Join Us July 26 – 29th, 2012


All 4 days just $200 USD!

at the Rio Hotel in Las Vegas


Cash only at the door.

Speakers

Welcome & Making the
DEF CON 20 Badge

More info to come.

return to top

DEF CON Documentary Trailer

As you may have heard, in honor of our 20th anniversary, we have a DEF CON Documentary in the making by none other than Jason Scott of textfiles.com! At the beginning of this hour he will give you a quick sneak peek of the film and maybe discuss a few juicy tidbits!

Before, During, and After

When Gail Thackeray first spoke at DEF CON 1 there was no world wide web, state sponsored computer warfare was the stuff of science fiction, and international mafias had yet to become major players in computer crime.Internationally known for her role in Operation Sundevil, the former prosecuting attorney will discuss the changes in the computer security legal landscape since she first spoke at DEF CON. She will also discuss the evolution of the relationship between the computer security researcher community and law enforcement and government.

Twenty years ago, Dead Addict practically begged Gail Thackeray to appear at DEF CON, even though she was actively prosecuting several of his close friends. Since then the government (law enforcement, military, and intelligence community) has actively participated in DEF CON; to the point where we’ve been given the moniker ‘FED CON’. Dead Addict will discuss the evolving relationship between government, the hacker community, and the civil liberties community. While obviously at odds with each other in some areas, there is also shared ground between these groups. This year he was happy to be able invite Gail again, this time not begging as much, and thankfully she isn’t prosecuting any of his friends.

Following their talk, Gail and Dead Addict will give a special introduction to our Special Guest Speaker [REDACTED], [REDACTED] of the [REDACTED] and [REDACTED].

Gail Thackeray is a former Assistant Attorney General and Special Counsel recently retired from the Arizona Attorney General's Office. Her career prosecuting electronic crimes included the investigation and prosecution of early infrastructure attacks on a telephone network and a power company, as well as numerous fraud, cyberstalking and intrusion crimes. She participated in the nationwide Secret Service hacker investigation known as "Operation Sundevil" and attended the first Defcon Conference. She currently works at the Arizona Counter Terrorism Information Center as a computer forensic examiner. She has a B.A. from Vassar College, a J.D. from Syracuse University, and earned the CFCE forensics certification from the International Association of Computer Investigative Specialists (IACIS).

20 years ago, Dead Addict helped organize the first DEF CON. He has been part of the staff ever since. In the years since DEF CON began, DA has worked for companies large and small, helping secure mobile platforms, operating systems, and financial infrastructures. In addition to being given the opportunity to speak speak at DEF CON, Shmoocon, Black Hat, Notacon and others, he constantly feels privileged at the company he has been able to keep. He is currently a wandering rōnin and aspiring curmudgeon that can be reached at da@defcon.org or daddict@gmail.com.

return to top

DC 101 Thursday Talks

Cracking Wireless encryption keys is a fundamental capability that should be in every penetration tester's skill set. This talk will walk you through the basic steps necessary to break Wireless Encryption Protocol (WEP) and steps to perform dictionary and brute force attacks against Wi-Fi Protected Access (WPA & WPA2).

DaKahuna works as a Systems Engineer for a small defense contractor in the Washington DC metro area. By day he works with large government agencies reviewing network and security architectures, reviewing information assurance and information security policies and guidance, and advising on matters of policy and governance. By night he enjoys snooping the airways be it the amateur radio bands or his neighbors wireless networks. He is a father of two, 24 year Navy veteran and holder of an amateur radio Extra Class license.

return to top

Putting up a flag and asking for help on the Internet is not for the faint of heart. When you simply want to get started with information security, hacking or just playing around with the vulnerabilities of computer systems, asking the right question to the right person is a crap shoot. Tired of being on the outside looking in? This 101 talk will help you get your feet wet! It will provide you the basic knowledge required when starting out in the InfoSec scene. Afraid to ask someone what the best NMap toggles are? Can't even get your metasploit running? Having trouble decoding your tcpdumps? We can help! Spend 50 min. with us and jump start the next 50 years of your life!

Ripshy is a long time tinkerer who has been a part of the DEF CON community for the past 10 years, attending his first con at the Jail bait age of 15. He has worked in various roles touching multiple points of the info sec rainbow, and is currently working with Sony PlayStation doing magical things with little more than curiosity and a keyboard. Ripshy is an OG member of the Vegas 2.0 crew, a founding member of GayHackers, and works as a goon in the DEF CON NOC.

Hackajar has been involved in DEF CON in one form or another for over a decade. He's a founding member of Vegas 2.0, a Contest Goon, and the brains behind "The Summit". He currently heads a Silicon Valley Hacker Space and various security shenanigans.

return to top

YOU: are part of the problem. You should count yourself among the ranks of the unprepared. You are under-educated and fooling yourself. You are sheep, you just don’t know any better… but ignorance is no excuse. You know that much.

Navigating the world of Social Engineering is often portrayed with the image of “Jedi mind-tricks” and labeled with terms like “The Art of Deception”… These are all just ploys to convey mysticism, sell books and add value to a skill based on common sense, perception and the ability to think further than the end of your own nose.

It’s time to remove the wool and learn what Social Engineering is and how it works. Welcome to a crash course in the oldest CLI…. Bring a helmet.

Siviak: A contributor to DEF CON for 14+ years and a geek for over 30, Siviak is considered by some as a trusted* (*citation needed) authority in the area of Social Engineering, considered by others to be a complete asshole and considered by himself, often.

Siviak has talked with, listened to, pontificated at, entertained, debated, challenged, hoodwinked, and exchanged booze with a great number of us over the years. He is one of the originating voices behind the Lackey Program, undisputed ruler of the Scavenger Hunt, winner of more black badges than any other attendee in history and a proud member of 23b.

return to top

DEF CON 101

DC101 is the Alpha to the closing ceremonies' Omega. It's the place to go to learn about the many facets of Con and to begin your Defconian Adventure. Whether you're a n00b or a long time attendee, DC101 can start you on the path toward maximizing your DEF CON Experiences.

HighWiz █████ █████ █████ ███ ████, ███████████ ██████████ ████. ██████ ████████ ████ ██ ████ ████████ ██ ██████████ ██████ █████████. ██ █████████ █████ ███████ ████ █████████ ███████. ███████ ███████ ███ ██ ███ █████████ ████ █████████ █████ █████████. ███████ ██████ █████, █████████ ██ █████████ ███, ████████ ██ █████. ███ ███ █████ █████ █████ █████████ ███████. █████████ ███████ ██████ ██████. ███████ ██ ██████ ████, ██ ████████ █████. ███████ ██ ██████████ █████. █████████ █████████, █████ ███ ████████ █████████, █████ █████ ███████ ██████, ██ ████████████ ██████.

Pyr0 is the asshole who oversees the Contests and Events at DEF CON. He's been attending since DEF CON 6 and a goon since DEF CON 7. One of those 3 0 3 peoples and also rolls deep with Security Tribe. Loves good vodka, smart girls, explosives, and big black . . . guns. Has the ability to tell a man to go to hell so that he looks forward to the trip. ALSO:DONGS

Roamer is the Senior Goon in charge of the Vendor Area. He has been on DEF CON staff since DEF CON 8. He was the founder of the DEF CON WarDriving contest the first 4 years of it's existence and has also run the slogan contest in the past. Roamer is the lead guitarist in the Goon Band, Recognize (despite what you may read in Gm1's bio). Although having no actual skills his ability to out-drink virtually every Goon and attendee under the table has gained him massive prominence in the scene and elevated him to the lofty station you see him in today.

Lockheed is the Sr. Goon in charge of the DEF CON Network Operations Group since DEF CON 4. Professionally, Lock has over 25 years of experience in the technology field. He's had jobs ranging from lowly tech writer, mainframe operator, product engineer, product marketing manager, and is currently Sr Director in charge of the Global IT Group for Sony PlayStation Worldwide Studios, managing staff across the globe. He's been in the video game industry for almost 10 years now.

AlxRogan was born and raised in the Oil and Gas industry, and has worked (off and on) there since 1995. In his work experience, he has consulted for energy generating companies, health care providers, US and local government, and education/research institutions. He is currently the Information Security Architect for a mid-size oil and gas company in Houston. He also enjoys mopery.

LoST: With a background in mathematics and robotics LosT spends his free time between calculating how to take over the world and building the robots to accomplish it. Deciding to teach others how to create robot overlords, he created the Hardware Hacking Village for the DEF CON community with Russ in an effort to get more people involved with hardware. Fearing competition LosT devised the Mystery Challenge to confuse and confound those who would rise up against him- eventually becoming the creator of the badges to that same end. Really he just wants to juggle and read books these days, or watch MST3K with Tom.

Flipper is the new guy on the panel. DEF CON 19 was his first DEF CON, and he was on the team that went on to victory in the Scavenger Hunt. Last year he applied his experience from robotics competitions to survive several days of sleepless insanity. He is back again this year to talk about the whole DEF CON experience from the perspective of a newcomer. His day job finds him being an expert in underwater robotics.
Twitter: @NickFlipper
Flipper on G+

return to top

Have you ever wondered how you can translate your mad skillz into an actual job? Does coming to DEF CON even help you get there? Four members of the DEF CON staff will astound you with the stories of how they took their experiences at DEF CON and turned them into the jobs of their dreams. Despite using their DEF CON experiences to obtain these jobs, they represent four completely different industries: Government, Energy, Health Care, and the Video Game Industry in a variety of different job functions. Learn from their experience and find out what they look for (from the community?) when they need to fill positions in their respective industries.

Roamer is the Senior Goon in charge of the Vendor Area. He has been on DEF CON staff since DEF CON 8. He was the founder of the DEF CON WarDriving contest the first 4 years of it's existence and has also run the slogan contest in the past. Roamer is the lead guitarist in the Goon Band, Recognize (despite what you may read in Gm1's bio). Although having no actual skills his ability to out-drink virtually every Goon and attendee under the table has gained him massive prominence in the scene and elevated him to the lofty station you see him in today.

Lockheed is the Sr. Goon in charge of the DEF CON Network Operations Group since DEF CON 4. Professionally, Lock has over 25 years of experience in the technology field. He's had jobs ranging from lowly tech writer, mainframe operator, product engineer, product marketing manager, and is currently Sr Director in charge of the Global IT Group for Sony PlayStation Worldwide Studios, managing staff across the globe. He's been in the video game industry for almost 10 years now.

AlxRogan was born and raised in the Oil and Gas industry, and has worked (off and on) there since 1995. In his work experience, he has consulted for energy generating companies, health care providers, US and local government, and education/research institutions. He is currently the Information Security Architect for a mid-size oil and gas company in Houston.

return to top

Fuck a bunch of skiddie tools acquired from bobo forums. One does not have to be a master to write their own shit. Yoda said it best get off your dick and write yourself some Python (Just don't show it to Highwiz he might bite it). Also always remember to stay in the the wizards good graces or you will find yourself publicly humiliated. You can come to this talk and find out how to be humiliated publicly but also: learn some python from a hackers perspective. Oh yea: Dongs, Schlongs, and Turds

Terrence "tuna" Gareau If drinking and getting fat was a job Terrence “tuna” Gareau would be a rich and happy person. He has spent his years growing up with a terminal on his dong. There is nothing more satisfying to this poor bloke then hacking something to find a new purpose or use for it. This love for hacking has gone so far that he does not know how to interact with humans or the opposite sex and has left him a 26 year old virgin.

return to top

Since this is DC101, I've got some things I want to get off my chest- a brief overview of 'foundational' hacker knowledge that I personally believe all hackers should have or would want- from subculture references to numerical oddities, this will be a meat space core dump of an ADD-OCD hacker. (ADD-OCD: I'm constantly changing what I'm completely obsessed about.) Topics will include mathematics, linguistics, programming, hardware, DEF CON, robotics, and more. A veritable cornucopia of fun. Or not.

LoST: With a background in mathematics and robotics LosT spends his free time between calculating how to take over the world and building the robots to accomplish it. Deciding to teach others how to create robot overlords, he created the Hardware Hacking Village for the DEF CON community with Russ in an effort to get more people involved with hardware. Fearing competition LosT devised the Mystery Challenge to confuse and confound those who would rise up against him- eventually becoming the creator of the badges to that same end. Really he just wants to juggle and read books these days, or watch MST3K with Tom.

return to top

Everyone relies on their locks to keep things secure. From front doors to filing cabinets, they give us the sense of security that no one else can get inside without the proper key. However, in reality, most locks can be picked trivially without any evidence of exploitation. You will learn how and why lockpicking works as well as what manufacturers have done to protect against such shenanigans.

Dr. Tran is a security professional in Switzerland by day, but some say he’s a super-secret agent by night. He’s been tinkering and taking apart technology since childhood, but hasn’t necessary figured out how to reassemble them. When Robert is not wrenching on motor vehicles or traveling the world, he’s picking locks. He’s been an active member of TOOOL for over 3 years and has taught at conferences including Shmoocon, CarolinaCon, NotaCon, Security BSides, QuahogCon, HOPE, & DEF CON.

return to top

Movie Night With The Dark Tangent: "Code2600" + Q&A With the Director

DEF CON is happy to announce Code 2600 will be showing at DEF CON 20! We will be the first hacker con to have the film shown and we are pretty excited about it. The filmmaker will be present and doing a Q & A after the screening! Check out code2600.com for more info!

About the film:

CODE 2600 documents the rise of the Information Technology Age as told through the events and people who helped build and manipulate it. The film explores the impact this new connectivity has on our ability to remain human while maintaining our personal privacy and security. As we struggle to comprehend the wide-spanning socio-technical fallout caused by data collection and social networks, our modern culture is trapped in an undercurrent of cyber-attacks, identity theft and privacy invasion. Both enlightening and disturbing, CODE 2600 is a provocative wake-up call for a society caught in the grips of a global technology takeover.

The Cast:

Bruce Schneier,
Chief Security Technology Officer, BT

Jeff Moss,
Founder Def Con and Black Hat

Marcus Ranum,
Chief Security Officer, Tenable Security

Jennifer Granick,
Civil Liberties Director, EFF

Dr. Bob Lash,
Original Member of the Homebrew Computer Club

Eric Michaud,
Founder, Pumping Station One

Gideon Lenkey,
Security, CEO RA Security Systems

Lorrie Cranor,
Cylab, Carnegie Mellon University

Phil Lapsley,
Phone Phreaking Expert, Author

Robert Vamosi,
Computer Security Journalist, Author

Wallace Wang,
Author, "Steal This Computer Book"

Gideon Lenkey,
Co-Founder, Ra Security Systems

return to top

Movie Night With The Dark Tangent: "Reboot" + Q&A With the Filmmakers and Actors

We are very excited to announce an Exclusive Sneak Preview screening of the film Reboot at DEF CON 20! Here is a peek at the premise from an article on the film:

"Set within a dystopian world that is a collision between technology and humanity, "Reboot" touches upon many of the current social and political concerns that arise from becoming more and more intertwined with the virtual.

In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand and a mysterious countdown ticking away on the display. Suffering from head trauma, and with little recollection of who she is or what is happening, Stat races against time to figure out what the code means, and what unknown event the pending zero-hour will bring."


We are also excited that the filmmakers and lead cast members will be on hand at DEF CON for a Q&A session along with the screening! We'll have more info as this solidifies.

If you are looking for a fun gaming challenge, Reboot has a cool alternate reality game in which you can participate as well! Find more info at http://www.rebootfilm.com/scoreboard.

return to top

Movie Night with The Dark Tangent:
"We Are Legion: The Story
of the Hacktivists"

"We Are Legion: The Story of the Hacktivists” is a documentary that takes us inside the world of Anonymous, the radical “hacktivist” collective that has redefined civil disobedience for the digital age. The film explores the historical roots of early hacktivist groups like Cult of the Dead Cow and Electronic Disturbance Theater and then follows Anonymous from 4chan to a full-blown movement with a global reach, one of the most transformative of our time.

We might even get lucky and have some cast and crew in attendance for a short Q&A!

return to top

Movie Night With The Dark Tangent: "21" + Q&A With "MIT Mike" Aponte

Join us for a screening of the hit movie "21" and stick around for a Q&A session with "MIT Mike" Aponte, the real-life inspiration for the character "Jason Fisher".

"MIT Mike" Aponte Mike Aponte is a world-renowned blackjack player, gaming consultant and professional speaker. Mike was the leader of the MIT Blackjack Team, a high stakes card-counting team that legally won millions at 21 using mathematics and an ingenious approach. Mike was one of the main characters in the New York Times bestseller, Bringing Down the House, which inspired the major motion picture, 21.

Drawing on 20 years of professional blackjack experience, Mike teach players how to turn 21 into a lucrative money maker. Blackjack is unique because unlike other casino games, it is a true game of skill. The decisions you make actually determine whether you will win or lose over the long run. The beauty of blackjack is that for every playing decision there is one and only one correct play, and for every betting decision there is one and only one optimal bet.

Professional blackjack is both an art and science. In addition to learning the optimal strategies you must also develop the skills in order to apply the knowledge effectively. Mike teaches his clients how to develop a high skill level using the same training methods and techniques he used when he managed the MIT Team. If you're tired of losing to the casinos or are entrepreneurial minded and seeking a new and exciting skill, Mike can help you turn blackjack into a winning investment.

Accomplishments:
In addition to being one of the MIT Blackjack Team’s most successful players, Mike was also responsible for recruiting, player development and strategic analysis. In 2004, Mike won the first World Series of Blackjack championship competing against the best blackjack players in the world. Mike speaks professionally for corporations and universities and also consults on the mathematics of gaming

return to top

Shared Values, Shared Responsibility

We as a global society are extremely vulnerable and at risk for a catastrophic cyber event. Global society needs the best and brightest to help secure our most valued resources in cyberspace: our intellectual property, our critical infrastructure and our privacy. DEF CON has an important place in computer security. It taps into a broad range of talent and provides an unprecedented diversity of experiences and expertise to solve tough problems. The hacker community and USG cyber community share some core values: we both see the Internet as an immensely positive force; we both believe information increases in value by sharing; we both respect protection of privacy and civil liberties; we both believe in the need for oversight that fosters innovation, doesn’t pick winners and losers, and retains freedom and flexibility; we both oppose malicious and criminal behavior. We should build on this common ground because we have a shared responsibility to secure cyberspace.

