a set of only 159 possible top level master key codes for certain large Medeco mastered systems.

Bill Graydon
Bill Graydon is a principal researcher at GGR Security, where he hacks everything from locks and alarms to critical infrastructure; this has given him some very fine-tuned skills for breaking stuff. He’s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running DEF CON’s Lock Bypass Village. He’s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in cyber security, software development, anti-money laundering, and infectious disease detection.


D0 N0 H4RM: A Healthcare Security Conversation

Watch on Youtube
Download from media.defcon.org

Live, Friday, August 7th at 20:00

Christian “quaddi” Dameff MDPhysician & Medical Director of Security at The University of California San Diego

Jeff “r3plicant” Tully MDAnesthesiologist at The University of California Davis

Jessica WilkersonCyber Policy Advisor, FDA

Veronica SchmittAssistant Professor, Noroff University

Ash LuftSoftware Engineer Starfish Medical

Vidya MurthyVice President Operations, MedCrypt

It is certainly a time of discovery- though the truths revealed by the COVID-19 crisis can be bitter and bleak. At a time when all attention is focused on the ERs and ICUs that make up the battle’s front lines, it is easy to cast aside old warnings to focus solely on the clinical war. But the need for safety and security only increases in the face of a pandemic- and healthcare cybersecurity is no different. From testing to ventilators, every facet of our response to COVID-19 depends on trustworthy and reliable technology.

D0 No H4rm- DEF CON’s continuing conversation on healthcare returns for another up close (but not too close) and personal dialogue between hackers at the top of their fields- from the halls of the FDA to the cutting edge of medical devices security research for an all-encompassing look at what we need to focus on in the age of COVID. Moderated by physician hackers quaddi and r3plicant, this perennially packed event aims to recruit the talent, ingenuity, and vision of the DEF CON family for the challenges we face both now and after the immediate crisis passes.

Christian “quaddi” Dameff MD
Christian (quaddi) Dameff MD is an Assistant Professor of Emergency Medicine, Biomedical Informatics, and Computer Science (Affiliate) at the University of California San Diego. He is also a hacker, former open capture the flag champion, and prior DEF CON/RSA/Blackhat/HIMSS speaker. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Published security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his sixteenth DEF CON.


Jeff “r3plicant” Tully MD
Jeff (r3plicant) Tully is an anesthesiologist, pediatrician and security researcher with an interest in understanding the ever-growing intersections between healthcare and technology.


Jessica Wilkerson
Jessica Wilkerson is a Cyber Policy Advisor with the All Hazards Readiness, Response, and Cybersecurity (ARC) team in the Center for Devices and Radiological Health (CDRH) within the Food and Drug Administration (FDA). As part of ARC, she examines issues and develops policy related to the safety and effectiveness of connected medical devices. Previously, she worked as the Cybersecurity Research Director for the Linux Foundation, and spent over five years as a congressional staffer with the House Committee on Energy and Commerce, covering cybersecurity issues in the telecommunications, commercial, energy, and health sectors. As part of that work, she examined issues related to coordinated vulnerability disclosure, software supply-chain transparency, legacy technology risks, and cybersecurity governance models, among others. She has a background in mathematics and computer science. She received a B.A. in Policy Studies and minors in Computer Science and Mathematics from Syracuse University, and is currently pursuing a J.D. from the Catholic University of America’s Columbus School of Law.”

Veronica Schmitt
Veronica started her forensic career in 2008. She is currently an Assistant Professor at Noroff University, where she has been given her own Minions to plan her world domination.. Veronica serves as part of the WoSEC board of directors, and the board of directors of DFIRLABS that specializes in the investigation of complex incidents. Veronica holds a Master in Science at Rhodes University in Information Security with specialisation in the forensic analysis of malware. Veronica has also received training overseas in cybercrime investigation and digital forensics from the US Department of Homeland Security, the International Association of Computer Investigative Specialists, and the SANS Institute.

She is also an Independent Security researcher currently working with Medtronic which is one of the largest Medical Device Manufacturers. She prides herself in keeping patients safe as this is something which is near to her heart. She is also a cyborg sporting an embedded medical device herself. She also has spoken extensively internationally, including at the SANS DFIR Summit, and DEF CON Villages. She also is a DEF CON Goon and she is the founder of DC2751.

Her particular research interests include research into security vulnerabilities in medical devices forming part of the Internet of Things, and how these could be exploited by malicious attackers, as well as what types of forensic artefacts could be identified from any attacks. She is extremely passionate about protecting people whose lives depend on these medical devices, and her passion saw her becoming a member of the security research group, I am the Cavalry. At her core Veronica is a forensicator and in love with every bit, byte and nibble of knowledge she has obtained.


