DEF CON Hacking Conference

Posted 10.26.17

Good news, everyone! We’ve managed to get a bunch more rooms at Caesars Palace into our special rate block. If you’re planning to attend DEF CON 26 and want some of those sweet, sweet onsite lodgings at a substantial discount, the time for action is upon you.

To register at Caesars with our room rate, use the link https://aws.passkey.com/gt/212381033?gtid=281c2a2f3267f177478f6cb65cf90b8b

This link will also get you the discount at several nearby affiliated hotels. While supplies last.

Posted 10.25.17

Today’s video release is 15 presentations from a new village on the block - Recon Village. Something for anyone interested in any flavor of Open Source Intelligence, Threat Intelligence, Reconnaissance and Red Teaming.

Tyler Rorabaugh - DFIR Automation Orchestration Tools For OSINT Recon

Tracy Maleeff - Into the Bird's Nest: A Comprehensive Look at Twitter

Winner Announcement Prize Distribution

Simon Roses - OSINT Tactics on Source Code and Developers

Shane MacDougal - Keynote: Seeing is Believing The Future of Recon

Mikhail Sasonkin - Up Close and Personal: Keeping an Eye On Mobile

Leah Figueroa - FERPA: Only Grades Are Safe; OSINT In Higher Education

Kunal Aggarwal - DataSploit Open Source Assistant for OSINT

Jason Haddix - Domain Discovery:Expanding Your Scope Like A Boss

Inbar Raz - Do Tinder Bots Dream of Electric Toys

Guillermo Buendia, Yael Esquivel - How To Obtain 100 Facebooks a Day

Dakota Nelson -Total Recoll

Anthony Russell - Building Google For Criminal Enterprises

Andrew Hay - An Introduction to Graph Theory for OSINT

Abhijeth Dugginapeddi - Recon and Bug Bounties What A Great Love Story

Take one down and pass ‘em around. Sharing is caring.

Posted 10.24.17

Let’s start the video release week off strong with ten talks from the DEF CON 25 Car Hacking Village! AUTOSAR, GPS Integrity, SDR Relay Attacks - there’s a lot to keep your brain occupied in here. Also, as a bonus, there’s also an auto-hacking related talk from the main track on low-budget auto hacking.

Mickey Shkatov, Jesse Michael, Oleksandr Bazhaniuk - Driving down the rabbit hole

Weston Hecker - Grand Theft Radio Stopping SDR Relay Attacks

Vlad Gostomelsky - GPS System Integrity

Tim b1tbane, Mitch Johnson, ehntoo - That's No Car Its a Network

Sheila Ayelen Berta, Claudio Caracciolo - The Bicho

Sameer Dixit, Vlad Gostomelsky - Abusing Smart Cars with QR Codes

Montalbano, Gillispie, Connett - Attacking Wireless Interfaces

Jeffrey Quesnelle - An Introduction to AUTOSAR Secure Onboard

Woodbury, Haltmeyer - Linux Stack Based V2X Framework

Badge Life: DEFCON Unofficial Badges Panel

Corey Theun - Heavy Truck and Electronic Logging Devices

Enjoy, and remember to pass ‘em on. More shortly.

Posted 10.23.17

Today’s DEF CON 25 video releases are a variety of novel presentations that take us away from the keyboard and workstation and into the wider world.

Kevin Sacco - Tales of A Healthcare Hacker

Rhett Greenhagen - Skip Tracing For Fun and Profit

J0n J4rv1s - Surveillance Capitalism Will Continue til Morale Improves

Gus Fritschie, Evan Teitelman - Backdooring the Lottery and Other Security Tales

Svea Eckert, Andreas Dewes - Dark Data

Chris Sumner - Rage Against the Weaponized AI Propaganda Machine

Ryan Lackey - Cypherpunks History

Yan Shoshitaishvili - 25 Years of Program Analysis

Manfred - Twenty Years of MMORPG Hacking: Better Graphics, Same Exploits

Pass it on, and watch this space.