General Keith B. Alexander is the Commander, U.S. Cyber Command (USCYBERCOM) and Director, National Security Agency/Chief, Central Security Service (NSA/CSS). As Commander, USCYBERCOM, he oversees planning, coordinating and conducting operations and defense of DoD computer networks. As Director, NSA/Chief, CSS, he oversees a DoD agency with national foreign intelligence, combat support, and U.S. national security information system protection responsibilities. GEN Alexander holds a B.S. from the U.S. Military Academy, a M.S. in Business Administration from Boston University, a M.S. in Systems Technology (Electronic Warfare) and a M.S. in Physics from the Naval Post Graduate School, and a M.S. in National Security Strategy from the National Defense University.

return to top

Owning Bad Guys {And Mafia} With Javascript Botnets

Man in the middle attacks are still one of the most powerful techniques for owning machines. In this talk MITM schemas in anonymous services are going to be discussed. Then attendees will see how easily a botnet using javascript can be created to analyze that kind of connections and some of the actions people behind those services are doing... in real. It promises to be funny.

Chema Alonso is a Security researcher with Informatica64, a Madrid-based security firm. Chema holds respective Computer Science and System Engineering degrees from Rey Juan Carlos University and Universidad Politècnica de Madrid. During his more than eight years as a security professional, he has consistently been recognized as a Microsoft Most Valuable Professional (MVP). Chema is a frequent speaker at industry events (Microsoft Technet / Security Tour, AseguraIT) and has been invited to present at information security conferences worldwide including Yahoo! Security Week, Black Hat Briefings, ShmooCON, DeepSec, HackCON, Ekoparty and RootedCon - He is a frequent contributor on several technical magazines in Spain, where he is involved with state-of-the-art attack and defense mechanisms, web security, general ethical hacking techniques and FOCA.
Twitter: @chemaalonso
http://www.elladodelmal.com
www.informatica64.com


Manu has been working in all security areas since he got into Informatica64. He is a security pentester, a developer coding in projects like FOCA and a very good security research in areas such as Connection String Parameter Pollution Attacks or malware. He has the honor of being the man behind some of the most powerful "C# spaghetti lines" of FOCA.

return to top

The Darknet of Things, Building Sensor Networks That Do Your Bidding

The Internet of Things... It is coming, wearing hardware that communicates across the Internet is starting to become a reality, chips are getting smaller, as a society we are connected all the time... Building these devices is easier then we thought, putting them onto a network that is ours... EVEN BETTER! Come experience the Darknet of Things. Learn what we built, how we built it, and why. Learn how to get involved with a new community project, see what some of the DEF CON groups have been working on. Most importantly, learn how you can connect to the Darknet of Things.

Anch - Just a lowly hacker out in Oregon, POC for DC503, Designer of the Network, and happily connected to the matrix.
Twitter: @boneheadsanon
http://www.dcgdark.net

Omega - Hardware hacker extraordinare. Member of DC503, Designer of things, and thinks he should have taken the RED pill.

return to top

Drones!

Thanks to the plummeting cost of powerful motion sensors like those found in smartphones, the technology to create military-class autopilots is available to all. Over the past five years, the DIY Drones community has created a series of open source unmanned aerial vehicles (UAV), from fully-autonomous planes, helicopters, quadcopters, hexacopters, rovers and more, which cost just a few hundred dollars -- less than 1% the cost of equivalent military drones. As a result there are now more than 10,000 of them in use -- more than the US Military. As DIY drones go mainstream, what are the practical applications that will emerge, and the legal, ethical and economic implications? How does open source change the regulatory aspects of drones? And will the rise of "personal drones" have a similar social impact as "personal computers" did?



Chris Anderson is the Editor in Chief of Wired. He is the author of the New York Times bestsellers The Long Tail and FREE: The Future of a Radical Price, and the forthcoming Makers: The New Industrial Revolution. He is also founder of 3D Robotics, an open source robotics company.

return to top

<ghz or bust: DEF CON

Wifi is cool and so is cellular, but the real fun stuff happens below the GHz line. Medical systems, mfg plant/industrial systems, cell phones, power systems, it's all in there!

atlas and some friends set out to turn pink girltech toys into power-systems-attack tools. Through several turns and changes, the cc1111usb project was born, specifically to make attacking these systems easier for all of you. With a $50 usb dongle, the world of ISM sub-GHz is literally at your fingertips.

New and improved! If you missed it at shmoocon, here's your chance to see the intro to this fun new world. If you caught it at shmoo, come to the talk and prove your <ghz prowess and wirelessly hack a special pink girl's toy target!

atlas is a doer of stuff. Inspired by the illustrious sk0d0, egged on by invisigoth of kenshoto, atlas has done a lot of said 'stuff' and lived to talk about it. Whether he's breaking out of virtual machines, breaking into banks, or breaking into power systems, atlas is always entertaining, educational and fun.
Twitter: @at1as

return to top

Blind XSS

This talk will announce the release and demonstrate the xss.io toolkit. xss.io is a platform to help ease cross-site scripting (xss) exploitation and specifically for this talk identification of blind xss vectors. Think drag and drop exploits post xss vuln identification. For blind xss, xss.io is a callback and hook manager for intel collected by executed and non-executed but accessed payloads.

Adam "EvilPacket" Baldwin Adam Baldwin has over 10+ years of mostly self-taught computer security experience and currently is the Chief Security Officer at &yet. He at one time possessed a GCIA and if his CPE's are up to date should still have a CISSP. Prior to starting at &yet, Adam operated a security consultancy, nGenuity and worked for Symantec. Adam is a minor contributor to the W3AF project, creator of the DVCS pillaging toolkit, helmet: the security header middleware for node.js, and has previously spoken at DEF CON, Toorcon, Toorcamp, Djangcon, and JSconf.
Twitter: @adam_baldwin
http://evilpacket.net

return to top

Should the Wall of Sheep Be Illegal? A Debate Over Whether and How Open WiFi Sniffing Should Be Regulated

Prompted by the Google Street View WiFi sniffing scandal, the question of whether and how the law regulates interception of unencrypted wireless communications has become a hot topic in the courts, in the halls of the FCC, on Capitol Hill, and in the security community. Are open WiFi communications protected by federal wiretap law, unprotected, or some strange mix of the two? (Surprise: it may be the last one, so you'll want to come learn the line between what's probably illegal sniffing and what's probably not.)

More importantly, what *should* the law be? Should the privacy of those who use WiFi without encryption be protected by law, or would regulating open WiFi sniffing pose too great a danger to security research and wireless innovation, not to mention DEF CON traditions like the Wall of Sheep? Do we need to protect the sheep from the hackers, or the hackers from the law, or can we do both at the same time? Join legal expert Kevin Bankston and technical expert Matt Blaze as they square off in a debate to answer these questions, moderated by Jennifer Granick. (Surprise: the lawyer is the one arguing for regulation.)

Kevin Bankston is Senior Counsel and Director of the Free Expression Project at the Center for Democracy & Technology, a Washington, DC-based non-profit organization dedicated to promoting democratic values and constitutional liberties in the digital age. Prior to joining CDT in February 2012, he was a Senior Staff Attorney for the Electronic Frontier Foundation (EFF) specializing in free speech and privacy law with a focus on government surveillance, Internet privacy, and location privacy. At EFF, he regularly litigated issues surrounding location privacy and electronic surveillance, and was a lead counsel in EFF’s lawsuits against the National Security Agency and AT&T challenging the legality of the NSA’s warrantless wiretapping program. From 2003-05, he was EFF's Equal Justice Works/Bruce J. Ennis Fellow, studying the impact of post-9/11 anti-terrorism surveillance initiatives on online privacy and free expression. Before joining EFF, he was the Justice William J. Brennan First Amendment Fellow for the American Civil Liberties Union, where he litigated Internet-related free speech cases. He received his J.D. in 2001 from the University of Southern California and his undergraduate degree from the University of Texas.
Twitter: @kevinbankston
http://www.cdt.org


Matt Blaze directs the Distributed Systems Lab at the University of Pennsylvania, where he teaches hackers to be scientists and scientists to be hackers.
Twitter: @mattblaze
http://www.crypto.com


Jennifer Granick is the General Counsel of Worldstar, LLC. Prior to joining WorldStarHipHop, Granick was an attorney at ZwillGen PLLC from 2010-2012 and the Civil Liberties Director at the Electronic Frontier Foundation from 2007-2010. Previously, Granick served as the Executive Director of the Center for Internet and Society at Stanford Law School where she was a lecturer in law. She founded and directed the Law School's Cyberlaw Clinic where she supervised students in working on some of the most important cyberlaw cases that took place during her tenure. She is best known for her work with intellectual property law, free speech, privacy, and other things relating to computer security, and has represented several high profile hackers.
Twitter: @granick
http://www.granick.com

return to top

Cryptohaze Cloud Cracking

Bitweasil goes through the latest developments in the Cryptohaze GPU based password cracking suite. WebTables is a new rainbow table technology that eliminates the need to download rainbow tables before using them, and the new Cryptohaze Multiforcer is an open source, GPLv2, network enabled platform for password cracking that is easy to extend with new algorithms for specific targets. The Cryptohaze Multiforcer supports CUDA, OpenCL, and CPU code (SSE, AVX, etc). All of this is aimed at either the pentester who can't spray hashes to the internet, or the hacker who would rather not broadcast what she obtained to pastebin scrapers..

Bitweasil Bitweasil is the primary developer on the open source Cryptohaze tool suite, which implements network-clustered GPU accelerated password cracking (both brute force & rainbow tables). He has been working with CUDA for over 4 years (since the first public release on an 8800GTX), OpenCL for the past 2 years, and enjoys SSE2 as well. Bitweasil also rescues ferrets.
Twitter:@Bitweasil
http://www.cryptohaze.com

return to top

Overwriting the Exception Handling Cache PointerDwarf Oriented Programming

This presentation describes a new technique for abusing the DWARF exception handling architecture used by the GCC tool chain. This technique can be used to exploit vulnerabilities in programs compiled with or linked to exception-enabled parts. Exception handling information is stored in bytecode format, executed by a virtual machine during the course of exception unwinding and handling. We show how a malicious attacker could gain control of those structures and inject bytecode for malicious purposes. This virtual machine is actually Turing-complete, which means that it can be made to run arbitrary attacker logic.

Rodrigo Rubira Branco (BSDaemon) is the Director of Vulnerability & Malware Research at Qualys. In 2011 he was honored as one of the top contributors to Adobe Vulnerabilities in the past 12 months. Previously, as the Chief Security Research at Check Point he founded the Vulnerability Discovery Team (VDT) and released dozens of vulnerabilities in many important software. Previous to that, he worked as Senior Vulnerability Researcher in COSEINC, as Principal Security Researcher at Scanit and as Staff Software Engineer in the IBM Advanced Linux Response Team (ALRT) also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is a member of the RISE Security Group and is the organizer of Hackers to Hackers Conference (H2HC), the oldest security research conference in Latin America. Accepted speaker in lots of security and open-source related events as H2HC, HITB, XCon, VNSecurity, OLS, DEF CON, Hackito, Ekoparty, Troopers and others.

James Oakley came to computer programming by way of microcontroller programming. He enjoys hands-on work with low level systems. His interests include computer graphics, digital electronics, security, and operating systems. In his unprofessional time he enjoys backpacking, science fiction, and designing games. He graduated from the Computer Science program at Dartmouth College.

Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He tries to help fellow academics to understand the value and relevance of hacker research. He enjoys wireless and wired network hacking, kernel rootkits and hardening patches, and spoke on various topics at Shmoocon, Toorcon, DEF CON, and Black Hat. He has a Ph.D. in Mathematics from Northeastern University, and worked at BBN Technologies on natural language processing research before coming to Dartmouth.
Twitter: @sergeybratus

return to top

Exploit Archaeology: Raiders of the Lost Payphones

Payphones. Remember those? They used to be a cornerstone of modern civilation, available at every street corner, gas station, or any general place of commerce. For decades, hackers and phone phreaks crowded around them as an altar to high technology and a means to "reach out and touch someone".

Fast forward to today, most people have mobile phones. Payphones installed decades earlier are now more of a memorial to a time long gone by. Covered with grime and graffitti, forgotten, relegated to the realm of drug dealers and other undesirables. But they're still around, and they're more vulnerable than ever.

This talk will review modern hacking techniques applied to retro hardware. We'll cover owning payphones and how they can be retrofitted with new technologies to turn them into the ultimate low profile hacking platform to compromise your organizations network. There will be demos of payphone hacking on stage, as well as using the payphone to intercept voice phone traffic. We'll also reveal a new tool to automate the exploitation of payphones and relate how (like with all forms of archaelogoy) learning about old platforms can help us secure modern architecture.

Joshua Brashars Joshua Brashars is a penetration tester and a member of DC949. He prefers to break things instead of make them.

Joshua has presented at several notable security conferences, including Toorcon San Diego, Toorcon Seattle, Thotcon, Baythreat and HOPE. Joshua has also contributed to several titles with Syngress Publishing.
Twitter: @savant42

return to top

Hardware Backdooring is Practical

This presentation will demonstrate that permanent backdooring of hardware is practical. We have built a generic proof of concept malware for the intel architecture, Rakshasa, capable of infecting more than a hundred of different motherboards. The first net effect of Rakshasa is to disable NX permanently and remove SMM related fixes from the BIOS, resulting in permanent lowering of the security of the backdoored computer, even after complete earasing of hard disks and reinstallation of a new operating system. We shall also demonstrate that preexisting work on MBR subvertions such as bootkiting and preboot authentication software bruteforce can be embedded in Rakshasa with little effort. More over, Rakshasa is built on top of free software, including the Coreboot project, meaning that most of its source code is already public. This presentation will take a deep dive into Coreboot and hardware components such as the BIOS, CMOS and PIC embedded on the motherboard, before detailing the inner workings of Rakshasa and demo its capabilities. It is hoped to raise awareness of the security community regarding the dangers associated with non open source firmwares shipped with any computer and question their integrity. This shall also result in upgrading the best practices for forensics and post intrusion analysis by including the afore mentioned firmwares as part of their scope of work.

Jonathan Brossard is a security research engineer. Born in France, he's been living in Brazil and India, before currently working in Australia. With about 15 years of practice of assembly, he is specialised in low level security, from raw sockets to cryptography and memory corruption bugs. He is currently working as CEO and security consultant at the Toucan System security company. His clients count some of the biggest Defense and Financial Institutions worldwide. Jonathan is also the co-organiser of the Hackito Ergo Sum conference (HES) in France.
Twitter: @endrazine
Facebook: toucansystem

return to top

DIY Electric Car

Electric Vehicles are an exciting area of developing technology entering the mainstream market. Every major manufacturer is working on new hybrid and electric vehicles but prices will be high and options few for years to come.

As with many industries, a DIY approach can yield similar results for much less cost, while creating something truly unique.

This talk will explore the possibilities and procedures involved in creating your own electric vehicle. Topics addressed will include the whys and hows, with an emphasis on the options available to tailor your conversion to match your time, budget, and performance needs.

Dave Brown is an IT Security Consultant with Booz Allen Hamilton. In his free time he tries to build stuff, and is particularly interested in alternative energy. In 2010 he converted a ’74 VW Beetle to run on electricity, improving performance and eliminating the need to gas up.

return to top

Tenacious Diggity: Skinny Dippin' in a Sea of Bing

All brand new tool additions to the Google Hacking Diggity Project - The Next Generation Search Engine Hacking Arsenal. As always, all tools are free for download and use.

When last we saw our heroes, the Diggity Duo had demonstrated how search engine hacking could be used to take over someone’s Amazon cloud in less than 30 seconds, build out an attack profile of the Chinese government’s external networks, and even download all of an organization’s Internet facing documents and mine them for passwords and secrets. Google and Bing were forced to hug it out, as their services were seamlessly combined to identify which of the most popular websites on the Internet were unwittingly being used as malware distribution platforms against their own end-users.

Now, we've traveled through space and time, my friend, to rock this house again...

True to form, the legendary duo have toiled night and day in the studio (a one room apartment with no air conditioning) to bring you an entirely new search engine hacking tool arsenal that’s packed with so much tiger blood and awesome-sauce, that it’s banned on 6 continents. Many of these new Diggity tools are also fueled by the power of the cloud and provide you with vulnerability data faster and easier than ever thanks to the convenience of mobile applications.Just a few highlights of new tools to be unveiled are:

* AlertDiggityDB – For several years, we’ve collected vulnerability details and sensitive information disclosures from thousands of real-time RSS feeds setup to monitor Google, Bing, SHODAN, and various other search engines. We consolidated this information into a single database, the AlertDiggityDB, forming the largest consolidated repository of live vulnerabilities on the Internet. Now it’s available to you.

* Diggity Dashboard – An executive dashboard of all of our vulnerability data collected from search engines. Customize charts and graphs to create tailored views of the data, giving you the insight necessary to secure your own systems. This web portal provides users with direct access to the most current version of the AlertDiggityDB.

* Bing Hacking Database (BHDB) 2.0 – Exploiting recent API changes and undocumented features within Bing, we’ve been able to completely overcome the previous Bing hacking limitations to create an entirely new BHDB that will make Bing hacking just as effective as Google hacking (if not more so) for uncovering vulnerabilities and data leaks on the web. This also will include an entirely new SharePoint Bing Hacking database, containing attack strings targeting Microsoft SharePoint deployments via Bing.