Ash Luft
Ash Luft is an Embedded Software Engineer with a background in Computer Science, Biochemistry, and Electrical Engineering. With industry experience in Software and Biomedical Device Development, Ash specializes in designing for and implementing safety, security, and privacy in Clinical IoT and Medical Devices. Ash is passionate about protecting patient outcomes while delivering cost-effective, high quality solutions.

Vidya Murthy
Vidya is fascinated by the impact of cybersecurity on the healthcare space. Beginning her career in consulting, she realized a passion for healthcare and worked for global medical device manufacturer Becton Dickinson. She has since joined MedCrypt, a company focused on bringing cybersecurity leading practices to medical device manufacturers. Vidya holds an MBA from the Wharton School.

Shrek, Juggs, and Toxic Trolls: a BADASS discussion about Online Sexuality and Hacktivism.

Live, Friday, August 7th at 21:00

Katelyn BowdenCEO and Founder (Intro speaker and panel moderator)

Rachel LampCOO

Allie BarnesCTO

Kate VenableHead of Legal

Marleigh FarlowCMO

Tim DoomsdayCISO

In this panel discussion, the BADASS army team will be talking about the intersection between security and sex, the problem of online exploitation and harassment, and what needs to be done to address these issues. After an introduction to the org and the culture of NOn Consensual Pornography, The panel will be a free form conversation with audience participation, covering a wide variety of topics related to NCP and online sexual abuse.

BADASS is a nonprofit org dedicated to fighting image based abuse. Founded in 2017 by victims of NCP, it has grown to be one of the major organizations trying to prevent online exploitation.

A Decade After Stuxnet’s Printer Vulnerability: Printing is still the Stairway to Heaven

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Saturday, August 8th at 09:30
Demo, Tool, Exploit

Peleg HadarSenior Security Researcher at SafeBreach Labs

Tomer BarResearch Team Leader at SafeBreach Labs

In 2010, Stuxnet, the most powerful malware in the world revealed itself, causing physical damage to Iranian nuclear enrichment centrifuges. In order to reach Iran’s centrifuges, it exploited a vuln in the Windows Print Spooler service and gain code execution as SYSTEM. Due to the hype around this critical vuln, we (and probably everyone else) were pretty sure that this attack surface would no longer exist a decade later. We were wrong…

The first clue was that 2 out of 3 vulns which were involved in Stuxnet were not fully patched. That was the case also for the 3rd vuln used in Stuxnet, which we were able to exploit again in a different manner.

It appears that Microsoft has barely changed the code of the Print Spooler mechanism over the last 20 years.

We investigated the Print Spooler mechanism of Windows 10 Insider and found two 0-day vulns providing LPE and DoS (First one can also be used as a new persistence technique)

Peleg Hadar
Peleg Hadar (@peleghd) is a security researcher, having 8+ years of unique experience in the sec field. Currently doing research @SafeBreach Labs, previously serving in various sec positions @IDF. His experience involved security from many angles: starting with network research, and now mostly software research. Peleg likes to investigate mostly Microsoft Windows components.


Tomer Bar
Tomer Bar is a security researcher and a research team leader with 15+ years of unique experience in the sec field. Currently leading the research team of SafeBreach Labs. His experience involved vulnerability research, malware analysis, etc.

Whispers Among the Stars: Perpetrating (and Preventing) Satellite Eavesdropping Attacks

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Saturday, August 8th at 10:30
Demo, Tool, Exploit

James Pavur DPhil Student, Oxford University

Space is changing. The number of satellites in orbit will increase from around 2,000 today to more than 15,000 by 2030. This briefing provides a practical look at the considerations an attacker may take when targeting satellite broadband communications networks. Using $300 of widely available home television equipment I show that it is possible to intercept deeply sensitive data transmitted on satellite links by some of the world’s largest organizations.

The talk follows a series of case studies looking at satellite communications affecting three domains: air, land, and sea. From home satellite broadband customers, to wind farms, to oil tankers and aircraft, I show how satellite eavesdroppers can threaten privacy and communications security. Beyond eavesdropping, I also discuss how, under certain conditions, this inexpensive hardware can be used to hijack active sessions over the satellite link.

The talk concludes by presenting new open source tools we have developed to help researchers seeking to improve satellite communications security and individual satellite customers looking to encrypt their traffic.

The talk assumes no background in satellite communications or cryptography but will be most interesting to researchers interested in tackling further unsolved security challenges in outer space.