Posted 10.20.17

The DEF CON 25 video release train rolls on today with 11 talks from the Wifi Village. From suitcase repeater builds to replace attacks on home security networks, there’s something there for everyone.

Woody, Tim Kuester - GODUMPiNG packet sniffing the Gotenna

Vivek Ramachandran, Nishant Sharma, Ashish Bhangale- Deceptacon

Robert Ghilduta - Designing An Automatic Gain Control

Nick Delewski - Failsafe: Yet Another SimpliSafe Attack Vector

Matt Blaze - Sigint for the rest of us

Eric Escobar - SecureWorks: SDR Replay Attacks On Home Security Systems

Balint Seeber - Hacking Some More of the Wireless World

Andrew Strutt - Suitcase Repeater Build for UHF 70cm

Andrew Strutt - POCSAG Amateur Pager Network

Alexander Zakarov - Large Scale Wireless Monitoring: KISMET Packet Sniffer

Aardvark, Darkmatter - WIGLE Like You Mean It Maximizing Your Wardriving

Enjoy, share and stay tuned!

Posted 10.19.17

Hackers owning all the machines at the DEF CON 25 Voting Machine Hacking Village has gotten a lot of press, but the Village also had a roster of talks on the subject from experts like Matt Blaze and Gen. Douglas Lute. The need to reconsider the security of election systems is one of the biggest ideas to come out of DC25, and this playlist is a good way to get yourself up to speed on the state of ballot security.

Jake Braun - Securing the Election Office: A Local Response

Joseph Hall, David Jefferson - Common Misconceptions and False Parallels

Matt Blaze - How did we get here? A history of Voting Technology

Mary Brady, Josh Franklin - The State of US Voting System Security

Joseph Hall - Election Hacking: Legal Considerations from the Civil Side

Harri Hursti - Brief history of election machine hacking

General Douglas Lute - National Security Implications of Voting Attacks

Barbara Simons, David Jefferson - Election Systems: More Than the Booth

As always, pass it on. Share the knowledge.

More on the way.

Posted 10.18.17

The wise hacker never underestimates the human factor - unlike machines and code humans are eager to be fooled and notoriously difficult to patch. To help expand your horizons in this crucial skillset we present a bunch of talks from the DEF CON 25 Social Engineering Village.

Yaiza Rubio, Félix Brezo - Heavy Diving For Credentials

Tyler Rosonke - Social Engineering With Web Analytics

Robert Wood - Thematic Social Engineering

Jayson E. Street - Strategies on Securing Your Banks and Enterprises

Helen Thackray - Hackers Gonna Hack , But Do They Know Why?

Fahey Owens - Beyond Phishing – Building & Sustaining a Corporate SE Program

Chris Hadnagy - SE vs Predator: Using SE In Ways I Never Thought

Brent White, Tim Roberts - Skills For A Red Teamer

Billy Boatright - Nor Lose The Common Touch

Michele Fincher - Are You Killing Your Security Program?

Keith Conway, Cameron Craig - Change Agents How to Effect Change in Corporate Culture

John Nye - The Human Factor Why Are We So Bad at Security

As always, take some knowledge, share some knowledge.

Many more videos on the way.

Posted 10.16.17

Today’s DEF CON 25 videos come from the Industrial Controls Systems (ICS) Village, where we learn about the security challenges confronting the nervous system of modern life.

For the low, low price of time and attention you get:

Thomas Brandsetter - InSecurity in Building Automation

Joe Weiss - Cyber Security Issues with Level 0 through 1 Devices

Chris Sistrunk - What's the DFIRence for ICS

Bryson Bort, Atlas - Grid Insecurity and How to Really Fix This Shit

Blake Johnson Dissecting Industrial Wireless Implementations

Arnaud Soullié - Fun with Modbus 0x5a Nothing New Still Relevant?