* NotInMyBackYardDiggity – Don’t be the last to know if LulzSec or Anonymous post data dumps of your company’s passwords on PasteBin.com, or if a reckless employee shares an Excel spreadsheet with all of your customer data on a public website. This tool leverages both Google and Bing, and comes with pre-built queries that make it easy for users to find sensitive data leaks related to their organizations that exist on 3rd party sites, such as PasteBin, YouTube, and Twitter. Uncover data leaks in documents on popular cloud storage sites like Dropbox, Microsoft SkyDrive, and Google Docs. A must have for organizations that have sensitive data leaks on domains they don’t control or operate.

* PortScanDiggity – How would you like to get Google to do your port scanning for you? Using undocumented functionality within Google, we’ve been able to turn Google into an extremely effective network port s canning tool. You can provide domains, hostnames, and even IP address ranges to scan in order to identify open ports ranging across all 65,535 TCP ports. An additional benefit is that this port scanning is completely passive – no need to directly communicate with target networks since Google has already performed the scanning for you.

* CloudDiggity Data Mining Tool Suite – Ever wanted to data mine every single password, email, SSN, credit card number on the Internet? Our new cloud tools combine Google/Bing hacking and data loss prevention (DLP) scanning on a massive scale, made possible via the power of cloud computing. Chuck Norris approved.

* CodeSearchDiggity-Cloud Edition – Google recently shut down Code Search in favor of focusing on Google+, putting “more wood behind fewer arrows”. I suppose we could have let the matter go, and let CodeSearchDiggity die, but that would be the mature thing to do. Instead, we are harnessing the power of the cloud to keep the dream alive – i.e. performing source code security analysis of nearly every single open source code project in existence, simultaneously.

* BingBinaryMalwareSearch (BBMS) – According to the Verizon 2012 DBIR, malware was used to compromise a staggering 95% of all records breached for 2011. BBMS allows users to proactively track down and block sites distributing malware executables on the web. The tool leverages Bing, which indexes executable files, to find malware based on executable file signatures (e.g. “Time Stamp Date:”, “Size of Code:”, and “Entry Point:”).

* Diggity IDS – Redesigned intrusion detection system (IDS) for search engine hacking. Will still leverage the wealth of information provided by the various Diggity Alert RSS feeds, but will also make more granular data slicing and dicing possible through new and improved client tools. Also includes the frequently requested SMS/email alerting capabilities, making it easier than ever for users to keep tabs on their vulnerability exposure via search engines.

So come ready to engage us as we explore these tools and more in this DEMO rich presentation. You are cordially invited to ride the lightning.

Francis Brown CISA, CISSP, MCSE, is a Managing Partner at Stach & Liu, a security consulting firm providing IT security services to the Fortune 500 and global financial institutions as well as U.S. and foreign governments. Before joining Stach & Liu, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients.

Francis has presented his research at leading conferences such as Black Hat USA, DEF CON, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications.

Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques.
Facebook: StachLiu


Rob Ragan is a Senior Security Associate at Stach & Liu, a specialized security consulting firm serving the Fortune 1000 and high-tech startups. We protect our clients from the bad guys by breaking-in and bending the rules before the hackers do. From critical infrastructure to credit cards, popular websites to mobile games, and flight navigation systems to frozen waffle factories, we're there.

Before joining Stach & Liu, Rob served as a Software Engineer with the Application Security Center team of Hewlett-Packard (formerly SPI Dynamics) where he developed automated web application security testing tools, performed penetration tests, and researched vulnerabi lity assessment and identification techniques. Rob has presented his research at leading conferences such as Black Hat, DEF CON, SummerCon, InfoSec World, HackCon, OuterZ0ne, and HackerHalted. He has published several white papers and is a contributing author to the Hacking Exposed: Web Applications 3rd edition.
Twitter: @sweepthatleg
Facebook: StachLiu
Project

return to top

KinectasploitV2: Kinect Meets 20 Security Tools

Last year saw the release of Kinectasploit v1 linking the Kinect with Metasploit in a 3D, first person shooter environment. What if we expanded Kinectasploit to use 20 security tools in honor of DEF CON's 20th anniversary?!

Jeff Bryner Jeff has toiled for over 20 years integrating systems, performing incident response and forensics and ultimately fixing security issues. He writes for the SANS forensic blog, has spoken at RSA on SCADA security issues, DEF CON 18 on privacy issues with the google toolbar, released kinectasploit v1 at DEF CON 19 and runs p0wnlabs.com just for fun.
Twitter: @p0wnlabs
p0wnlabs.com

return to top

Fuzzing Online Games

Fuzzing online games to find interesting bugs requires a unique set of novel techniques.

In a nutshell the lack of direct access to the game server and having to deal with clients that are far too complex to be easily emulated force us to rely on injecting fuzzing data into a legitimate connections rather than use the standard replay execution approach. Top that with heavily encrypted and complex network protocols and you start to see why we had to become creative to succeed :)

In this talk, we will discuss and illustrate the novels techniques we had to develop to be able to fuzz online games, including how to successfully inject data into a gaming sessions and how to instrument the game memory to know that our fuzzing was successful. We will also tell you how to find and reverse the interesting part of the protocol, and how to decide when to perform the injection.

Elie Bursztein is a researcher at Google's Mountain View, Calif. headquarters, where he invents ways to fix the Internet's security and privacy problems. Prior to that as a researcher at Stanford University, Elie designed Wikipedia's CAPTCHA and created Talisman, a Chrome browser extension that enhances security. He is also the inventor of the award-winning game hacking tool Kartograph presented at DEF CON 18 and Security and Privacy 2011.
Twitter: @elie
http://elie.im


Patrick Samy is research engineer at Stanford university where he focuses on hardware and system security. He is the lead developer of Kartograph network and scripting engine. He also developed the Kartograph real-time visualization engine.

return to top

The Open Cyber Challenge Platform

Everyone from MIT to the DoD have agreed that teaching cyber security using cyber challenges, where groups of students attack or defend a live network, has proven to be an incredibly effective educational tactic. Unfortunately, current cyber challenge tools also suffer from being very hard to configure, and/or very expensive, and/or limited to certain audiences (e.g. the military), which makes them inaccessible to high schools, colleges, and smaller organizations. The Open Cyber Challenge Platform aims to help fix this by providing a free, open-source, cyber challenge software platform that is reasonable in terms of cost of required hardware and required technical installation/maintenance expertise, as well as easily extensible to allow the vast open source community to provide additional modules that reflect new challenges and scenarios. If you're interested in the future of cyber-security education, or simply just want to learn about a new potential training tool, come check out the OCCP.

Linda C. Butler is a computer science student currently interning at the University of Rhode Island's Digital Forensics and Cyber Security Program. Past activities include an internship in the NASA Engineering department at Kennedy Space Center, a backpacking trip through New Zealand, and performing at a renaissance faire. She's an OWASP member and past DEFCON Attendee, and finds the interaction between security, privacy, and society an endlessly fascinating area of study.

return to top

Into the Droid: Gaining Access to Android User Data

This talk details a selection of techniques for getting the data out of an Android device in order to perform forensic analysis. It covers cracking lockscreen passwords, creating custom forensic ramdisks, bypassing bootloader protections and stealth real-time data acquisition. We’ll even cover some crazy techniques - they may get you that crucial data when nothing else will work, or they may destroy the evidence!

Forensic practitioners are well acquainted with push-button forensics software. They are an essential tool to keep on top of high case loads – plug in the device and it pulls out the data. Gaining access to that data is a constant challenge against sophisticated protection being built into modern smartphones. Combined with the diversity of firmware and hardware on the Android platform it is not uncommon to require some manual methods and advanced tools to get the data you need.

This talk will reveal some of the techniques forensic software uses behind the scenes, and will give some insight into what methods and processes blackhats and law enforcement have at their disposal to get at your data. Free and Open Source tools will be released along with this talk to help you experiment with the techniques discussed.

Note that this talk does not discuss Android analysis basics such as how to use ADB or what the SDK is - it is assumed you know these or can easily look them up afterwards.

Thomas Cannon is the Director of Research and Development for viaForensics, a Chicago based digital forensics and security company. Thomas spends the majority of his time researching new mobile security, malware and forensics techniques and getting them into the hands of customers for commercial, research or military application. He conducts penetration testing and code analysis of mobile applications for clients in industries such as banking/finance and retail.

Thomas is known for his research on Android having published advisories for new vulnerabilities and demonstrated attacks on the platform as well as providing some early guides on reverse engineering Android applications. Thomas has spoken at international conferences and presented to law enforcement on the topic of mobile forensics. Thomas has had a number of articles published in industry magazines and also been interviewed on national news programmes regarding vulnerabilities in payment systems and mobile technology.
Twitter: @thomas_cannon
https://viaforensics.com
http://thomascannon.net

return to top

Panel: Meet the Feds 1 - Law Enforcement

Did you ever wonder if the Feds were telling you’re the truth when you asked a question? Join current and former federal agents from numerous agencies to discuss cyber investigations and answer your burning questions. Enjoy the opportunity to grill ‘em and get down to the bottom of things!

Agencies that will have representatives include: Defense Cyber Crime Center (DC3), National White Collar Crime Center (NWC3), US Department of Treasury, Internal R evenue Service (IRS), and the US Navy SEALs. This year, the “Meet the Feds” panel has gone Hollywood with special guests - Mr. David McCallum and Mr. Leon Carroll from CBS’s NCIS!

Each of the agency reps will make an opening statement regarding their agencies role, and then open it up to the audience for questions.

Jim Christy is a retired special agent that has specialized in cyber crime investigations and digital forensics for over 26 years with the Air Force Office of Special Investigation and over 40 years of federal service. Jim returned to the federal government first as an IPA and now as an HQE and is the Director of Futures Exploration (FX) for the Department of Defense Cyber Crime Center (DC3). FX the DC3 innovation incubator is responsible for outreach/marketing, and strategic relationships with other government organizations, private sector, and academia for DC3. He was profiled in Wired Magazine in January 2007.

Jim consulted with David Marconi (writer of Enemy of the State, Mission Impossible 2 & Live Free or Die Hard) and contributed technical advice on critical infrastructure attacks used in the movie Live Free or Die Hard.

In May 2011, the Air Force graduated the first NCO’s for a new AF career field, Cyber Defense Operations at Keesler AFB, MS. The staff of the course honored Jim by presenting the top graduate of the class with the “Jim Christy Award”. In 2006, Christy created the DC3 Digital Forensics Challenge an international competition that in 2011 had 1,800 participants spanning all 50 states and 53 countries. The exercises are designed to develop, hone, and engage participants in the fields of cyber investigation, digital forensics, and cyber security. It is one of the first venues to employ crowd sourcing in “real world” mission focused solution development.

In Oct 2003, the Association of Information Technology Professionals awarded Jim the 2003 Distinguished Information Science Award winner for his outstanding contribution through distinguished services in the field of information management. Previous recipients of this prestigious award include Admiral Grace Hopper, Gene Amdahl, H. Ross Perot, General Emmett Paige, Bill Gates, Lawrence Ellison, David Packard and Mitch Kapor.

From 17 Sep 01 – 1 Nov 03, Jim was the Deputy Director/Director of Operations, Defense Computer Forensics Lab, DC3. As the Dir of Ops for the DCFL he managed four sections with over 40 computer forensic examiners that supported Major Crimes & Safety, Counterintelligence and Counterterrorism, as well as Intrusions and Information Assurance cases for the Department of Defense.

Leon Carroll grew up in Chicago and graduated from North Dakota State University (where he played on college Division II National Championship football teams). He served 6 years in the Marines and then continued in the Marine Reserves in Long Beach (under the command of PV Sunset member Lt Col Jacques Naviaux).

Carroll was a member of the U.S. Marine Corps when he joined NCIS in 1980. Leon worked at a halfway house for pre-release felons in Fargo, North Dakota, and then became a special agent with the Naval Investigative Service, later known as the Naval Criminal Investigative Service (NCIS), serving in several places including Panama and aboard the USS Ranger.

He retired two decades later, but returned after 9/11, serving another year and a half to help with the agency's expanded role in counter-terrorism. After his second retirement, he and his wife moved to the Los Angeles area.

As a retired NCIS agent with over 20 years of experience, Mr. Carroll received an unexpected opportunity to work as a technical adviser to the NCIS TV program in Los Angeles. He was recruited in 2003 by the producers who said they needed someone who could provide the show with the “spit-polish shine of authenticity.”

Working on both NCIS and NCIS Los Angeles, Mr. Carroll is a technical adviser to the script writers, actors and director, and has also written scripts for a few episodes himself. He works under the leadership of Mark Hyman of football fame. They do 24 episodes per season.

Andy Fried is a Senior Consultant with Cutter Consortium's Business Technology Strategies and Government & Public Sector practices. His unique skill set has earned him a worldwide reputation; his background includes working as a uniformed police officer, a computer programmer and security analyst, and a Senior Special Agent with the US Department of the Treasury, a post he retired from after a 20-year career. Mr. Fried's extensive knowledge allows him to identify large data sources that are seemingly unrelated and combine them to produce findings that would not be otherwise identified. His passion and tenacity for identifying and stopping Internet criminal activity has earned him the respect of leading industry experts. During his last two years at the US Treasury, Mr. Fried was credited with identifying and mitigating over 3,000 fraudulent online schemes. He currently works as a security researcher for a nonprofit organization involved in identifying organized criminal enterprises responsible for fraudulent schemes, denial-of-service attacks, malware propagation, and large-scale botnets. Mr. Fried's work routinely involves data mining and analysis of data sets that contain hundreds of millions of records.

Early in his career, Mr. Fried was a programmer for Bionetics, a life sciences medical research group at the Kennedy Space Center, where he became a technology evangelist, identifying work processes that could be automated, conducting R&D for new computer hardware and software programs, and assisting biostatisticians in aggregating and processing the voluminous research data generated by data acquisition systems. At Bionetics, Mr. Fried was tasked with providing technical support to NASA's Internal Security Office, including one high-profile case involving the arrest and investigation of a kidnapper/rapist. At NASA's suggestion, he moved from Bionetics into a computer security analyst position within the newly formed Lockheed Space Operations Corporation (LSOC). He soon became involved in processing and analyzing digital data related to the kidnapping/rape investigation and developed a suite of forensic software programs. His software became the first set of programs designed specifically for use by law enforcement and was adopted by the FBI, IRS, and Air Force Office of Special Investigations. Soon after, the IRS recruited Mr. Fried for a Special Agent position, citing a need to develop the capability to detect, investigate, and prosecute computer-related crimes. He went on to help establish the Criminal Investigation Division's Computer Investigative Specialist (CIS) program, a similar program for IRS Inspection, the System Intrusion and Network Attack Response Team (SINART), and the Computer Security Incident Response Capability (CSIRC).

More recently, Mr. Fried developed databases and innovative techniques to proactively detect online schemes targeting the IRS. He identified various sources of intelligence and information, developed strategic alliances with private organizations, and designed automated systems to obtain and analyze large data sets for the purpose of identifying and mitigating online schemes. Mr. Fried also designed, developed, and implemented his agency's network-based digital video surveillance system. He additionally developed strategic alliances with a large number of domain registrars, ISPs, government- sponsored CERTs, and private organizations involved in various forms of network security for the purpose of increasing the ability to mitigate fraudulent behavior as quickly as possible. In 2008, Mr. Fried presented a proposal to IRS management to form a new division whose sole mission was to monitor, detect, and mitigate online fraudulent schemes targeting the IRS and US taxpayers. The proposal was adopted and led to the formation of IRS Online Fraud Detection and Prevention (OFDP).

Mr. Fried is on the executive board of directors of the Fraternal Order of Police in Washington, DC, and is affiliated with several security organizations that cannot be named. He is a frequent presenter at Black Hat and DEF CON. Mr. Fried has a BS degree in criminology.

Jon Iadonisi is the founder of White Canvas Group – a company that specializes in cultivating alternative and disruptive strategies. His depth of experience, diversified expertise, and unique operational background has provided a perspective that has enabled him to contribute to solving national security problems. He has spent the past fifteen years using innovative computing technologies coupled with cutting edge scholarship to solve complex problems, some of which later became implemented as new strategies and capabilities for the U.S. Government. He is regularly sought by the Department of Defense, various Intelligence agencies, and members of the US Congress to provide expert opinion and briefings on information age unconventional warfare. Prior to joining the private sector, Jon served as a Navy SEAL, where he designed, planned and led various combat operations that integrated innovative technologies and tactics into the operating environment, ultimately creating new capabilities for the Special Operations Community and Central Intelligence Agency. He is a combat-wounded and decorated veteran who earned a B.S. in Computer Science from the US Naval Academy, and M.S. in Homeland Security from San Diego State University. He is a member of the Council on Foreign Relations and guest lectures at San Diego State University and Georgetown Law School. He is an academic and athletic all American who participated in the 2000 Olympic Rifle team trials. He enjoys fine wine, good books, music, and outdoors activities.

Rich Marshall is the Founder and President of X-SES Consultants, LLC, the former Vice President of Cyber Programs at Triton FSI and is a nationally and internationally recognized thought leader on cyber related issues. He provides an impressive professional network and is known for facilitating the establishment of programs and contracts. He has extensive leadership experience in formulating growth strategies, integrating policy, culture and training with technology issues, building relationships and delivering lasting results. He is also a strategic thinker who knows how to lead and very importantly, knows where to lead. He previously was a member of the Senior Cryptologic Executive Service (SCES) and the Defense Intelligence Senior Executive Service (DISES). Prior to joining Triton FSI, he was the Director of Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security (DHS) by special arrangement between the Director, National Security Agency (DIRNSA) and the Secretary of DHS. Within DHS he directed National Cyber Security Education Strategy; and the Software Assurance; Research and Standards Integration; and Supply Chain Risk Management programs.

Mr. Marshall was previously the Senior Information Assurance (IA) Representative, Office of Legislative Affairs at the National Security Agency (NSA) where he served as the Agency's point of contact for all NSA Information Security (INFOSEC) matters concerning Congress. He devised the IA legislative strategy, helped shape the passage of the revised Foreign Intelligence Surveillance Act and was the Comprehensive National Cyber Security Initiative (CNCI).