James Pavur
James Pavur is a Rhodes Scholar at Oxford University working on a DPhil in Cyber Security. His academic research is primarily on the threats to satellite systems with a focus on satellite communications and trustworthy spaceflight operations. Prior to Oxford, he majored in Science, Technology and International Affairs (STIA) at Georgetown University where he graduated with the School of Foreign Service Dean’s Medal (highest cumulative GPA) in 2017.

He has held numerous internships and professional positions related to information security. This included acting as Director of Information Security for Students of Georgetown Inc. (The Corp), a student run non-profit with more than 300 employees. He has also assisted with computer crimes investigations as an intern with the United States Postal Service Office of the Inspector General, worked on embedded systems reverse-engineering as an intern at Booz Allen Hamilton, and even pentested air-conditioners for the Public Buildings Services while working for Telos Corporation.

Outside of computers, James enjoys flying kites and collecting rare and interesting teas.


How we recovered $XXX,000 in Bitcoin from an encrypted zip file

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Saturday, August 8th at 13:30

Michael StayCTO, Pyrofex Corp.

About six months ago, a Russian guy contacted me on LinkedIn with an intriguing offer. He had hundreds of thousands of dollars in Bitcoin keys locked in a zip file, and he couldn’t remember the password. Could I break into it for him? He found my name by reading an old cryptanalysis paper I wrote nearly 20 years ago. In that attack, I needed five files to break into a zip archive. This one only had two files in it. Was it possible? How much would it cost? We had to modify my old attack with some new cryptanalytic techniques and rent a GPU farm, but we pulled it off. Come hear how.

Michael Stay
Mike Stay was a reverse engineer and cryptanalyst in the 1990s, worked for six years on Google’s security team, and is currently the CTO of Pyrofex Corp.


Abusing P2P to Hack 3 Million Cameras: Ain’t Nobody Got Time for NAT

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Saturday, August 8th at 14:30
Demo, Tool, Exploit

Paul Marrapese Security Researcher

To a hacker, making a bug-ridden IoT device directly accessible to the Internet sounds like an insanely bad idea. But what’s *truly* insane is that millions of IoT devices are shipping with features that expose them to the Internet the moment they come online, even in the presence of NAT and firewalls. P2P, or “peer-to-peer”, is a convenience feature designed to make the lives of users easier, but has the nasty side effect of making attackers’ lives easier as well.

Come for the story of how supply chain vulnerabilities in modern IP cameras, baby monitors, and even alarm systems are putting millions at risk for eavesdropping and remote compromise. We’ll talk about the hoards of IoT devices that exist outside of Shodan’s reach and the botnet-like infrastructure they rely on. Learn how to find P2P networks and how to exploit them to jump firewalls, steal camera passwords over the Internet, and correlate devices to physical addresses. We’ll demonstrate how to snoop on someone’s video simply by using your own camera — and how someone may be snooping on your video, too.

Paul Marrapese
Paul Marrapese (OSCP) is a security researcher from San Jose, CA. His work has resulted in the discovery of critical vulnerabilities affecting millions of IoT devices around the world, and has been featured on Krebs on Security, Forbes, Wired, ZDNet, and several security podcasts. Paul specializes in offensive security as part of the red team at a large enterprise cloud company. His interests include reverse engineering, music production, photography, and recently software-defined radio. Rumor has it that he makes a mean batch of cold-brew coffee.

Bypassing Biometric Systems with 3D Printing and Enhanced Grease Attacks

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Saturday, August 8th at 15:30

Yamila LevalleResearcher at Dreamlab Technologies

Due to the well-known vulnerabilities in traditional authentication methods through users, passwords and tokens; biometric systems began to be widely implemented in millions of devices with the aim of having a more practical authentication system for users and -supposedly- more robust in terms of security.

Security researchers were not far behind and started to analyze the security of these biometric controls. In recent years, different techniques have been presented to bypass the authentication of, for example, the smartphones that began to implement these systems.

What is new in this talk? avoiding focusing on a particular device, we have gone deeper studying the operation of the sensors implemented in different biometric systems (Optical, Capacitive, Ultrasonic, Facial, etc.) and consequently, we discovered new techniques to bypass them. Through this talk, we will show how to fool biometric sensors by the enhanced grease attacks and, even better, the techniques to succeed at bypassing these controls using 3D printing.

Yamila Levalle
Yamila Vanesa Levalle is an Information Systems Engineer, Security Researcher and Offensive Security Professional with more than 15 years of experience in the InfoSec area.