Settle yourself in and get hip to the ICS news. Be the hit of every cocktail party with all your new ideas about DFIR and Modbus!

Pass it on and stay tuned for more.

Posted 10.13.17

Another batch of DEF CON 25 talks for your weekend perusal, this time focused on Privacy and pulled from the main speaking track at DEF CON. For those you who can’t get enough presentations on this subject, rest assured that the presentations from the DEF CON 25 Crypto and Privacy Village will follow next week.

The menu:

Cooper Quintin and Kashmir Hill - The Internet Already Knows I’m Pregnant

Jim Nitterauer - DNS: Devious Name Services Destroying Privacy & Anonymity w/o consent

Peyton Engel - Learning about Government Surveillance Software

Roger Dingledine - Next Generation Tor Onion Services

Richard Thieme - When Privacy Goes Poof! Why It's Gone and Never Coming Back

Tess Schrodinger - Total Recall Implanting Passwords in Cognitive Memory

Weston Hecker - Opt Out or Deauth Trying! AntiTracking Bots & Keystroke Injection

Block out some time, get yourself some hot cocoa and enjoy. As always, spread the love and share the content.

More to come. Stay tuned.

Posted 10.12.17

Hacktober begins. The unleashing of the videos from DEF CON 25 has been initiated. Today, we have a themed playlist of 15 IoT-centered videos, from the main tracks and the IoT Village alike. Prepare to have your commitment to workplace productivity tested. Enjoy them, be mentally embiggened by them, and share them widely before the DVR botnets swamp us all.

Watch this space for more playlists. It’s all happening.

Happy Hacktober to all.

Posted 10.11.17

Here's the C-SPAN coverage from the aformentioned Atlantic Council event, enjoy!

Posted 10.10.17

Today at a Washington DC event hosted by the Atlantic Council, the long-awaited DEF CON 25 Voting Village Report was released. You can even watch the presentation live on CSPAN 2 - The Dark Tangent is headlining the event!

During the weekend of DEF CON 25, every single device in the Voting Village was compromised. The report we’re releasing today gives a glimpse into how much we were able to discover in only a few days. Any committed threat actor would devote vastly more time and resources, and we believe that democratic governments must treat the security of election systems with the same rigor and investment as they do their borders.

We entered into this experiment as a non-partisan public service, believing that discussion about solutions has to start with a realistic assessment of what needs fixing. The DEF CON community has a lot of talent in that kind of work, and we saw a way we could contribute.

We would like to thank everyone who joined us in the Voting Village to test the machines, everyone who collaborated on the report, the Atlantic Council for helping us share the results and the Library of Congress for granting an easement of the DMCA provisions that would have blocked this research. This project is a great example of government making room for independent researchers to bring their talents to an issue that matters to all of us. Here’s hoping there will be more success stories like this one.

Posted 10.6.17

Vito from the Legitimate Business Syndicate has started blogging about the experience of running the past five (stellar) DEF CON CTF Contests.

Recommended read for anyone interested in CTF, especially anyone considering responding to our call for CTF Organizers. LBS is top-shelf, and if you’re going to learn, they’re the kind of teachers you want.

Posted 10.2.17

After five years of exemplary stewardship of the DEF CON CTF, the shadowy masterminds of the Legitimate Business Syndicate are ready to retire to the shore house. However, whenever life closes a door, hackers jimmy open a window. LegitBS will be missed, but for someone out there a giant opportunity has just opened up.

We know some of you have genius ideas for making your own mark on the world’s premiere CTF competition, we want your proposal. In return for your fresh blood and fanatical devotion, we offer eternal geek glory and a place in the pantheon next to LegitBS, DDTEK, Kenshoto and the all theheroes who have made this contest their own.

There’s a lot you’ll need to know to submit, and you can read all about it on our CTFCFO page.

For inspiration, check out this Mega-panel of previous CTF organizers from DEF CONs past, courtesy of DEF CON 25.

If you’re ready to graduate from the combat arena to the control room, get your ideas together and let’s make some magic. Valhalla awaits.