In 2001, Mr. Marshall was selected by the Cyber Advisor to the President to serve as the Principal Deputy Director, Critical Infrastructure Assurance Office (CIAO), where he led a team of 40 dedicated professionals in developing, coordinating and implementing the Administration's National Security for Critical Infrastructure Protection initiative and the National Cyber Security Strategy to address potential threats to the nation's critical infrastructures.

From 1994 to 2001, Mr. Marshall served with distinction as the Associate General Counsel for Information Systems Security/Information Assurance, Office of the General Counsel, National Security Agency. In that capacity, Mr. Marshall provided advice and counsel on national security telecommunications and technology transfer policies and programs, national security telecommunications technical security programs, the National Information Assurance Partnership, the Common Criteria Mutual Recognition Arrangement, legislative initiatives and international law. Mr. Marshall was the legal architect for the Joint Chiefs of Staff directed exercise "Eligible Receiver 97" that spotlighted many of the cyber-vulnerabilities of our nation's critical infrastructures and helped bring focus on this issue at the national leadership level.

Mr. Marshall graduated from The Citadel with a B.A. in Political Science; Creighton University School of Law with a J.D. in Jurisprudence; Georgetown School of Law with an LL.M. in International and Comparative Law; was a Fellow at the National Security Law Institute, University of Virginia School of Law in National Security Law; attended the Harvard School of Law Summer Program for Lawyers; the Georgetown University Government Affairs Institute on Advanced Legislative Strategies and participated in the Information Society Project at Yale Law School and in the Privacy, Security and Technology in the 21st Century program at Georgetown University School of Law.

David McCallum: Born David Keith McCallum, Jr. in Glasgow, Scotland on Sept. 19, 1933, he was the son of David McCallum, Sr., the famed principal violinist for numerous orchestras in the United Kingdom, including the Royal Philharmonic Orchestra, and cellist Dorothy Dorman. After studying at the Royal Academy of Dramatic Arts, he made his debut in a 1946 BBC Radio production of "Whom the Gods Love, Die Young." Bit and supporting roles in British features and on television soon followed, often as troubled youth, as benefitting his brooding intensity. Among his more notable turns during his period was in 1958's "Violent Playground," where his psychotic gang member is spurred by poverty and rock and roll to take a classroom of school children hostage.

McCallum's American film debut came as the mother-fixated Carl von Schlosser in John Huston's "Freud" (1962), with Montgomery Clift as the pioneering analyst. The following year, he played Royal Navy Officer Ashley-Pitt, who devised the method of dispersing the dirt from tunnels dug under a POW camp in "The Great Escape" (1963). An early American television appearance on "The Outer Limits" (CBS, 1963-65) became one of his most enduring, thanks to the eye-popping makeup applied to McCallum. His character, a bitter Welsh miner, agreed to take part in an evolutionary experiment, which turned him into a hyper-intelligent mutant with a massive domed cranium. The image was memorable enough to make McCallum a go-to for numerous science fiction efforts in the ensuing decades.

In 1964, McCallum was cast as Illya Kuryakin, a minor character on the spy series "The Man from U.N.C.L.E." Despite having only two lines, the producers saw that McCallum and star Robert Vaughn had considerable chemistry together, and boosted the character to co-star status. The move changed McCallum's career forever. Kuryakin's cool demeanor, physical proficiency with any weapon, and passion for art, music and science - not to mention his wealth of blonde hair - made him an immediate favorite among female viewers, whose fan mail to the actor was the most ever received in the history of MGM, which produced the show. For the series' three years on the air, McCallum was at the apex of television stardom, and netted two Emmy nominations and a Golden Globe nod, as well as major roles in several films. He was the tormented Judas in George Stevens' epic Biblical drama "The Greatest Story Ever Told" (1965), and took the lead in a number of minor features, including 1968's "Sol Madrid" and "Mosquito Squadron" (1969), many of which traded on McCallum's popularity in "U.N.C.L.E." by casting him in action-oriented roles. During this period, McCallum also orchestrated and conducted a trio of lush, sonically adventurous records that put unique spins on some of the period's more popular songs.

In the 1970s, McCallum was a fixture on television in both America and England. In the States, he was a staple of science fiction and supernaturally-themed TV features, including "Hauser's Memory" (NBC, 1970), as a scientist who injected himself with a dying colleagues brain fluid to preserve defense secrets from foreign agents, while "She Waits" (CBS, 1972) cast him as the husband to a possessed Patty Duke. He also briefly returned to series work with "The Invisible Man" (NBC, 1975-76) as a scientist who used his invisibility formula to aid a government agency against evildoers. His work in England hewed more towards dramatic fare: in "Colditz" (BBC, 1972-74), he was an aggressive RAF officer who put aside his anger towards the Nazis to help organize an escape from a notorious German war prison, while in "Sapphire & Steel" (ITV, 1979- 1982), he and Joanna Lumley played extraterrestrial operatives who investigated strange incidents involving the time-space continuum. In 1983, he reunited with Robert Vaughn for "The Return of the Man from U.N.C.L.E." (CBS), which saw Illya retired from espionage to design women's clothing in New York. The escape of a top enemy spy brings both U.N.C.L.E. men back into action, albeit with other, younger agents. The TV- movie was intended as the pilot for a new version of the series, but the show was never greenlit.

After logging time on countless, unmemorable series like "Team Knight Rider" (syndicated, 1997-98) and "The Education of Max Bickford" (CBS, 2001-02), McCallum found his next hit with "NCIS," a police procedural drama about Navy investigators. McCallum played Chief Medical Examiner Donald "Ducky" Mallard, an eccentric but highly efficient investigator with a knack for psychological profiling. A close confidante to Mark Harmon's Jethro Gibbs, he served as father confessor and paternal figure for the show's offbeat cast of characters. The show's slow-building popularity brought McCallum back to a television audience made up in part of the children of viewers who sent him fan letters back in the "U.N.C.L.E." days, granting him a rare burst of second stardom.

Justin Wykes joined the National White Collar Crime Center in December 2006 as a Computer Crime Specialist. He is currently responsible for the development and updating of the "Basic Cell Phone Investigations" course as well as instructing multiple basic and advanced level courses.

He has ten years experience building, fixing and repairing computers, and earned his A+ certification in September of 2006. After earning a Bachelor of Science degree from Grand Valley State University in Criminal Justice, with an emphasis in Law Enforcement, Mr. Wykes spent five years as a Special Agent for US Army Counterintelligence. The last two of those years were spent as a computer forensic examiner for the Cyber Counterintelligence Activity. As a Special Agent for CCA, Mr. Wykes conducted multi-agency investigations in security compromises, espionage, and terrorism.


return to top

Meet the Feds 2 - Policy

Did you ever wonder if the Feds were telling you’re the truth when you asked a question? Join current and former federal agents from numerous agencies to discuss cyber policy and answer your burning questions. Enjoy the opportunity to grill ‘em and get down to the bottom of things!

Agencies that will have representatives include: Defense Cyber Crime Center (DC3), Department of Homeland Security (DHS), United States Computer Emergency Readiness Team (US CERT), Office of the Secretary of Defense Networks and Information Integration (OSD/NII), National Security Agency (NSA), National Defense University (NDU), and Virginia Tech.

Each of the agency reps will make an opening statement regarding their agencies role, and then open it up to the audience for questions.

Jim Christy is a retired special agent that has specialized in cyber crime investigations and digital forensics for over 26 years with the Air Force Office of Special Investigation and over 40 years of federal service. Jim returned to the federal government first as an IPA and now as an HQE and is the Director of Futures Exploration (FX) for the Department of Defense Cyber Crime Center (DC3). FX the DC3 innovation incubator is responsible for outreach/marketing, and strategic relationships with other government organizations, private sector, and academia for DC3. He was profiled in Wired Magazine in January 2007.

Jim consulted with David Marconi (writer of Enemy of the State, Mission Impossible 2 & Live Free or Die Hard) and contributed technical advice on critical infrastructure attacks used in the movie Live Free or Die Hard.

In May 2011, the Air Force graduated the first NCO’s for a new AF career field, Cyber Defense Operations at Keesler AFB, MS. The staff of the course honored Jim by presenting the top graduate of the class with the “Jim Christy Award”. In 2006, Christy created the DC3 Digital Forensics Challenge an international competition that in 2011 had 1,800 participants spanning all 50 states and 53 countries. The exercises are designed to develop, hone, and engage participants in the fields of cyber investigation, digital forensics, and cyber security. It is one of the first venues to employ crowd sourcing in “real world” mission focused solution development.

In Oct 2003, the Association of Information Technology Professionals awarded Jim the 2003 Distinguished Information Science Award winner for his outstanding contribution through distinguished services in the field of information management. Previous recipients of this prestigious award include Admiral Grace Hopper, Gene Amdahl, H. Ross Perot, General Emmett Paige, Bill Gates, Lawrence Ellison, David Packard and Mitch Kapor.

From 17 Sep 01 – 1 Nov 03, Jim was the Deputy Director/Director of Operations, Defense Computer Forensics Lab, DC3. As the Dir of Ops for the DCFL he managed four sections with over 40 computer forensic examiners that supported Major Crimes & Safety, Counterintelligence and Counterterrorism, as well as Intrusions and Information Assurance cases for the Department of Defense.

Rod Beckstrom is a highly successful entrepreneur, founder and CEO of a publicly-traded company, a best-selling author, avowed environmentalist, public diplomacy leader and, most recently, the head of a top-level federal government agency entrusted with protecting the nation’s communication networks against cyber attack.

Throughout 2008, Rod served as the Director of the National Cybersecurity Center (NCSC) at the U.S. Department of Homeland Security, where he reported to the Secretary of DHS, and was charged with cooperating directly with the Attorney General, National Security Council, Secretary of Defense, and the Director of National Intelligence (DNI). Prior to joining DHS, he served on the DNI’s Senior Advisory Group. Rod is unique in having experienced the inner workings of two, highly-charged, often competing, federal security agencies created in the wake of the September 11th attacks, an event that he says, “changed my life.”

Rod is widely regarded as a pre-eminent thinker and speaker on issues of cybersecurity and related global issues, as well as on organizational strategy and leadership. He is also an expert on how carbon markets and “green” issues affect business. While Director of the NCSC, Rod developed an effective working group of leaders from the nation's top six cybersecurity centers across the civilian, military and intelligence communities. His work led to his development of a new economic theory that provides an explicit model for valuing any network, answering a decades-old problem in economics.

Rod co-authored four books including The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations, a best-selling model for analyzing organizations, leadership styles, and competitive strategy. The Starfish and the Spider has been translated into 16 foreign editions and is broadly quoted.

At age 24, Rod started his first company in a garage apartment and, subsequently, grew it into a global enterprise with offices in New York, London, Tokyo, Geneva, Sydney, Palo Alto, Los Angeles, and Hong Kong. CATS Software Inc., went public and later sold. Nobel Laureates Myron Scholes and William F. Sharpe served on the company's boards of directors and advisors. While at CATS Rod helped advance the financial theory of “value at risk,” now used globally for all key banking risk management. Rod co- edited the first book to introduce “value at risk.” Rod also co-founded Mergent Systems, a pioneer in inferential database engines, which Commerce One later acquired for $200 million. He has co-launched other collaborations, software, and internet service businesses, as well. From 1999 to 2001, he served as Chairman of Privada, Inc, a leader in technology enabling private, anonymous, and secure credit card transactions over the internet.

In 2003, Rod co-founded a global peace network of CEO's which initiated Track II diplomatic efforts between India and Pakistan. The group’s symbolic actions opened the borders to people and trade, and contributed to ending the most recent Indo-Pak conflict. It's one of several non-profit groups and initiatives Rod has started. He now serves on the boards of the Environmental Defense Fund, which Fortune Magazine ranked as one of the seven most powerful boards in the world and Jamii Bora Trust an innovative micro-lending group in Africa with more than 200,000 members.

He is a graduate of Stanford University with an MBA and a BA with Honors and Distinction. He served as Chairman of the Council of Presidents of the combined Stanford student body (ASSU) and was a Fulbright Scholar at the University of St. Gallen in Switzerland.

Rich Marshall is the Founder and President of X-SES Consultants, LLC, the former Vice President of Cyber Programs at Triton FSI and is a nationally and internationally recognized thought leader on cyber related issues. He provides an impressive professional network and is known for facilitating the establishment of programs and contracts. He has extensive leadership experience in formulating growth strategies, integrating policy, culture and training with technology issues, building relationships and delivering lasting results. He is also a strategic thinker who knows how to lead and very importantly, knows where to lead. He previously was a member of the Senior Cryptologic Executive Service (SCES) and the Defense Intelligence Senior Executive Service (DISES). Prior to joining Triton FSI, he was the Director of Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security (DHS) by special arrangement between the Director, National Security Agency (DIRNSA) and the Secretary of DHS. Within DHS he directed National Cyber Security Education Strategy; and the Software Assurance; Research and Standards Integration; and Supply Chain Risk Management programs.

Mr. Marshall was previously the Senior Information Assurance (IA) Representative, Office of Legislative Affairs at the National Security Agency (NSA) where he served as the Agency's point of contact for all NSA Information Security (INFOSEC) matters concerning Congress. He devised the IA legislative strategy, helped shape the passage of the revised Foreign Intelligence Surveillance Act and was the Comprehensive National Cyber Security Initiative (CNCI).

In 2001, Mr. Marshall was selected by the Cyber Advisor to the President to serve as the Principal Deputy Director, Critical Infrastructure Assurance Office (CIAO), where he led a team of 40 dedicated professionals in developing, coordinating and implementing the Administration's National Security for Critical Infrastructure Protection initiative and the National Cyber Security Strategy to address potential threats to the nation's critical infrastructures.

From 1994 to 2001, Mr. Marshall served with distinction as the Associate General Counsel for Information Systems Security/Information Assurance, Office of the General Counsel, National Security Agency. In that capacity, Mr. Marshall provided advice and counsel on national security telecommunications and technology transfer policies and programs, national security telecommunications technical security programs, the National Information Assurance Partnership, the Common Criteria Mutual Recognition Arrangement, legislative initiatives and international law. Mr. Marshall was the legal architect for the Joint Chiefs of Staff directed exercise "Eligible Receiver 97" that spotlighted many of the cyber-vulnerabilities of our nation's critical infrastructures and helped bring focus on this issue at the national leadership level.

Mr. Marshall graduated from The Citadel with a B.A. in Political Science; Creighton University School of Law with a J.D. in Jurisprudence; Georgetown School of Law with an LL.M. in International and Comparative Law; was a Fellow at the National Security Law Institute, University of Virginia School of Law in National Security Law; attended the Harvard School of Law Summer Program for Lawyers; the Georgetown University Government Affairs Institute on Advanced Legislative Strategies and participated in the Information Society Project at Yale Law School and in the Privacy, Security and Technology in the 21st Century program at Georgetown University School of Law.

Jerry Dixon currently serves as Director of Analysis for Team Cymru and was the former Director of the National Cyber Security Division (NCSD) & US-CERT, of the Department of Homeland Security. He continues to advise partners on national cyber-security threats, aides organizations in preparing for cyber-attacks, and assists with the development of cyber-security policies for organizations.

Mischel Kwon is an IT executive with more than 29 years of experience ranging from application design and development, network architecture and deployment, Information Assurance policy, audit and management, technical defensive security, large wireless system security, to building organizational and national level Computer Emergency/Incident Response/Readiness Teams.

Ms. Kwon currently serves as the President of Mischel Kwon Associates, a security consulting firm specializing in Technical Defensive Security, Security Operations and Information Assurance.

Most recently, as the Vice President of Public Sector Security for RSA Security, Ms. Kwon was responsible for leading RSA in assisting the public sector security solutions, strategies, technologies and policy.

Ms. Kwon was named the Director for the United States Computer Emergency Readiness Team (US-CERT) in June 2008 where she spearheaded the organization responsible for analyzing and reducing cyber threats and vulnerabilities in federal networks, disseminating cyber threat warning information and coordinating national incident response activities.

Kwon brings a unique blend of hands on experience, academic research and training, and a seasoned understanding of how to build operational organizations from inception. Among her successes at the United States Department of Justice (DOJ), where she was Deputy Director for IT Security Staff; she built and deployed the Justice Security Operations Center (JSOC) to monitor and defend the DOJ network against cyber threats.

Ms. Kwon holds a Master of Science in Computer Science and a graduate certificate in Computer Security and Information Assurance. In addition, she serves as an adjunct professor at George Washington University in Washington, DC, where Ms. Kwon also runs the GW Cyber Defense Lab.

Riley Repko remains committed to building the ‘knowledge-bridge’ between the innovator (the solver) with the requirement (the seeker). He has a long history of working with innovative small and medium sized companies and entrepreneurs leveraging his know-how to drive business. A constant and responsive connector, he is most comfortable strategizing with key industry decision-makers at the highest levels of government, between leading-edge cyber solution providers, venture capitalists, the white-hat 'wizards' and the R&D community. Today, Riley serves as both a cyber-secuirty consultant and a Senior Research Fellow in Cyber Security for Virginia Tech, and as an affiliated faculty member with the Ted and Karyn Hume Center for National Security and Technology. Prior to joining Virginia Tech, Mr Repko served as the senior advisor for cyber operations for both the United States Air Force and to the Office of the Undersecretary for Cyber Policy within the Department of Defense.

Dr. Linton Wells II is the Director of the Center for Technology and National Security Policy (CTNSP) at National Defense University (NDU). He is also a Distinguished Research Professor and serves as the Transformation Chair. Prior to coming to NDU he served in the Office of the Secretary of Defense (OSD) from 1991 to 2007, serving last as the Principal Deputy Assistant Secretary of Defense (Networks and Information Integration). In addition, he served as the Acting Assistant Secretary and DoD Chief Information Officer for nearly two years. His other OSD positions included Principal Deputy Assistant Secretary of Defense (Command, Control, Communications and Intelligence-C3I) and Deputy Under Secretary of Defense (Policy Support) in the Office of the Under Secretary of Defense (Policy).