Yamila currently works as Security Researcher and Consultant at Dreamlab Technologies where she specializes in offensive techniques, conducts researches, gives trainings and write papers and blog posts. She is an international security conferences speaker and has presented her researches at important events such as BlackHat Arsenal Vegas, PHDays Moscow, Northsec Montreal, AusCERT Australia, 8.8 Security Conference Vegas, SCSD Fribourg, Ekoparty Ekolabs, OWASP Latam Tour and others. She has taught ethical hacking courses for women, CTF courses for beginners and several information security trainings.

A mobile phone-sized device causes Tesla Autopilot to ignore obstacles and hit directly.

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Saturday, August 8th at 18:30
30 minutes

Wish WuSecurity Expert

The DefCon 24 conference disclosed methods to jamming with Tesla’s millimeter-wave radar. However, the attack device can’t be used in a real attack scenario. Because, it is bulky, heavy, worth about $140,000 and have a short range. And the experiment is only carried out on a standing car with fixed interference frequency.

I transformed the $1250 radar development board to attack device, weighing about 200 grams, about the size of a mobile phone, and able to attack from a distance, like a pistol. I also found a better interference method based on radar antenna principle and speed measurement.

When Tesla Model 3 with Autopilot and Lynk&Co 01 under my jamming attack in collision test, the Collision Avoidance System (CAS) desensitized and malfunction. The Forward Collision Warning (FCW) and Autonomous Emergency Braking (AEB) appear too late or not even before the frontal collision occurs, which eventually led to a traffic accident. It recorded by videos.

Different brands and different models of cars may use different millimeter wave bands and frequency waveforms. I provide a way to find the victim ’s radar parameters by testing the response of the victim ’s vehicle driver assistance system without having to reverse the radar software or hardware, thereby reducing the cost of the attack.

Wish Wu
Wish Wu is a security researcher involved in zero-day vulnerability mining and exploitation of Android platform, face identity verification security research and automatic vulnerability mining technology research. He received Google Android security rewards and acknowledgements for discovering multiple HIGH or CRITICAL vulnerabilities in the Android system, and successfully rooted the latest Nexus phone at the time with the zero-day vulnerability he found. He also recently received Apple’s acknowledgement for successfully using paper made fake face to bypass the iPhone X’s faceID.


Evil Printer: How to Hack Windows Machines with Printing Protocol

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Sunday, August 9th at 09:30
Demo, Exploit

Zhipeng Huo Senior Researcher, Tencent Security Xuanwu Lab

Chuanda Ding Senior Researcher, Tencent Security Xuanwu Lab

Printer Spooler service, one of the important services in Microsoft Windows, has existed for more than 25 years. It runs at highest privilege level, unsandboxed, does networking, and dynamically loads third-party binaries. What could possibly go wrong?

In this talk, we will walk you through an incredibly fun bug we have discovered in printer spooler service. It can be exploited both locally and remotely, escapes sandbox, executes arbitrary code, and also elevates to SYSTEM. While Microsoft managed to develop the most restrictive sandbox for Microsoft Edge, this bug easily goes through it like it’s a sieve.

We will talk in detail the implementation of this ancient service, the method we used to discover and exploit the bug, and also throw in some tips and tricks for logic bugs in between.

Zhipeng Huo
Zhipeng Huo is a senior security researcher on Windows and macOS platform security at Tencent Security Xuanwu Lab. He reported Microsoft Edge sandbox escape bugs in 2017, 2018, and 2020. He was a speaker at Black Hat Europe 2018.


Chuanda Ding
Chuanda Ding is a senior security researcher on Windows platform security. He leads EcoSec team at Tencent Security Xuanwu Lab. He was a speaker at Black Hat Europe 2018, DEF CON China 2018, CanSecWest 2017, CanSecWest 2016, and QCon Beijing 2016.


Bytes In Disguise (⌐■_■)

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Sunday, August 9th at 10:30
Demo, Tool, Exploit

Mickey Shkatov

Jesse Michael

Non-Volatile Memory. EVERY computer has it, from the chip that stores your BIOS to the controller that runs your laptop trackpad and even your new fancy USB-C monitor. These small nooks of storage can be (ab)used by anyone to store data or code without causing any side effects and none would be the wiser. We will show you more than one example of how this is possible and walk through everything you need to know to do it, too.

In this talk, we will describe how to hide persistence in these obscure memory chips using simple tools that we are releasing as open source. We will show multiple ways to accomplish this without detection. On the defensive front, we’ll discuss what can be done to detect and lock down systems.

Mickey Shkatov
Mickey has been doing security research for almost a decade, one of his specialties is simplifying complex concepts and finding security flaws in unlikely places. He has seen some crazy things and lived to tell about them at security conferences all over the world, his past talks range from web pentesting to black badges and from hacking cars to BIOS firmware.