Posted 9.26.17

Frequent DEF CON speaker and OSX security guru Patrick Wardle drops some 0day on the eve of Apple’s macOS rollout. 0day with plaintext password exfiltration.

A little more of Patrick’s excellent work from DEF CON 25 - his presentation on OSX Fruitfly.

Posted 9.21.17

The #votingvillage we introduced at DEF CON 25 is still in the News - mainly because it’s being cited as one of the driving forces behind a growing shift in attitudes about the security of ballot machines.

In Virginia, the State Board of Elections voted to decertify it’s touchscreen voting machines in time for the November gubernatorial election, and one of the reasons given was the discoveries at DEF CON. We’re hoping for increased focus on security and accountability in our voting systems, and we are pleased to see the subject getting broader attention.

https://www.washingtonpost.com/local/virginia-politics/virginia-scraps-touch-screen-voting-machines-as-election-for-governor-looms/2017/09/08/e266ead6-94fe-11e7-89fa-bb822a46da5b_story.html?utm_term=.bf3f8eb32228

https://www.theregister.co.uk/2017/09/11/virginia_to_scrap_touchscreen_voting_machines/

https://www.usnews.com/news/best-states/virginia/articles/2017-09-08/virginia-bans-certain-voting-machines-over-hacking-concerns

There’s also a very informative episode about DEF CON by the fine people who do all the ‘How Stuff Works’ podcasts. The first half is devoted to a thorough explanation of DC history and the second half is an interview with the wonderful Shannon Morse (@Snubs) about her experiences there as a human and in her professional capacities as a vendor and journalist. It’s from their TechStuff series and it’s worth a listen, especially if you’re new to the community.

http://shows.howstuffworks.com/techstuff/the-def-con-story.htm

Posted 9.5.17

In case you didn't know, the DEF CON 25 Soundtrack is available on Bandcamp as a 'pay-what-you-want' item. All proceeds go directly to keep the exemplary humans at the EFF fighting for the users. So for a modest donation you get dope music from DC25 performers and that warm feeling that only comes from selfless do-goodery.

The DEF CON A&E Team also auctioned off an artist badge for $321. Add that to the current Bandcamp sales of $423.37 and our donation match and you get a current payout to EFF of $1506.

"But the EFF does so much!" you say. "Surely I can still contribute to push that number higher?"

To which we respond, "Yes. Yes you can."

Click that link. Get some tunes. Relive the sounds of DEF CON 25 and toss a little change in the bucket to help the EFF keep cyberspace free.

Do it today, and then make sure to pass it on.

Posted 9.2.17

Ease into your weekend with another DEF CON 25 early release video! This time it's Patrick Wardle's presentation "Offensive Malware Analysis: Dissecting OSX FruitFly via a Custom C&C Server". It's a quick talk, but there's lots to chew on here.

As always, enjoy and pass it on.

Posted 9.1.17

Take a deep dive into the DEF CON 24 Cyber Grand Challenge with this video from DARPAtv, because what's cooler than autonomous supercomputers battling for supremacy? Clear a little time (it's a bit over 2 hours of analysis) and get yourself educated.

Posted 8.28.17

Now we take you way back to July 2017 for a leisurely Q&A with two impressively clued-in congresspeople; Rep. James Langevin from Rhode Island and Rep. Will Hurd from Texas.

Ever wondered if there was such thing as a “hacker-friendly” member of Congress? We found some and convinced them to come to DEF CON so you can meet them too! In this first-of-its-kind DEF CON session, two of the most hacker-friendly Congress critters will join DEF CON for an engaging and interactive session with the security research community.

Join the Atlantic Council’s Cyber Statecraft Initiative for a candid discussion with Representatives Will Hurd (R-TX) and James Langevin (D-RI). The two Congressmen share their thoughts on the latest developments in cybersecurity policymaking on the Hill, exchange ideas, and maybe even answer some of the Congressmen’s questions.