In twenty-six years of naval service, Dr. Wells served in a variety of surface ships, including command of a destroyer squadron and guided missile destroyer. In addition, he acquired a wide range of experience in operations analysis; Pacific, Indian Ocean and Middle East affairs; and C3I. Recently he has been focusing on STAR-TIDES, a research project focusing on affordable, sustainable support to stressed populations and public-private interoperability.

Dr. Wells was born in Luanda, Angola, in 1946. He was graduated from the United States Naval Academy in 1967 and holds a Bachelor of Science degree in physics and oceanography. He attended graduate school at The Johns Hopkins University, receiving a Master of Science in Engineering degree in mathematical sciences and a PhD in international relations. He is also a 1983 graduate of the Japanese National Institute for Defense Studies in Tokyo, the first U.S. naval officer to attend there.

Dr. Wells has written widely on security studies in English and Japanese journals. He co-authored Japanese Cruisers of the Pacific War, which was published in 1997 and co- edited Crosscutting Issues in International Transformation, published in 2009. His hobbies include history, the relationship between policy and technology, and scuba diving. He has thrice been awarded the Department of Defense Medal for Distinguished Public Service.

Mark Weatherford is the Deputy Under Secretary for Cybersecurity for the National Protection and Programs Directorate (NPPD), a position that will allow DHS NPPD to create a safe, secure, and resilient cyberspace. Weatherford has a wealth of experience in information technology and cybersecurity at the Federal, State and private sector levels.

Weatherford was previously the Vice President and Chief Security Officer of the North American Electric Reliability Corporation (NERC) where he directed the cybersecurity and critical infrastructure protection program. Before NERC, Weatherford was with the State of California where he was appointed by Governor Arnold Schwarzenegger as the state’s first Chief Information Security Officer. Prior to California, he served as the first Chief Information Security Officer for the State of Colorado, where he was appointed by two successive governors. Previously, as a member of the Raytheon Company, he successfully built and directed the Navy/Marine Corps Intranet Security Operations Center (SOC) in San Diego, California, and also was part of a team conducting security certification and accreditation with the U.S. Missile Defense Agency. A former U.S. Navy Cryptologic Officer, Weatherford led the U.S. Navy’s Computer Network Defense operations and the Naval Computer Incident Response Team (NAVCIRT).

Weatherford earned a bachelor’s degree from the University of Arizona and a master’s degree from the Naval Postgraduate School. He also holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) certifications. He was awarded SC Magazine’s prestigious “CSO of the Year” award for 2010 and named one of the 10 Most Influential People in Government Information Security for 2012 by GovInfo Security.

Marcus Sachs is a retired Army officer and was also a presidential appointee to the White House Office of Cyberspace Security in 2002-2003. While at the White House he authored parts of the National Strategy to Secure Cyberspace, and proposed the creation of what ultimately became the US-CERT at DHS.

During his Army career he was well known for tinkering with things technical and often found ways to circumvent traditional controls and constraints to achieve mission success. An avid ham radio operator, he was the custodian of two different MARS stations and helped with the engineering of large X.25 packet switching networks in the 1980s long before Netscape and the Internet came along. In 1994 he became known as the Voodoo Switchdoctor thanks to his expertise in building and running secure data networks in Haiti that supported military operations there. In 1998 he was selected by the SECDEF to be an initial member of the DoD's Joint Task Force for Computer Network Operations, where he served until he retired at the end of 2001. At the JTF he spent time chasing malicious actors at all levels, from script-kiddie hackers to terrorists to nation states that were attempting to do harm to DoD networks. After leaving government in 2003 he volunteered as the director of the SANS Internet Storm Center for seven years and became well known at Defcon for sporting his motorcycle leather in the Las Vegas heat.

Currently at Verizon, Marcus now serves on several public-private working groups in the Washington D.C. area and is a frequent speaker at both technical as well as policy centric events and workshops. He holds degrees in Civil Engineering, Computer Science, and Science and Technology Commercialization, and is currently pursuing a Ph.D. in Public Policy. He authored and teaches a three-day course in Critical Infrastructure Protection at the SANS Institute and is a licensed Professional Engineer in the Commonwealth of Virginia.

Mr. Rob Joyce is the Deputy Director of the Information Assurance Directorate (IAD) at the National Security Agency. His organization is the NSA mission element charged with providing products and services critical to protecting our Nation’s systems that carry classified communications, military command and control or intelligence information. IAD provides technical expertise on cyber technologies, cryptography, security architectures and other issues related to information assurance, as well as supplying deep understanding of the vulnerability and threats to national security systems.

Mr. Joyce has spent more than 23 years at NSA, beginning his career as an engineer. He holds a Bachelors Degree in Electrical and Computer Engineering from Clarkson University a Masters Degree in Electrical Engineering from Johns Hopkins. Throughout his career with NSA, he has been the recipient of two Presidential Rank Awards, one meritorious and one at the distinguished level.

return to top

SIGINT and Traffic Analysis for the Rest of Us

Last year, we discovered practical protocol weaknesses in P25, a "secure" two-way radio system used by, among others, the federal government to manage surveillance and other sensitive law enforcement and intelligence operations. Although some of the problems are quite serious (efficient jamming, cryptographic failures, vulnerability to active tracking of idle radios, etc), many of these vulnerabilities require an active attacker who is able and willing to risk transmitting. So we also examined passive attacks, where all the attacker needs to do is listen, exploiting usability and key management errors when they occur. And we built a multi-city networked P25 interception infrastructure to see how badly the P25 security protocols do in practice (spoiler: badly).

This talk will describe the P25 protocols and how they failed, but will focus on the architecture and implementation of our interception network. We used off-the-shelf receivers with some custom software deployed around various US cities, capturing virtually every sensitive, but unintentionally clear transmission (and associated metadata) sent by federal agents in those cities. And by systematically analyzing the captured data, we often found that the whole was much more revealing than the sum of the parts. Come learn how to set up your own listening-post.

Sandy 'Mouse' Clark Sandy Clark (Mouse) has been taking things apart since the age of two, and still hasn't learned to put them back together. An active member of the Hacker community, her professional work includes an Air Force Flight Control Computer, a simulator for NASA and singing at Carnegie Hall, and a minor in history. She is (still) at the University of Pennsylvania. A founding member of Toool-USA, she also enjoys puzzles, toys, Mao (the card game), and anything that involves night vision goggles. Her research explores human scale security, modeling the attacker/defender ecosystem and the unexpected ways that systems interact.
Twitter: @sa3nder
Google Plus: Sandy_Clark

Matt Blaze directs the Distributed Systems Lab at the University of Pennsylvania, where he teaches hackers to be scientists and scientists to be hackers.
Twitter: @mattblaze
http://www.crypto.com

return to top

Bad (and Sometimes Good) Tech Policy: It's Not Just a DC Thing

Efforts at the federal level to pass laws like SOPA and CISPA and require that tech companies build backdoors into their services for law enforcement use have attacted widespread attention and criticism, and rightly so. But DC is far from the only place that officials are making decisions that impact the privacy and free speech rights of tech users. State and local officials are jumping into the fray as well, passing laws or creating policies that have immediate impact without the spotlight that accompanies federal action.

In this talk, I will survey several areas where state and local officials have recently been active, including warrantless location tracking, searches of student and employee devices and online accounts, automated license plate recognition, and DNA collection. I will highlight some of the best and worst policies coming from state and local officials. Most of all, I hope to convince you that keeping an eye on -- and even taking time to educate -- your local sheriff or state legislature may be just as important as protecting your freedoms at the national level.

Chris Conley is the Technology and Civil Liberties Policy Attorney at the ACLU of Northern California, where his mission is to ensure that emerging technology bolsters rather than erodes individual privacy and free speech rights. He takes a multidisciplinary approach to protecting civil liberties, from building apps and other tools that help users better understand and control the flow of their personal information to working on resources that help businesses build privacy and free speech protections into new products and services. He has particularly focused on the role that privacy companies can play in protecting the freedoms of their users.

Prior to joining the ACLU of Northern California, Chris was a Fellow with the Berkman Center for Internet & Society at Harvard University, where he led research efforts on international Internet surveillance. He previously worked as a software engineer and data architect for various corporations and non-profits.

Chris holds a B.S.E. in Electrical Engineering from The University of Michigan, a S.M. in Computer Science from the Massachusetts Institute of Technology, and a J.D. from Harvard Law.
Twitter: @ManConley
Facebook:aclunc

return to top

Life Inside a Skinner Box: Confronting our Future of Automated Law Enforcement

From smart pajamas that monitor our sleep patterns to mandatory black boxes in cars to smart trash carts that divulge recycling violations in Cleveland, virtually every aspect of our lives is becoming instrumented and increasingly connected to law enforcement, government, and private entities. At the same time, these entities are incentivized to further collect, process, and punish in the name of financial advantage, public safety, or security. The trend of automated law enforcement is inescapable and touches every citizen. This talk will explore the implications of automated law enforcement, study the incentives at play, survey recent advances in sensing and surveillance technology, and will seek to answer the following questions and more. Were laws written with the idea of universal and perfect enforcement in mind? What are the implications of living in a society where every transgression might be detected and punished? What happens to the discretion of the officer on the beat, and the larger system of law, when we take the human out of the loop? Where does a security savvy, privacy conscious, and law abiding society end and a police state begin? You'll leave this talk with an awareness of the problem of automated law enforcement, challenges we face in ensuring such systems are properly constrained, ideas for your personal research agenda, and tools to help improve the prospects of our collective future.

Greg Conti is Director of West Point's Cyber Research Center. He is the author of Security Data Visualization (No Starch Press) and Googling Security (Addison-Wesley) as well as over 40 articles and papers covering online privacy, usable security, security data visualization, and cyber warfare. His work can be found at www.gregconti.com and www.rumint.org.
http://www.gregconti.com/


Lisa Shay is an Assistant Professor in the Department of Electrical Engineering and Computer Science at the US Military Academy at West Point. She is a Marshall Scholar with an M.Sc. from Cambridge University and a Ph.D. from Rensselaer Polytechnic Institute, both in Electrical Engineering. She is a Senior Member of the Institute of Electrical and Electronic Engineers. Her research interests include sensor systems and their implications on individual and societal privacy and freedom.

Woodrow Hartzog is an Assistant Professor at the Cumberland School of Law at Samford University and an Affiliate Scholar at the Center for Internet and Society at Stanford Law School. His research focuses on privacy, human-computer interaction, online communication, and electronic agreements. He holds a Ph.D. in mass communication from the University of North Carolina at Chapel Hill, an LL.M. in intellectual property from the George Washington University Law School, and a J.D. from Samford University. He previously worked as an attorney in private practice and as a trademark attorney for the United States Patent and Trademark Office. He also served as a clerk for the Electronic Privacy Information Center.

return to top

Owning the Network: Adventures in Router Rootkits

Routers are the blippy switchy boxes that make up the infrastructure of networks themselves, yet few administrators actually care to change the default login on these devices. Interestingly, nearly all consumer (SOHO) routers allow a user to reflash the device by uploading a (presumably vendor-provided) firmware image. By abusing this feature, it is possible for an attacker to craft his or her own malicious firmware image and execute arbitrary code on the device, granting full control over the OS, the network it manages, and all traffic passing through it. Additionally, interesting persistence and pivot opportunities are realized, allowing an attacker to maintain access or target internal hosts in a covert way.

Based on personal experience, we'll examine the process of backdooring firmware images for SOHO routers from start to finish. A generalized technique to backdoor firmware images will be outlined, and a new framework to abstract and expedite the process will be publicly released. Working examples will be presented which demonstrate the ability to pop shells, hide connections, sniff traffic, and create a router botnet of doom.

Michael Coppola is currently an undergraduate student at Northeastern University and works as a security consultant at Virtual Security Research in Boston, MA. In past years, he won the U.S. Cyber Challenge NetWars and MIT Lincoln Lab/CSAIL CTF competitions, and is noted for finding security bugs in various Google services. His interests include memory corruption, poking at the Linux kernel, and burning things with a soldering iron. More information may be found at: www.poppopret.org
Twitter: @mncoppola

return to top

World War 3.0: Chaos, Control & the Battle for the Net

There is a battle under way for control of the Internet. Some see it as a fight between forces of Order (who want to superimpose existing, pre-digital power structures and their notions of privacy, intellectual property, security, and sovereignty onto the Net) and forces of Disorder (who want to abandon those old structures and let the will of the crowd control a new global culture). Yet this binary view of the conflict excludes the characters with the best chance of resolving it: those who know that control is impossible and chaos is untenable, a group that Vanity Fair, in an article called "World War 3.o," called "the forces of Organized Chaos." This panel gathers leading proponents of that worldview to discuss urgent issues of Internet governance, which may come to a head later this year in a Dubai meeting of the U.N.'s International Telecommunications Union. If government control and anarchistic chaos online are unacceptable, what exactly do the forces of organized chaos propose as an alternative? And what is the DefCon community's role in helping to realize that vision of the Net?

Joshua Corman is the Director of Security Intelligence for Akamai Technologies and has more than a decade of experience in security. Most recently he served as Research Director for Enterprise Security at The 451 Group following his time as Principal Security Strategist for IBM Internet Security Systems. Mr. Corman’s research highlights adversaries, game theory and motivational structures. His analysis cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting incentives.
Twitter: @joshcorman
http://blog.cognitivedissidents.com


Dan Kaminsky: I play with toys
http://dankaminsky.com
Twitter: @dakami


Jeff Moss is the founder of DEF CON and Black Hat.
http://defcon.org
Twitter: @darktangent

Rod Beckstrom is a highly successful entrepreneur, founder and CEO of a publicly-traded company, a best-selling author, avowed environmentalist, public diplomacy leader and, most recently, the head of a top-level federal government agency entrusted with protecting the nation’s communication networks against cyber attack.

Throughout 2008, Rod served as the Director of the National Cybersecurity Center (NCSC) at the U.S. Department of Homeland Security, where he reported to the Secretary of DHS, and was charged with cooperating directly with the Attorney General, National Security Council, Secretary of Defense, and the Director of National Intelligence (DNI). Prior to joining DHS, he served on the DNI’s Senior Advisory Group. Rod is unique in having experienced the inner workings of two, highly-charged, often competing, federal security agencies created in the wake of the September 11th attacks, an event that he says, “changed my life.”

Rod is widely regarded as a pre-eminent thinker and speaker on issues of cybersecurity and related global issues, as well as on organizational strategy and leadership. He is also an expert on how carbon markets and “green” issues affect business. While Director of the NCSC, Rod developed an effective working group of leaders from the nation's top six cybersecurity centers across the civilian, military and intelligence communities. His work led to his development of a new economic theory that provides an explicit model for valuing any network, answering a decades-old problem in economics.

Michael Joseph Gross is an American author and journalist.

He is a contributing editor to Vanity Fair, where he covers topics including politics, technology, and national security. He has also written extensively for publications such as The New York Times, The Boston Globe, and GQ. Gross is the author of the book Starstruck: When a Fan Gets Close to Fame, published in 2006 by Bloomsbury Publishing.

Gross attended Williams College, and later studied at Princeton Theological Seminary. After graduating, he wrote speeches for Massachusetts Governor William Weld.
Twitter: @M_J_Gross

return to top

Embedded Device Firmware Vulnerability Hunting Using FRAK, the Firmware Reverse Analysis Konsole

We present FRAK, the firmware reverse analysis konsole. FRAK is a framework for unpacking, analyzing, modifying and repacking the firmware images of proprietary embedded devices. The FRAK framework provides a programmatic environment for the analysis of arbitrary embedded device firmware as well as an interactive environment for the disassembly, manipulation and re-assembly of such binary images.

We demonstrate the automated analysis of Cisco IOS, Cisco IP phone and HP LaserJet printer firmware images. We show how FRAK can integrate with existing vulnerability analysis tools to automate bug hunting for embedded devices. We also demonstrate how FRAK can be used to inject experimental host-based defenses into proprietary devices like Cisco routers and HP printers.

Ang Cui is the founder of Red Ballon Security Inc., which specializes in the development of offensive and defensive technologies for embedded systems. Ang is also currently a PhD candidate at Columbia University in the Intrusion Detection Systems Laboratory.

return to top

Looking Into The Eye Of The Meter

When you look at a Smart Meter, it practically winks at you. Their Optical Port calls to you. It calls to criminals as well. But how do criminals interact with it? We will show you how they look into the eye of the meter. More specifically, this presentation will show how criminals gather information from meters to do their dirty work. From quick memory acquisition techniques to more complex hardware bus sniffing, the techniques outlined in this presentation will show how authentication credentials are acquired. Finally, a method for interacting with a meter's IR port will be introduced to show that vendor specific software is not necessary to poke a meter in the eye.

This IS the talk that was not presented at ShmooCon 2012 in response to requests from a Smart Grid vendor and the concerns of several utilities. We have worked with them. They should be okay with this.....should.....

Cutaway: Jack of All Trades and hardware attack dog for the InGuardians founders. I specialize in physical and information technology penetration testing, web assessments, wireless assessments, architecture review, incident response/digital forensics, product research, hardware research, code review, security tool development, and the list goes on. I am currently focusing on hardware research specifically in the technologies surrounding products comprising the SMART GRID with a focus on implementing Zigbee protocol API's and microprocessor disassembers/emulators for research, testing, risk assessment, and anything else you can think of with these technologies.
Twitter: @cutaway
http://www.cutawaysecurity.com/blog

return to top

SQL Injection to MIPS Overflows: Rooting SOHO Routers

Three easy steps to world domination:

  1. Pwn a bunch of SOHO routers.
  2. ???
  3. Profit

I can help you with Step 1. In this talk, I'll describe several 0-day vulnerabilities in Netgear wireless routers. I'll show you how to exploit an unexposed buffer overflow using nothing but a SQL injection and your bare hands. Additionally, I'll show how to use the same SQL injection to extract arbitrary files from the file systems of the wifi routers. This presentation guides the audience through the vulnerability discovery and exploitation process, concluding with a live demonstration. In the course of describing several vulnerabilities, I present effective investigation and exploitation techniques of interest to anyone analyzing SOHO routers and other embedded devices.