Jesse Michael
Jesse Michael is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented research at DEF CON, Black Hat, PacSec, Hackito Ergo Sum, Ekoparty, and BSides Portland.


nly takes a Spark — Popping a shell on a 1000 nodes

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Sunday, August 9th at 11:30
Demo, Tool, Exploit


“Apache Spark is one of the major players if not the leader when it comes to distributed computing and processing. Want to use machine learning to build models and uncover fraud, make predictions, estimate future sales or calculate revenue ? Whip out a 200 nodes cluster on Spark and you are good to go.

This talk will show you how to get a shell on each one of these nodes! We are talking about systems that, by design, have access to almost every datastore in the company (S3, Cassandra, BigQuery, MySQL, Redshift, etc.). This is game over for most companies. I will also release a tool that will help pentesters pwn Spark clusters, execute code and even bypass authentication (CVE-2020–9480).”

Ayoub currently works as Lead Security at Qonto. He spent several years working as a pentester and an incident responder. He gave talks at various security conferences about Mainframe hacking. Lately, his main focus is Cloud security.


Practical VoIP/UC Hacking Using Mr.SIP: SIP-Based Audit & Attack Tool

Watch on Youtube
Download from media.defcon.org

Live 30 min Q&A on Sunday, August 9th at 15:30
Demo, Tool

Ismail Melih TasSenior Expert in Offensive Security (PhD), Private Bank

Kubilay Ahmet KucukSenior Security Researcher (PhD), University of Oxford

In this talk, we will introduce the most comprehensive offensive VoIP security tool ever developed, Mr.SIP (comprehensive version). We will make a live attack demonstration using Mr.SIP in our security laboratory. Furthermore, we will also introduce novel SIP-based attacks using the vulnerabilities we found in the SIP retransmission mechanism and reflection logic.

Mr.SIP is developed to assist security experts and system administrators who want to perform security tests for VoIP systems and to measure and evaluate security risks. It quickly discovers all VoIP components and services in a network topology along with the vendor, brand, and version information, detects current vulnerabilities, configuration errors. It provides an environment to assist in performing advanced attacks to simulate abuse of detected vulnerabilities. It detects SIP components and existing users on the network, intervenes, filters and manipulates call information, develops DoS attacks, breaks user passwords, and can test the server system by sending irregular messages.

Status-controlled call flow and ability to bypass anomaly systems stand out as Mr.SIP’s unique aspects. It also has strengths and competencies in terms of advanced fake IP address generation, fuzzing, password cracker, interactive inter-module attack kit, and MiTM features.

Ismail Melih Tas
Melih Tas received B.Sc., M.Sc., and Ph.D. degrees in Computer Science & Engineering. He is working as Principal Penetration Tester in a private bank since 2015 in Istanbul, Turkey. He worked as multiple times award-winning entrepreneur and security expert in a private cybersecurity R&D company between 2010 and 2015 where he worked on funded projects. Previous to them, he also worked in a global troubleshooting center where he found the root causes of telecommunication security incidents and frauds and designed measures to prevent them from happening again. He wrote the National VoIP/UC Security Standard Draft by cooperating with Turkish Standards Institute. He is the author of open-source projects Mr.SIP: SIP-Based Audit and Attack Tool and SIP-DD: SIP-Based DDoS Defense Tool. He holds an OSCP certificate. He is an active speaker in hacker conferences including Black Hat Arsenal, Offzone and Nopcon. He likes to do bug bounty hunting in his spare time. His research interests include the design and analysis of both offensive and defensive security mechanisms in the fields of VoIP Security, Network Security, and Web/Mobile Application Security.


Kubilay Ahmet Kucuk
Kubilay Ahmet Kucuk is a DPhil (Ph.D.) candidate at the University of Oxford. His research interests include the problem of secure remote computation, and architectures with TPM, TEEs, ARM TZ, seL4. With a focus on SGX, he received Ph.D. studentship from Intel and completed the AppTRE (Trustworthy Remote Entity) project in Prof. Andrew Martin’s group. Before Oxford, he was a research assistant for five years at ETH Zürich, in D-MAVT Simulation Group. He led the software engineering in two CTI/Innosuisse funded projects in Industry 4.0 domain. These projects, the Face-gear Drive and the Next-Generation Virtual Feeder resulted in software products alive in the industry other than the journals.

North East New Jersey DEFCON Group Chapter. Dirty Jersey Represent! We meet at Sub Culture once a month to hack on technology projects! www.defcon201.org

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store