As always, enjoy and pass it on.

Posted 8.21.17

Check out a few of the wrap ups and reviews From DEF CON 25!

DEF CON 25 Social engineer Village Wrap Up

Packet hacking Village Presentation Slides

Hacker Warehouse coverage of the DEF CON 25 Voting machine hacking Village

Posted 8.16.17

Another couple of DEF CON 25 early release videos to brighten up your midweek, in which Plore shows you how 15 bucks and some hacker ingenuity can turn a fancy smart gun back into a regular old dumb gun.

We also have Max Bazaliy's brief but info-dense presentation about the Apple Watch. Max walks through the Watch's vulnerabilities and methods of exploitation and closes with a demo of a jailbreak.

As always, enjoy and pass it on.

Posted 8.15.17

The press archive from DEF CON 25 is up for perusal at your leisure. We'll keep adding to it as we find more related stories, and we encourage you to share stories if you find ones we missed.

Posted 8.11.17

We don't usually make this announcement anywhere near this early in the pre-con season, but the DEF CON room block for DC26 is already about half-full. Crazy, right?  

Those of you interested in the reduced rates we get at the con-affiliated hotels can slide over to https://aws.passkey.com/go/SCDEF8 for the most current info, and keep an eye out for any updates, should more rooms become available.

Current Prices:

Harrahs: $64 Sun-Thur, $94 Fri-Sat, $15 resort fee
Ballys: $84 Sun-Thur, $127 Fri-Sat, $19 resort fee
Caesars: $151 Sun-Thur, $171 Fri-Sat, $22 resort fee
Flamingo: $87 Sun-Thur, $127 Fri-Sat, $17 resort fee
Linq: $69 Sun-Thur, $99 Fri-Sat, $17 resort fee
Paris: $133 Sun-Thur, $156 Fri-Sat, $19 resort fee

Complimentary self and valet parking at all properties!

Posted 8.10.17

More goodies for you on the DEF CON Media Server. The #DEFCON presentations and workshop materials have been updated and the torrents have been regenerated. The old ones are officially deprecated.

The films from the T.D. Francis X-Hour Film Contest, including the winner, are also there for your viewing pleasure.

Enjoy, and pass it on!

Posted 8.8.17

Settle in and watch a $200 open source robot crack a combination safe. Learn how and why, sure, but also watch a robot crack a safe.

https://youtu.be/v9vIcfLrmiA

Posted 8.7.17

Today we bring you another Early Release Talk from DEF CON 25! This time it's a more nuts-and-bolts crypto talk about the creation of the first SHA-1 collision. In this talk, Elie Bursztein delves into the challenges faced from developing a meaningful payload, to scaling the computation to that massive scale, to solving unexpected cryptanalytic challenges.

As ever, enjoy and share the love. Pass it on.

Posted 8.6.17

More goodies from DEF CON 25 have arrived on the Media Server! This time it's vast quantities of Infoz from the CTF competition. We've got results, services, scorebots and captures, all lovingly hand-compressed by DT for maximum potency. Please enjoy the caps in both team and organizer flavors.

In addition to the individual files in the CTF folder, we have prepared the whole enchilada in handy torrent format. As always, seeding is greatly appreciated. The data must flow.

Posted 8.5.17

Population of the DEF CON Media Server with DC25 goodies continues: the pictures from the closing ceremonies slide show are now live. Stay tuned - the entire output of the DEF CON Photo Corps will be available for slurpage in handy torrent format soon. Pictures, PCAPs, videos - maybe crack open a fresh hard drive and settle in. The data will flow.

Posted 8.4.17

Early release video from DEF CON 25 - Garry Kasparov's presentation 'The Brain's Last Stand'. As always, enjoy and make sure to pass it on!

Posted 8.3.17

Congratulations to this year's contest winners! The level of competition at DEF CON is serious, whether it's the DC CTF or the Tin Foil Hat Contest, there are many very clever, very resourceful humans vying for the honors, and we salute you.