Zachary Cutlip is a security researcher with Tactical Network Solutions, in Columbia, MD. At TNS, Zach develops exploitation techniques targeting embedded systems and network infrastructure. Since 2003, Zach has worked either directly for or with the National Security Agency in various capacities. Before becoming a slacker, he spent six years in the US Air Force, parting ways at the rank of Captain. Zach holds an undergraduate degree from Texas A&M University and a master's degree from Johns Hopkins University.
Twitter:@zcutlip

return to top

DC RECOGNIZE Awards

DEF CON is proud to announce the 2nd annual DEF CON awards ceremony, renamed the DC Recognize Awards. These awards are given to deserving individuals in the community, industry, and media.

You voted, so come see who made the cut. The categories we're giving out awards in are:

- Worst coverage of security/hacker related issues by a media person or outlet (Print Media)
- Worst coverage of security/hacker related issues by a media person or outlet (Broadcast Media)
- Best privacy enhancing technology for the last 12 months
- Best security or hacker related Twitter feed
- The "Twit Twat" award for the worst security or hacker related Twitter feed
- The "Captain Obvious" award for the most "common sense" BS talk at DEF CON 20.
(no noms before the con, obvs.)
- The "Security Charlatan of the Year" award

return to top

Hacking Humanity: Human Augmentation and You

You've played Deus Ex. You've seen Robocop. You've read Neuromancer. You've maybe even wondered just what dark mix of technology and black magic keeps the withered heart of Richard "Dick" Cheney pumping coronary after coronary. Now it's time to get off the couch and put down the controller. Human augmentation is no longer constrained to the world of speculative fiction and vice-presidential medicine; biomechanical interfaces are an exploding area of active research, development, and implementation. And they're here to stay.

Join medical student/hacker enthusiasts quaddi and r3plicant for a fun-filled tour through the brave new world of the latest and greatest in this exciting new melding of medicine and technology. From the simplest insulin pump to the latest gyroscopic prosthesis for wounded veterans, from the full body DARPA developed exoskeleton of the future to the changes currently being implemented in our most fundamental building blocks, this talk explores what was, what is and what will be in the future of human augmentation, and more importantly, what you need to know to get started down the path to Robocop glory.

Christian "quaddi" Dameff is a third year medical student and former OCTF champion (Sudoers). Former research and interests include: therapeutic hypothermia after cardiac arrest (brrr!), novel drug targets for post Myocardial Infarction patients, and the future of medicine in enhancing the human condition. This is his eighth DEF CON.

Jeff "r3plicant" Tully is a third year medical student who is fascinated by the intersections of healthcare and informatics and the promise such relationships have to revolutionize the practice of medicine. A microbiologist with an undergraduate degree in biochemistry, Jeff's thesis project at the Biodesign Institute at ASU involved "hacking" the genome of Salmonella bacteria to produce novel strains for anti-cancer treatments. This is his second DEF CON and he looks forward to many more.

return to top

Connected Chaos: Evolving the DCG/Hackspace Communication Landscape

As hackers, we have access to tremendous informational power. At our individual hackerspaces and DCGs we build communities of like minded hackers that push the limits of technology. But have we gone far enough in building a global hacking community that celebrates diversity and unleashes world-changing genius?

We can accelerate the opportunity for community and change through technology. Take a seat and hear what resources are available to the groups and hackspaces in your area. By connecting our chaos, we can transcend the isolation and polarization that dominates much of our communities. We can unite and empower. Join the discussion and chaos so we can evolve the way our community will be connected.

How do you change the world? One connected hacker, hackerspace and DCG at a time.

Blakdayz DC225 - pwns the NSA while sleeping
Twitter: @blakdayz
Facebook: blak dayz

Anarchy Angel I be pimpin hoes
Twitter: @anarchyang31, @dc414
G+: dc414

Anch
Dave Marcus Picker of locks, hacker of the corporate ladder, lifter of heavy things
Twitter: @DaveMarcus

Nick Farr The Johnny Appleseed of Hackerspaces

return to top

Not-So-Limited Warranty: Target Attacks on Warranties for Fun and Profit

Frequently people consider a serial number as nothing but a number but in this presentation you will be shown the multitude of ways in which an attacker could utilize serial numbers to hurt you,to hurt companies as well as to track your movements. A brief primer on the function and use of serial numbers in the real world will be provided. Focusing on Apple, Amazon and Pringles and providing in-depth insight into the varying degrees of trust a serial number will gain you. Attack vectors ranging from Apple to Pringles and everywhere in between along with points about how to prevent similar tragedies from occurring with your product.

Darkred is a high-school student currently residing in the United States. In his free time, he enjoys testing the vulnerabilities of companies' security and warranty policies. He does this in order to make said companies aware of serious flaws in their policies. His tests range from High Value Electronics to free coupons for soda and chips. With this information, he hopes that big companies like Apple can protect their warranty policies and their consumers.

return to top

DivaShark - Monitor your Flow

Analyzing live network traffic is nothing new but the tools still seem limited. Wireshark is great for post capture analysis but when the packets are coming at you live, nothing currently gives your stream or session level visibility. How many times have you clicked 'Follow this stream' just to have that stream update and you have to reprocess the entire PCAP? That's great when it's just your machine but when you're monitoring a network, it limits your view and is a pain. As more traffic adds, this problem grows and makes life for your little netbook quite painful. Enter DivaShark - your live packet capture solution.

**pause for uproarious applause and standing ovation**

DivaShark is designed around live packet capture analysis. It breaks traffic down into connections/flows and lets you process them independently. It continues to parse the data as it comes in so that you can pay attention to the data you really care about. It's design allows you to perform processing live per stream and perform actions like extraction of files or images. This project really came about after frustration with Wireshark while playing Capture the Packet the past two years and is an answer to this sort of situation. What I'm proposing is that someone can kill capture-the-packet with this tool w ithout breaking a sweat (yes this might be a challenge).

Robert Deaton is a new guy on the block who has been sitting on the sideline for the last several years. While his focus has mainly been in math and physics, computer science and security has always been a passion he holds close. After recently getting back into the arena he has set out to make his life easier by writing tools that automate things for him. When he's not drinking with friends, out catching a concert, or thrill seeking on a snowboard or mountain bike, he can be found moderating numerous subreddits and complaining about human stupidity while he does it.

return to top

Beyond the War on General Purpose Computing: What's Inside the Box?

Assuming the failure of all the calls to regulate PCs and the Internet because people might do bad things with them, what then? Civil war, that's what. The su/user split we inherited from multiuser systems has given us a false intuition: that owners of computers, and not their users, should set policy on them. How will that play out when your car, house, legs, ears and heart are driven by computers that you don't own?

Cory Doctorow (craphound.com) is a science fiction author, activist, journalist and blogger -- the co-editor of BoingBoing (boingboing.net) and the author of Tor Teens/HarperCollins UK novels like FOR THE WIN and the bestselling LITTLE BROTHER. He is the former European director of the Electronic Frontier Foundation and co-founded the UK Open Rights Group. Born in Toronto, Canada, he now lives in London.

return to top

Sploitego - Maltego's (Local) Partner in Crime

Have you ever wished for the power of Maltego when performing internal assessments? Ever hoped to map the internal network within seconds? Or that Maltego had a tad more aggression? Sploitego is the answer. In the presentation we'll show how we've carefully crafted several local transforms that gives Maltego the ooomph to operate nicely within internal networks. Can you say Metasploit integration? ARP spoofing? Passive fingerprinting? SNMP hunting? This all is Sploitego. But wait - there's more. Along the way we'll show you how to use our awesome Python framework that makes writing local transforms as easy as 'Hello World'.

Sploitego makes it easy to quickly develop, install, distribute, and maintain Maltego Local transforms. The framework comes with a rich set of auxiliary libraries to aid transform developers with integrating attack, reconnaissance, and post exploitation tools. It also provides a slew of web tools for interacting with public repositories.

Sploitego and its underlying Python framework will be released at DEF CON as open source - yup - you can extend it to your heart's content. During the presentation we'll show the awesome power of the tool with live demos and scenarios as well as fun and laughter.

Nadeem Douba - GWAPT, GPEN: Currently situated in the Ottawa (Ontario, Canada) valley, Nadeem is a senior research analyst at Cygnos Information Security (a Raymond Chabot Grant Thornton company). Nadeem provides technical security consulting services to various clients in the health, education, and public sectors. Nadeem has been involved within the security community for over 10 years and has frequently presented at ISSA and company sponsored seminars and training sessions. He is also an active member of the open source software community and has contributed to projects such as libnet, Backtrack, and Maltego.

return to top

Not So Super Notes, How Well Does US Dollar Note Security Prevent Counterfeiting?

The security of US dollar notes is paramount for maintaining their value and safeguarding the US and dependent economies. Counterfeiting has historically been a crime of high sophistication, but has the prevalence of affordable color scanning and printing equipment changed that? This talk analyzes the security features of US dollars to determine the minimum sized organization that could successfully execute an attack.

Matthew Duggan holds a Bachelors and Masters degree in computer science, and has been working as a software engineer for almost 10 years. He enjoys testing the limits of systems, especially in regards to security. When he is not reading about security or picking locks he brews beer and watches movies.

return to top

Post Metasploitation: Improving Accuracy and Efficiency in Post Exploitation Using the Metasploit Framework

As many in this community have echoed, shell is just the beginning. Owning a box is all well and good, but where do you go from there? Everyone has their own secret sauce for furthering their access after gaining a foothold. This talk will focus on the techniques, from simple to advanced, available for post exploitation using the Metasploit Framework.

egypt is a software developer for Rapid7 where he is a core developer for the Metasploit Framework. Before devoting all his time to Metasploit, he was a Cybersecurity researcher for Idaho National Laboratory where he discovered numerous vulnerabilities in SCADA and Industrial Control Systems and probably didn't write Stuxnet. egypt has presented at DEF CON, BSidesLV, Black Hat, Derbycon and other venues. Note that egypt is not Egypt. The two can be distinguished easily by their relative beards -- Egypt has millions, while egypt only has the one.
Twitter: @egyp7

return to top

The Paparazzi Platform: Flexible, Open-Source, UAS Software and Hardware

This presentation introduces the Paparazzi framework, an Open-Source (GPL3 and OSHW CC-by-SA) software and hardware robotics platform focused on Unmanned Aerial Systems (UASes). Paparazzi’s power and flexibility enable rapid development and robust control of diverse vehicle types – from fixed-wing airplanes to multicopters and transitioning aircraft – while its open nature permit customization and integration with other systems.

We show the capabilities of the platform and some achievements from all around the world with this platform. We also will show what we are working on and introduce it to the public.

What will you do with that powerful tool?

The Paparazzi autopilots, a multicopter, and the Quadshot – a VTOL, multirotor, transitioning flying wing – are presented.

esden received his degree in Computer Science from the University of Applied Sciences, Rosenheim in 2008 and acted as research assistant at the Intelligent Autonomous Systems Group at T.U. Munich until 2009. In 2010 he began work at Joby Energy Inc. as an Embedded Systems and Motor Control Engineer. In 2011 he co-founded Transition Robotics, Inc. where he serves as the Embedded Systems and Avionics Engineer. He is a long term member of the Open-Source community and is core developer of Paparazzi UAV, libopencm3 cortex-m3 open source firmware library, open-bldc open source brushless motor controller, he is also involved with many other Open-Source projects and submitting patches here and there. ;)
Twitter: @esden
Facebook: esdentem
http://www.esden.net


dotAero obtained an S.B. in Aerospace Engineering from MIT in 2009 and an M.S.E. (Aerospace Engineering) from the University of Michigan, Ann Arbor in 2010 and worked on diverse projects ranging from designs for electrically-propelled spacecraft to stall and surge resistant compressors, and underwater ROVs during his university career.From 2010-2011, he served as the Lead Engineer for Aerodynamics at Joby Energy, Inc. He enjoys working on innovative aerodynamic design concepts for UAVs, which led him to co-found Transition Robotics, Inc. in 2011, where he serves as the Aerodynamics and Controls Engineer. He is designing dedicated airframes for Paparazzi vehicles since 2010.


misterj received a Bachelor's degree in Computer Science from Pomona College in 2002 and worked at Apple Computer, Inc. until 2007. In 2008 he began work at Joby Energy, Inc. and in 2010, he received his M.S.M.E. from San Jose State University with emphases on Mechatronics and Design. In 2011, he co-founded Transition Robotics, Inc. where he serves as the Mechanical Engineer. He is doing mechanical design for Paparazzi dedicated airframes since 2008. He also designs self balancing one wheel skateboards.


cifo grew up with model aviation and took Aeronautical Engineering at Embry-Riddle Aeronautical University. In 2011 he co-founded Transition Robotics, Inc. where he heads up prototyping and flight testing. He is integrating and flying Paparazzi based UAV since 2011.

return to top

Hacking the Google TV

The GoogleTV platform is designed to bring an integrated web experience, utilizing the Chrome web browser and Android applications, to your television. GoogleTV is based on the Android operating system, which is mainly used in tablets and smart phones, but customized with security features not normally seen on most Android devices. The current version of the platform utilizes signatures to establish a “chain of trust” from bootloader to system applications.

This presentation will focus on the current GoogleTV devices, including X86 platform details, and the exhaustive security measures used by each device. The presentation will also include video demonstrations of previously found bugs and exploits for each GoogleTV device and includes specific details about how each bug works. Furthermore, we will include interesting experiences that the team has encountered along the way. Finally the talk will be capped off with the release of multiple unpublished GoogleTV exploits which will allow unsigned kernels across all x86 devices (Revue / Sony GoogleTV).

Amir "Zenofex" Etemadieh founded the GTVHacker group and has been working on the GTVHacker project from its initial start in November 2010. Amir has done independent security research in consumer electronics including the Logitech Revue, Ooma Telo, Samsung Galaxy S2, Boxee Box and services such as the 4G Clear Network finding both hardware and software flaws.
Twitter: @zenofex
http://blog.gtvhacker.com
http://www.gtvhacker.com


CJ Heres is an IT consultant during the day, tinkerer at night. He enjoys examining and repairing all sorts of devices from cars to blu-ray players. His philosophy is to use a simple approach for complex problems. CJ’s recent work includes Sony GoogleTV, Boxee Box, and Vizio Smart TV’s.
Twitter: @cj_000_


Dan Rosenberg Dan Rosenberg is a vulnerability researcher who takes sick pleasure in exploiting anything with a CPU. He once punched an Android in the face.
Twitter: @djrbliss


Tom "tdweng" Dwenger is a software engineer who has been developing and reversing Android for the last 2 years. Tom is known for being able to quickly reverse Android applications and has been an active member of the GTVHacker team since its initial start in 2010.
Twitter: @tdweng

return to top

Owned in 60 Seconds: From Network Guest to Windows Domain Admin

Their systems were fully patched, their security team watching, and the amateur pentesters just delivered their “compliant” report. They thought their Windows domain was secure. They thought wrong.

Zack Fasel (played by none other than Angelina Jolie) brings a New Tool along with New methods to obtain Windows Integrated Authentication network requests and perform NTLM relaying both internally and externally. The Goal? Start off as a nobody and get domain admin (or sensitive data/access) in 60 seconds or less on a fully patched and typically secured windows environment. The Grand Finale? Zack demonstrates the ability to *externally* gain access to a Windows domain user's exchange account simply by sending them an email along with tips on how to prevent yourself from these attacks.

In just one click of a link, one view of an email, or one wrong web request, this new toolset steals the identity of targeted users and leverages their access. Call your domain admins, hide your road warriors, and warn your internal users. Zack will change the way you think about Windows Active Directory Security and trust relationships driving you to further harden your systems and help you sleep at night.

Owned in 60 Seconds. Coming This Summer.

Zack Fasel is a seasoned Penetration Tester and Security Consultant with diverse experience serving clients ranging in Fortune 1000s, Enterprises, and SMBs in varying industries. He has delivered hundreds of network, wireless, and social penetration tests and subsequently driven strong defensive remediation strategies as a result. Zack tries to stay closely connected to the local security community in Chicago as the lead for dc312[.org] and as a Co-Founder of THOTCON[.org], Chicago’s local Hacking con. When not focusing his efforts on Infosec, Zack can be found playing the untz untz wubs, taking photos, fending off the ladies, or trying to find the nearest Chipotle. Stalkers can stalk him over at zfasel.com or @zfasel on the twitters.
Twitter: @zfasel
zfasel.com

return to top

Hellaphone: Replacing the Java in Android

Android is the only widespread open-source phone environment available today, but actually hacking on it can be an exercise in frustration, with over 14 million lines of code (not counting the Linux kernel!), build times in the hours, and the choice of writing Java or C++/JNI. Add in security debacles like the CarrierIQ affair or the alleged man-in-the-middle attacks at the last DEF CON and Android starts to seem less attractive.

We wanted a phone that's easy to hack on, with a quick development turnaround time. By killing off the Java layer of Android and only loading the underlying Linux system, we found a useful, relatively light-weight platform for further development. We then adapted the Inferno operating system to run on our phones, eventually getting a graphical phone environment in under 1 million lines of code, including a phone application, an SMS app, several text editors, a shell, a compiler, a web browser, a mail client, and even some games. The actual core of the Inferno OS is small and simple enough for one person to read, understand, audit, and hack on; applications are similarly simple and easy to write.

This talk discusses in greater depth our motivations and the methods we used to adapt Android phones to new and excitingly broken purposes. If the Demo Gods are kind, there will also be a demonstration of the Inferno phone environment.

*Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy's National Nuclear Security Administration under contract DE-AC04-94AL85000. SAND-2012-3785 A

John Floren is a Senior Member of Technical Staff at Sandia National Laboratories, where he works in High Performance Computing and security research. He occasionally puts odd operating systems on inappropriate systems, so far having helped port Plan 9 to the IBM Blue Gene series and Inferno to cell phones.

return to top

Hacking [Redacted] Routers

[Redacted] routers are no longer devices only seen in [Redacted]. Entire countries run their Internet infrastructure exclusively on these products and established tier 1 ISPs make increasing use of them. However, very little is known of [Redacted]'s Software Platform and its security. This presentation will introduce the architecture, special properties of configurations and services as well as how to reverse engineer the OS. Obviously, this is done only to ensure compatibility with router products of other vendors ;) Routers might be still hurt in the process.

FX is the leader of the Phenoelit group and loves to hack pretty much everything with a CPU and some communication, preferably networked. He looks back at around fifteen years of (legal) hacking with only a couple Cisco IOS and SAP remote exploits, tools for hacking HP printers and protocol attacks lining the road.

In his day life, FX runs Recurity Labs GmbH, a security consulting and research company in Berlin, Germany.
Twitter: @41414141


Greg joined the Recurity Labs team early 2008. Prior to Recurity Labs, Greg worked as a freelancer for a number of large customers. Greg is experienced in source code audits, black box analysis and reverse engineering. Furthermore, Greg also performs software/system design work at Recurity Labs. Greg works on various internal research projects, where he applies his taste for cryptography.

return to top

Demorpheus: Getting Rid Of Polymorphic Shellcodes In Your Network

One of the most effective techniques used in CTF is the usage of various exploits, written with the help of well-known tools or even manually during the game. Experience in CTF participation shows that the mechanism for detecting such exploits is able to significantly increase the defense level of the team.

In this presentation we propose an approach and hybrid shellcode detection method, aimed at early detection and filtering of unknown 0-day exploits at the network level. The proposed approach allows us to summarize capabilities of shellcode detection algorithms developed over recent ten years into optimal classifiers. The proposed approach allows us to reduce the total fp rate almost to 0, provides full coverage of shellcode classes detected by individual classifiers and significantly increases total throughput of detectors. Evaluation with shellcode datasets, including Metasploit Framework 4.3 plain-text, encrypted and obfuscated shellcodes, benign Win32 and Linux ELF executables, random data and multimedia shows that hybrid data-flow classifier significantly boosts analysis throughput for benign data - up to 45 times faster than linear combination of classifiers, and almost 1.5 times faster for shellcode only datasets.

Svetlana Gaivoronski is a PhD student at Computer Systems Lab, Computer Science Dept. of Moscow State University, Russia. Svetlana is a member of the Bushwhackers CTF team which shows the following results in recent years: 2nd place in Deutsche Post Security Cup 2010, 6th place in the final of ruCTF 2012 (8th at qualification), 12th place at ruCTF Europe 2011, 4th place in the final of ruCTF 2011 (and 1st at qualification), etc. Svetlana works at Redsecure project (experimental IDS/IPS) at Moscow State University. Her primary interests are network worms propagation detection and filtering, shellcode detection, static and runtime analysis of malware.
Twitter:@SadieSV
lvk.cs.msu.su/~sadie

Dennis Gamayunov holds a PhD and works as Senior Researcher at Computer Systems Lab, Computer Science Dept. of Moscow State University, Russia. Dennis is the leader of the small network security research group in MSU, project lead of the experimental event-driven and natively multicore Redsecure IDS/IPS, founder of Bushwhackers CTF team, with primary research and practical interests in network level malcode detection, high-speed traffic processing (including FPGA-based), and OS security with fine-grained privilege separation, SELinux and beyond.
Twitter: @jamadharma
http://redsecure.ru/team/denis-gamayunov

return to top

New Techniques in SQLi Obfuscation: SQL never before used in SQLi

SQLi remains a popular sport in the security arms-race. However, after analysis of hundreds of thousands of real world SQLi attacks, output from SQLi scanners, published reports, analysis of WAF source code, and database vendor documentation, both SQLi attackers and defenders have missed a few opportunities. This talk will iterate through the dark corners of SQL for use in new obfuscated attacks, and show why they are problematic for regular-expression based WAFs. This will point the way for new directions in SQLi research for both offense and defense.

Nick Galbreath is a director of engineering at Etsy, overseeing groups handling fraud, security, authentication and internal tools. Over the last 18 years, Nick has held leadership positions in number of social and e-commerce companies, including Right Media, UPromise, Friendster, and Open Market, and has consulted for many more. He is the author of "Cryptography for Internet and Database Applications" (Wiley), and was awarded a number of patents in the area of social networking. He holds a master's degree in mathematics from Boston University.
Twitter: @ngalbreath
http://client9.com
https://github.com/client9

return to top

Uncovering SAP Vulnerabilities: Reversing and Breaking the Diag Protocol

Nowadays, SAP Netweaver has become the most extensive platform for building enterprise applications and run critical business processes. In recent years it has become a hot topic in information security. However, while fixes and countermeasures are released monthly by SAP at an incredible rate, the available security knowledge is limited and some components are still not well covered.

SAP Diag is the application-level protocol used for communications between SAP GUI and SAP Netweaver Application Servers and it's a core part of any ABAP-based SAP Netweaver installation. Therefore, if an attacker is able to compromise this component, this would result in a total takeover of a SAP system. In recent years, the Diag protocol has received some attention from the security community and several tools were released focused on decompression and sniffing. Nevertheless, protocol specification is not public and internal components and inner-workings remains unknown; the protocol was not understood and there is no publicly available tool for active exploitation of real attack vectors.

This talk is about taking SAP penetration testing out of the shadows and shedding some light into SAP Diag, by introducing a novel way to uncover vulnerabilities in SAP software through a set of tools that allows analysis and manipulation of the SAP Diag protocol. In addition, we will show how these tools and the knowledge acquired while researching the protocol can be used for vulnerability research, fuzzing and practical exploitation of novel attack vectors involving both SAP's client and server applications: man-in-the-middle attacks, RFC calls injection, rogue SAP servers deployment, SAP GUI client-side attacks and more. As a final note, this presentation will also show how to harden your SAP installations and mitigate these threats.

Martin Gallo is a Security Consultant at CORE Security, where he performs application and network penetration testing, conducts code reviews and identifies vulnerabilities in enterprise and third party software. His research interests include enterprise software security, vulnerability research and reverse engineering.

return to top

Post-Exploitation Nirvana: Launching OpenDLP Agents over Meterpreter Sessions

OpenDLP is a free and open source agent-based data discovery tool that works against Microsoft Windows systems using appropriate authentication credentials. However, one drawback to OpenDLP is that its policy-driven approach makes it arduous to scan disjointed systems that are not part of a Windows domain or do not share the same authentication credentials. To fix this, OpenDLP can now launch its agents over Meterpreter sessions using Metasploit RPC without requiring domain credentials.

Andrew Gavin, creator of OpenDLP, is an information security consultant at Verizon Business. He has more than 12 years of experience in security assessments of networks and applications. He has consulted for numerous customers in various industries around the world.
Twitter: @OpenDLP (project), @andrewgavin (personal)


Michael Baucom is the VP of Engineering at N2 Net Security. Michael has taught classes on exploit development and was the technical editor for Gray Hat Hacking: the Ethical Hacker's Handbook. He has worked in development for over 15 years in various industries. While at N2 Net Security he has worked on a wide variety of projects including software security assessments, tool development, and penetration tests.

Charles Smith is a graduate of North Carolina State University, and has been building credit card software and developer tools and modules for the last ten years. Recently he has joined N2 Net Security, and has put his skills to ferreting out security vulnerabilities and building new tools to help penetration testers do their jobs more efficiently. He specializes in C++, but is also well-versed in Java, .NET, VB, and Perl.

return to top

The Art of Cyberwar

The establishment of US Cyber Command in 2010 confirmed that cyberspace is a new domain of warfare. Computers are now both a weapon and a target. Future wars may even be fought over the ownership of IT infrastructure. Therefore, national security thinkers must find a way to incorporate cyber attack and defense into military doctrine as soon as possible. The world’s most influential military treatise is Sun Tzu’s Art of War. Its wisdom has survived myriad revolutions in technology and human conflict, and future cyber commanders will find Sun Tzu’s guidance beneficial. However, this presentation will also consider 10 revolutionary aspects of cyber war that will be difficult to fit into military doctrine.

Kenneth Geers (PhD, CISSP) is the U.S. Naval Criminal Investigative Service (NCIS) Cyber Subject Matter Expert. Mr. Geers has been a student in six countries, served as an intelligence analyst, a French and Russian linguist, and a computer programmer in support of arms control initiatives. He was the first U.S. Representative to the Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. Kenneth is widely published on the relationship between information technology and national security, and is the author of Strategic Cyber Security, now a free download: http://ccdcoe.org/278.html.
Twitter: @kennethgeers
http://www.chiefofstation.com

return to top

More Projects of Prototype This!

For 18 months, Joe Grand and Zoz Brooks were co-hosts of Discovery Channel's Prototype This, an engineering entertainment program that followed the real-life design process of a unique prototype every episode.

At DEF CON 17, Joe and Zoz talked about the show and a few of their favorite builds. The dynamic nerd duo returns to DEF CON 20 with design details and never-before-seen pictures and videos of even more ridiculous and crazy projects, including the Mind Controlled Car, Boxing Robots, Six-Legged All Terrain Vehicle, Get Up and Go, and Automated Pizza Delivery, each of which had to be designed and built in a matter of weeks.

Joe Grand is an electrical engineer a nd hardware hacker specializing in the design of consumer and hobbyist embedded systems. He created the electronic badges for DEF CON 14-18 and was a co-host of Discovery Channel's Prototype This. Back in the day, he was a member of the infamous hacker group L0pht Heavy Industries.
Twitter: @joegrand
http://www.grandideastudio.com/


Zoz is a robotics engineer, pyrochemist, and inveterate tinkerer. He got his PhD from the Robotic Life group at the MIT Media Lab primarily so he could say "Trust me, I'm a doctor" to other robots. One of his biggest goals is to restore science and engineering education to pride of place as a top global priority, so when he discovered that this aim could be combined with his love of media whoring he co-hosted Prototype This! for the Discovery Channel.

return to top

Hacking Measured Boot and UEFI

There's been a lot buzz about UEFI Secure Booting, and the ability of hardware and software manufacturers to lock out third-party loaders (and rootkits). Even the NSA has been advocating the adoption of measured boot and hardware-based integrity checks. But what does this trend mean to the open source and hacker communities? In this talk I'll demonstrate measured boot in action. I'll also be releasing my new Measured Boot Tool which allows you to view Trusted Platform Module (TPM) boot data and identify risks such as unsigned early-boot drivers. And, I'll demonstrate how measured boot is used for remote device authentication.

Finally, I'll discuss weaknesses in the system (hint: bootstrapping trust is still hard), what this technology means to the consumerization trend in IT, and what software and services gaps exist in this space for aspiring entrepreneurs.

Dan Griffin is the founder of JW Secure, a Seattle-based security software company. He has published several articles on security software development, as well as on IT security, and is a frequent conference speaker. Dan holds a Masters degree in Computer Science from the University of Washington and a Bachelors degree in Computer Science from Indiana University. Dan previously gained notoriety for demonstrating how to use a hacked smart card to compromise Windows Vista.
Twitter: @jwsdan

return to top

Exchanging Demands

Smart phones and other portable devices are increasingly used with Microsoft Exchange to allow people to check their corporate emails or sync their calendars remotely. Exchange has an interesting relationship with its mobile clients. It demands a certain level of control over the devices, enforcing policy such as password complexity, screen timeouts, remote lock out and remote wipe functionality. This behavior is usually accepted by the user via a prompt when they first connect to Exchange. However, the protocol for updating these policies provides very little in the way of security and is quickly accepted by the device, often with no user interaction required.

In this talk we will focus on the remote wipe functionality and how a potential attacker could abuse this functionality to remotely wipe devices that are connected to Exchange. By impersonating an Exchange server and sending appropriate policy updates through a simple script we are able to erase all data on devices remotely without any need for authentication. The presentation will explain how this can be accomplished and show proof of concept code for Android & iOS devices.

Peter Hannay is a PhD student, researcher and lecturer based at Edith Cowan University in Perth Western Australia. His PhD research is focused on the acquisition and analysis of data from small and embedded devices. In addition to this he is involved in smart grid & network security research and other projects under the banner of the SECAU research organisation.

Peter is an accomplished academic, with more than 20 publications in peer reviewed conferences and journals, in addition he is a regular speaker at the Ruxcon and Kiwicon hacker conferences taking place in Australia and New Zealand respectively.
Twitter:@kronicd
http://openduck.com

return to top

Changing the Security Paradigm: Taking Back Your Network and Bringing Pain to the Adversary

The threat to our networks is increasing at an unprecedented rate. The hostile environment we operate in has rendered traditional security strategies obsolete. Adversary advances require changes in the way we operate, and "offense" changes the game.

Shawn Henry Prior to joining CrowdStrike, Henry was with the FBI for 24 years, most recently as Executive Assistant Director, where he was responsible for all FBI criminal investigations, cyber investigations, and international operations worldwide.

return to top

Busting the BARR: Tracking “Untrackable” Private Aircraft for Fun & Profit

Private aircraft provide transportation to interesting people: corporate officers, business owners, celebrities, high net-worth individuals, etc.

In recent years, sites like FlightAware have made it trivial to access all public flight plans. However, aircraft owners can opt into a block list (the BARR) that prevents their flight information from being made public. All the interesting people are on the BARR.

We’ll explain the basics of how the the ATC system and sites like FlightAware work, demonstrate a serious, unpatchable method for tracking otherwise “untrackable”, BARRed aircraft, and demo our site that lets you do the same.

Dustin Hoffman is the president and senior engineer of Exigent Systems Inc., an IT services firm based in Southern California. He’s interested in how all kinds of complex systems work and interact, whether technical, organizational, legal, or economic. He’s held a Private Pilot’s certificate (PPSEL) since 2008.

Semon Rezchikov is an independent security researcher and synthetic biologist. He masterminded last year’s presentation on the FAST Airport Security System and is a 20 Under 20 Fellow. Over the summer, he’s building flexible bioautomation robots and simulating synthetic morphogenetic multicellular patterning for MIT’s Weiss Lab for Synthetic Biology. In his free time, he can be found playing around with mathematics, reading too many papers, and thinking of ways to mess with the systems around him.

return to top

Crypto and the Cops: the Law of Key Disclosure and Forced Decryption

Can the government force you to turn over your encryption passphrase or decrypt your data? The law surrounding police attempts to force decryption is developing at breakneck speed, with two major court decisions this year alone. This talk will start off with an in-depth explanation of the Fifth Amendment privilege against self-incrimination, its origins, and how it applies to government attempts to force disclosure of keys or decrypted versions of data in the United States. We'll also discuss law enforcement authority to demand passphrases and decryption of data stored with third parties, and survey key disclosure laws in other countries.

Marcia Hofmann is a senior staff attorney at the Electronic Frontier Foundation, where she works on a broad range of digital civil liberties issues including computer security, electronic privacy, and free expression. She currently focuses on computer crime and EFF's Coders' Rights Project, which promotes innovation and protects the rights of curious tinkerers and researchers in their cutting-edge exploration of technology. Prior to joining EFF, Marcia was staff counsel and director of the Open Government Project at the Electronic Privacy Information Center (EPIC).

return to top

Passive Bluetooth Monitoring in Scapy

Recognizing a need to support passive bluetooth monitoring in Scapy, Python's interactive monitoring framework, a project was launched to produce this functionality. Through this functionality, a new means for interactively observing bluetooth was created along with Python APIs to assist in the development of bluetooth auditing, pentesting and exploitation tools.

The project supplements the work of Michael Ossman et al by providing Python extensions and Scapy modules which interact with an Ubertooth dongle. The project also provides support for other passive bluetooth techniques not present in the current Ubertooth core software such as NAP identification, vendor lookup, extended logging and more.

In conjunction with this presentation, the source for this project will be released along with distribution packages for easy installation.


Ryan Holeman resides in Austin Texas where he works as a software developer specializing in backend services. He has a Masters of Science in Software Engineering and has published papers though ICSM and ICPC. His spare time is mostly spent digging into various network protocols and shredding local skateparks.

return to top

How to Hack All the Transport Networks of a Country

The presentation is about a real black hacking act against the transport network of a country. It can be extrapolated to any other country. We will show how to get full access to the entire transport network. Manipulating parameters to get free tickets, getting control of the ticket machines, getting clients CC dumps, hooking internal processes to get the client info, pivoting between machines, encapsulating all the traffic to bypass the firewalls, etcetera.

We will show a lot of photos, videos, source code and presentations of the real environment and the skills used to obtain all the information. We will show how combining social engineering and technical skills can be used as a deadly weapon.

Alberto García Illera is a 24 year old passionate about hacking and especially for social engineering. He studied mathematics and computer systems in Spain. He has worked several years as a professional pentester. He has spoken in several seminars teaching hacking techniques to help big companies like Microsoft, the Spanish government or the Spanish Police's Cyberterrorism department. He is currently making a study about cryptographic hash functions applied to IT security.

return to top

Bigger Monster, Weaker Chains: The National Security Agency and the Constitution

The National Security Agency, the largest, most powerful spy agency in the world, has taken in an estimated 15 to 20 trillion communications since 9/11, often in defiance of the Constitution and Congressional statutes. The NSA’s goal, some say, is to collect virtually all of our electronic communications to allow mass data mining reminiscent of the notorious and now reportedly-defunct program, Total Information Awareness. The limits on the agency’s authority to sweep up and analyze this information are critical to our safety and our privacy. The NSA is investing vast amounts in increasing its data storage, code-breaking and analysis capabilities, frequently claiming the investments are for foreign intelligence or “cybersecurity” purposes. However, instead of keeping its equipment trained on terrorism suspects or foreign governments, the NSA is increasingly monitoring the communications of innocent people. Longtime NSA official and whistleblower Bill Binney will join investigative journalist and NSA expert James Bamford and ACLU lawyer Alex Abdo to explore the NSA’s goals, reach, and capabilities, and the legality (or illegality) of its actions.