The contest results page represents the current state of our knowledge. We'll update as additional info comes in - do not despair if you don't see the event you're looking for just yet.

We also salute all those who competed but did not taste victory this year. The distance between observer and competitor is much greater than the one between competitor and victor, and DEF CON 26 will be here sooner than you know.

Posted 8.2.17

This year, you'll find all that juicy data on the DEF CON media server (media.defcon.org) and you can connect at your leisure and leech to your heart's content with no silly plastic doodads to hunt down of when you're loading out your hotel room.

Anything you might have formerly found on the Con CD, as well as anything we post in the future in the way of Video, Audio, and updates to presentations will be there, so keep your eyes peeled!

DEF CON 25 Receipt

Torrents for Presentation and Workshop Materials:
https://media.defcon.org/DEF CON 25/DEF CON 25 presentations.torrent
https://media.defcon.org/DEF CON 25/DEF CON 25 workshops.torrent

Posted 8.1.17

Yep. They won the Car Hacking Village CTF, so they won a tricked out truck. To hack or to cruise in, at their discretion. You can find out more about the contest and the other goings on at the DCCHV at carhackingvillage.com.

Posted 7.31.17

Congratulations to Plaid Parliament of Pwning for their historic win at this year's CTF and a heartfelt thank you to the stand-up folks at Legitimate Business Syndicate for five years of fantastic contests.

You can read the final scores and sift through all their juicy data on the LBS blog:
https://blog.legitbs.net/2017/07/def-con-ctf-2017-final-scores-and-data.html?m=1

Posted 7.31.17

Another DEF CON is in the books. 25 years, and still exciting and expanding. Still staffed and attended by a community of volunteers and enthusiasts who are passionate about improving our shared digital world. You can't really ask for a better anniversary present than that.

Thanks to everyone who brought their energy and curiosity to Caesars this year, to every one of you who took the time to teach something, to every one who brought something to share, and to everyone who made it easy for people new to the scene to find a home.

We hope to see all of you back at Caesars for DEF CON 26! We're gonna get on planning that the minute the dust is cleared from this one. Stay tuned for content updates, contest results and the rest of the press coverage.

As always, we are insanely proud of the DEF CON community.

We love you, and we look forward to doing all this with you again soon.

Posted 7.29.17

DEF CON marches on, Thursday and Friday are in the books. Caesars is still here, Vegas is still hot. For the curious, here's a sampling of the press from DC25 so far, to give you an idea what the world outside this casino is thinking about our beloved hacker party.

Cnet - Everything looks like a hack when you're paranoid at DEF CON.
Cnet does a good job of reminding everyone to take a deep breath and carry on.

Kasparov talks calculated odds, AI, and cybersecurity
Cool Q&A with the brilliant and highly entertaining Kasparov.

It's shockingly easy for hackers to remotely scan and clone your work security badge

Why DEF CON still matters 25 years later
Well, technically 24 years later. But we're glad to still matter.

The First Apple Watch Jailbreak Has Been Demonstrated At Def Con 25

Hackers Will Be Breaking Into Voting Machines This Weekend

Watch this space for more press reaction to DEF CON 25.

Posted 7.28.17

For a rookie, the Voting Machine Hacking Village is off to a very impressive start: consider the following tweets:

90 min after doors open: Complete remote control on the operating system level of the Winvote voting terminal (including election data).

On the e-pollbook front: internal data structure already discovered and reverse engineered within an hour. #VotingVillage

The Voting Village has a bunch of machine makes and models to try your hand at, including Sequoia AVC Edge, ES&S iVotronic, Diebold TSX, Winvote, and Diebold Expresspoll 4000. More importantly, there's a chance to make a little history here. The integrity of voting systems is a live issue in the world's news, and there are a lot of eyes on our little experiment. If your idea of fun includes a little paradigm-shifting, the VotingVillage is open all DEF CON.