The panel will be moderated by the Deputy Director of the ACLU, Jameel Jaffer.

Jameel Jaffer is Deputy Legal Director at the ACLU and Director of the ACLU’s Center for Democracy, which houses the ACLU’s work on national security; human rights; and speech, privacy, and technology. He has litigated many cases involving government surveillance, including Doe v. Ashcroft, the case that resulted in the invalidation of the Patriot Act’s “national security letter” provisions. Among the cases he is currently litigating are Clapper v. Amnesty, a challenge to warrantless wiretapping under the FISA Amendments Act, a case that the U.S. Supreme Court will hear this fall; ACLU v. CIA, a suit under the Freedom of Information Act for records about the “targeted killing” program; and ACLU v. Department of Defense, a FOIA lawsuit seeking records relating to the Bush administration’s torture program. The last of these cases has resulted in the disclosure of thousands of government records, including the “torture memos” written by lawyers in the Bush administration’s Office of Legal Counsel.
Twitter: @JameelJaffer
Facebook: jameel.jaffer


William Binney served in the National Security Agency for almost four decades, most recently as Technical Director of the World Geopolitical and Military Analysis Reporting Group and of the Analytic Services Office. Mr. Binney previously worked as the NSA’s Technical Director and leading analyst for warning for Russia. Before that, he served for four years in the Army Security Agency. Mr. Binney resigned from the NSA in 2001 to protest illegal monitoring of Americans’ communications. Since then, he has worked for various government agencies on data management and advanced predictive analysis.

James Bamford is a bestselling author and one of the country’s leading writers on intelligence and national security issues. His books include “The Puzzle Palace,” “Body of Secrets,” “A Pretext for War: 9/11, Iraq and the Abuse of America’s Intelligence Agencies,” and most recently “The Shadow Factory”. Mr. Bamford has also written extensively for magazines, including the New York Times Magazine, the Atlantic, Harpers, and many other publications. In 2006, he won the National Magazine Award for Reporting for his piece "The Man Who Sold The War," published in Rolling Stone. In addition, he writes and produces documentaries for PBS and spent a decade as the Washington investigative producer for the ABC News program, World News Tonight with Peter Jennings. He also taught at the University of California, Berkeley, as a distinguished visiting professor.
Twitter: @WashAuthor


Alex Abdo is a Staff Attorney in the ACLU's National Security Project. He has been involved in the litigation of cases concerning the FISA Amendments Act, the Patriot Act, the International Emergency Economic Powers Act, and the treatment of detainees in Guantánamo Bay, Afghanistan, Iraq, and the Navy brig in South Carolina. Among the cases he is currently litigating are: a challenge to warrantless wiretapping under the FISA Amendments Act, and Freedom of Information Act suits for records relating to the use of Section 215 of the Patriot Act, the use of “national security letters,” and the Bush administration’s warrantless-wiretapping program.
Twitter: @AlexanderAbdo

return to top

Black Ops

If there's one thing we know, it's that we're doing it wrong. Sacred cows make the best hamburgers, so in this year's talk I'm going to play with some techniques that are obviously wrong and evil and naive. There will also be a lot of very interesting code, spanning the range from high speed network stacks to random number engines to a much deeper analysis of non-neutral networks. Finally, we will revisit DNSSEC, both in code, and in what it can mean to change the battleground in your favor.

Dan Kaminsky: I play with toys
http://dankaminsky.com
Twitter: @dakami

return to top

Owning One to Rule Them All

As penetration testers, we often try to impact an organization as efficient and effective as we can to simulate an attack on an organization. What if you could own one system to own them all? That's it, one system. It's all you need, it's in every company, and as soon as you compromise it, the rest fall (no not a domain controller). This presentation will cover a recent penetration test where I came up with a unique avenue to getting over 13,000 shells in just a few minutes by popping one server. I'll be releasing some custom tools to make this simplistic and automate the majority of what was used on this attack. Let's pop a box.

Dave Kennedy will be signing copies of his book, Metasploit: The Penetration Tester's Guide, at 14:00 on Friday at the No Starch Press table in the Vendor area.

Dave Kennedy is the Chief Security Officer (CSO) for a Fortune 1000 company. Kennedy is the author of the book Metasploit: The Penetration Testers Guide, the creator of the Social-Engineer Toolkit (SET), and the creator of Fast-Track. Kennedy has presented on a number of occasions at Black Hat, DEF CON, ShmooCon, BSIDES, Infosec World, Notacon, AIDE, Hashdays, Infosec Summit, and a number of other conferences. Kennedy is on the Back|Track and Exploit-DB development team and co-host of the Social-Engineer.org and ISDPodcast podcast. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is a co-founder of DerbyCon, a large-scale security conference in Louisville Kentucky. Kennedy <3's Python.
Twitter: @dave_rel1k
http://www.secmaniac.com/


Dave DeSimone is the Manager of Information Security for a Fortune 1000 company. DeSimone has developed, implemented, and operationalized the global vulnerability management program for multiple distinct international organizations. DeSimone's expertise is in penetration testing, security event response, network security, vulnerability/malware analysis and security architecture. DeSimone has also developed major programs including risk management, penetration testing, and application security.
Twitter: @d2theave

return to top

Detecting Reflective Injection

This talk will focus on detecting reflective injection with some mildly humorous notes and bypassing said protections until vendors start actually working on this problem. It seems amazing that reflective injection still works. Why is that? Because programmers are lazy. They don't want to write new engines, they want to write definitions for an engine that already exists. So what do we do about it? Release a $5 tool that does what $50 AV has failed epically at for several years now...oh and it took me a week or so...Alternately, you could license it to vendors since their programmers are lazy.

Andrew King is a recent graduate. He has been a hobbyist for many years, but has only recently tried to transition into information security as a job field. A previous talk was given at ToorCon on polymorphism as it relates to definitions. He wrote a set of articles demonstrating implementation of simple internal to function encoding and decoding. Additional code will be released to demonstrate automation of binary patching to use this method without using a debugger. It is not a fully functional evasion tool, but it does demonstrate pushing this level of obfuscation into a more automated arena. Adding a couple of small code sections could turn this in to a usable evasion tool.
Twitter: @aking1012

return to top

An Inside Look Into Defense Industrial Base (DIB) Technical Security Controls: How Private Industry Protects Our Country's Secrets

With an ever changing threat of nation states targeting the United States and its infrastructure and insiders stealing information for public release, we must continuously evaluate the procedural and technical controls we place on our national assets. This presentation goes into brief detail on how security controls are developed, reviewed, and enforced at a national level for protection of data classified up to Top Secret and some of the major flaws in the security approach to data privacy.

The purpose of this presentation is to raise awareness of substandard security practices within sensitive areas of the Federal Government and to influence change in how controls and practices are developed and maintained.

James Kirk is a Senior Security Consultant for Rapid7, Inc. who has over 11 years of experience in various information security disciplines. James, in his previous role, has served as a Special Agent for the Department of Defense (Defense Security Service) where he conducted numerous security audits of defense contractor facilities across the United States.
http://kirkjamesm.wordpress dot com

return to top

No More Hooks: Detection of Code Integrity Attacks

Hooking is the act of redirecting program control flow somewhere other than it would go by default. For instance code can be "inlined hooked" by rewriting instructions to unconditionally transfer to other code. Or code can be hooked by manipulating control flow data like function pointers (IAT, IDT, SSDT, return addresses on the stack, callback addresses in dynamically allocated objects, etc). Hooking as a technique is neutral, but it is often used by malicious software to monitor or hide information on a system.

Memory integrity verification requires the ability to detect unexpected hooks which could be causing software to lie or be blinded to the true state of the system. But we don't want to make the same mistake that most security software makes, assuming that they can rely on some built in access control to keep malice at arms length. The history of exploits is the history of bypassing access control. We want to have a technique which can detect if we ourselves are being manipulated to lie even when the attacker is assumed to be at the same high privilege level as our software.

We believe that such a goal can be achieved with the help of an academic technique known as software-based, or timing-based, remote attestation. This is a technique which does not require a hardware root of trust like a TPM in order to bootstrap an ephemeral dynamic root of trust for measurement. It does this by computing a randomized checksum over its own memory and other system state, to detect code or control flow integrity attacks. The self-checking software can still be forced to lie and report an unmodified system, but thanks to a special looping construction, code which causes it to lie will require extra instructions per loop. The extra instructions will be multiplied by the number of loops, causing a macroscopic, remotely-detectable, increase in the runtime vs. what's expected. So basically, an attacker can force our software to lie, but because there's a timing side-channel built into the computation, he can still be caught by taking too long to generate a convincing lie. We have independently implemented and confirmed the claims of past work, and furthermore showed that the timing discrepancy in the presence of a checksum-forging attacker is detectable not just for machines on the same ethernet segment, but over 10 links of our production LAN. Because of the results of other work in timing side-channel detection over internet-scale distances, we think this technique can be extended even further. But for now for longer distances, we use this same timing-based technique in concert with TPM as a trustworthy timer, so that network jitter is not an issue.

Xeno Kovah has over 379 years of security experience. Xeno Kovah started programming when he was -6. Xeno Kovah has been the CSO for all of the Fortune Top 33.3 companies. Xeno Kovah has written 17 of the top 10 best selling security books. Xeno Kovah wrote all of 29A, Phrack, and Uninformed under various aliases. In Xanadu did Xeno Kovah a stately pleasure dome decree. Look on his works, ye mighty, and despair.
Twitter: @OpenSecTraining


Corey Kallenberg Corey is a rootkit and trusted computing researcher currently employed by the MITRE Corporation. In his spare time, Corey summons the dark powers of Papa Legba to exploit memory corruption vulnerabilities and bypass exploit mitigation schemes.

return to top

DDoS Black and White "Kungfu" Revealed

Enterprises currently dump millions of bucks to defense against DDoS, some trading firms here are paying for fear to the DDoS attack from China about 5K to 100K USD per day and InfoSec teams believe their solutions are perfect already.

Are those controls effective and unbreakable? In the first part of the presentation, we would like to show our studies and carry out over 10 types of DDoS test against various big firms and organizations to see whether their defense is effective, showing how stupid and smart they are. Various interesting case studies will be briefed :)

In the second part of the presentation, we will detail our proposed defense model to against Application-Level attacks. We have already checked with other vendors and researchers about our model, it is still not yet deployed and hopefully we could put this as an open source project in the future.

Hopefully, you will enjoy this fun session with us and learn whether your organization could survive even under DDoS attack.

Anthony "Darkfloyd" Lai focuses on reverse engineering and malware analysis as well as penetration testing. His interest is always falling on CTF and analyzing targeted attacks. He has spoken in Black Hat USA 2010, DEF CON 18 and 19, AVTokyo 2011, Hack In Taiwan 2010 and 2011 and Codegate 2012. His most recent presentation at DEF CON was about APT Secrets in Asia.

Recently, he has worked with MT, Captain and Avenir on DDoS research projects. Meanwhile, he is always studying targeted attacks from mainland China and it would be fun for him to get another attack perspective from these studies.
Twitter: @anthonation


Tony "MT" Miu has worked in an anti-DDoS company for over a few years. He has expertise in network security and always needs to tackle new DDoS attacks against his company's clients. The task is clearly critical. He knows lots of dark side of attacks and MT is the major leader of both DDoS Kungfu and defense model projects.


Kevin "Captain" Wong works in law enforcement and deals with various reported criminal cases about DDoS and network intrusion as well as computer forensics, he is the real frontline investigator fighting with the criminals and suspects.


Alan "Avenir" Chung has more than 8 years working experience on Network Security. He currently is working as a Security Consultant for a Professional Service provider. Alan specializes in Firewall, IDS/IPS, network analysis, pen-test, etc. Alan’s research interests are Honeypots, Computer Forensics, Telecommunication etc.

return to top

NFC Hacking: The Easy Way

Until now, getting into NFC/RFID hacking required enthusiasts to buy special hardware and learn about the underlying transfer protocols. No longer! NFCProxy is a new tool (being released at DEF CON 20) that allows you to proxy RFID transactions using Android phones. NFCProxy can record and replay RFID transactions from the perspective of the tag or the PCD (proximity coupling device). NFCProxy is an open source tool/framework that can be used to analyze 13.56?MHz RFID protocols and launch replay (and potentially man in the middle) attacks. You can even use NFCProxy as a virtual wallet by storing previously scanned RFID enabled credit cards and replaying them later at a POS (point of sale) terminal. No fancy equipment needed…just two NFC capable Android phones running ICS (one with a custom rom). Owning RFID enabled credit cards just got easier!

Eddie Lee is a security researcher at Blackwing Intelligence. He specializes in application security, but is an enthusiast of all things related to security. From exploiting buffer overflows to building robots to messing with RFID, he just likes to figure out how things work (and how they break). Before Blackwing, Eddie was a member of the Security Research Group at Fortify software where he helped develop methods to detect vulnerabilities and attacks through static analysis and runtime analysis.

Eddie has previously spoken at DEF CON and is a core member of Digital Revelation -- a two-time DEF CON CTF 1st place team

return to top

Robots: You're Doing It Wrong 2

By popular demand, Defcon's angry little roboticist is back with more stories of robot designs gone awry that make practical lessons on making better robots. Drinking will happen: vodka-absconding scoundrels are not invited.

This talk will cover material assuming the average audience member is a relatively intelligent coder with a high-school physics/math background and has seen linear algebra/calculus before. The intent is to navigate people new to robotics around many lessons my teams and I learned the "hard way," and to introduce enough vocabulary for a self-teaching student to bridge the gap between amateur and novice professional robotics. It will not cover why your Arduino doesn't work when you plugged your USB tx into your RS232 tx.

Katy Levinson is a jack-of-all-trades currently employed by Hacker Dojo, a hackerspace in Mountain View California, where she herds cats and wrings them out for money. She was previously a roboticist and the Software Team Lead at NASA Ames on the Lunar Micro Rover Project, and has also been an infrastructure software engineer at Google. She briefly worked as a mercenary for a small VC firm and in Hong Kong where she refereed political pissing matches. She survived 4 seasons of FIRST Robotics as a team member, mentored an additional team, helped found five more and mentored them each through a full competitive season. She has won many prestigious awards which you have neither heard of nor care about and is a proud graduate of Worcester Polytechnic Institute.
Twitter: @katylevinson

return to top

Anonymous and the Online Fight for Justice

How the media mischaracterizes, & portrays hackers. IRL protest VS. online protest. Politically motivated prosecution. COINTELPRO. The future of hacking and what law enforcement agencies plan to do about it

Amber Lyon is a three-time Emmy Award- winning investigative journalist, photographer, and documentary filmmaker. Formerly of CNN, Amber now works Independently to cover corporate corruption, human and environmental abuses, revolutions, and hacktivists. While working for CNN, Amber worked to get more in-depth coverage of Anonymous into the main stream media and was the lead reporter on CNN's inside Anonymous special.
(https://www.youtube.com/watch?feature=player_embedded&v=pOmk-A4Av8Y)
Twitter: @amberlyon
http://www.amberlyonlive.com


Gabriella Coleman researches and teaches on the politics of free software, hackers, the law, and digital activism. Her first book, “Coding Freedom: The Aesthetics and the Ethics of Hacking” is forthcoming in November 2012 with Princeton University Press and she is currently working on a new book on Anonymous and digital activism.
Twitter: @BiellaColeman
http://gabriellacoleman.org


Marcia Hoffman is a senior staff attorney at the Electronic Frontier Foundation, where she works on a broad range of digital civil liberties issues including computer security, electronic privacy, and free expression. She currently focuses on computer crime and EFF's Coders' Rights Project, which promotes innovation and protects the rights of curious tinkerers and researchers in their cutting-edge exploration of technology. Prior to joining EFF, Marcia was staff counsel and director of the Open Government Project at the Electronic Privacy Information Center (EPIC).
Twitter: @marciahoffman
https://www.eff.org/about/staff/marcia-hofmann


Mercedes Haefer In July 2011, Mercedes was indicted along with 13 others (dubbed the Anonymous 14) for allegedly conspiring to commit distributed denial of service (DDoS) attacks against PayPal’s website as part of an alleged Anonymous Operation Payback. (allegedly)
Mercedes is enrolled as a sociology undergraduate at the University of Nevada and Las Vegas.
Twitter: @usagi_the_bunny


Jay Leiderman is a criminal defense lawyer at Leiderman Devine LLP in Ventura, California. Among other cases involving hacktivism, Leiderman is representing Christopher Doyon, alleged member of Anonymous known as Commander X. (Doyon has fled to Canada using what he referred to as "an underground railroad and network of safe houses"). Leiderman has said he knew Doyon was frustrated by the condition of his release, which included being banned from accessing Twitter or IRC chats. (currently the "Anon 14" have been granted their Twitter rights). As a veteran trial attorney who spends most of his time in court defending the accused, and as one of the few attorneys that has actually represented an alleged member of Anonymous accused of a federal hacking crime, Leiderman brings a unique perspective to the defense of purported members of Anonymous.
Twitter: @leidermandevine
http://www.leidermandevine.com/

Gráinne O’Neill is a the Director of the MyGideon project at the Charles Hamilton Houston Institute for Race and Justice at Harvard Law School. She is also a board member of the National Lawyers Guild and in that role Coordinates the Anonlg Project. Anonlg is a national network of NLG attorneys who provide defense to targeted hacktivists. She received her JD from Columbia Law School where she was the Managing Editor of the Jailhouse Lawyers Manual, and has a degree in computer science from Cornell University. (http://anonlg.com)
Twitter: @grainne
http://www.nlg.org/leadership/grainne-oneill/

return to top

OPFOR 4Ever

Training utilizing Opposing Forces, or OPFOR, is an exercise focused on improving detection and response through the principle of "train as you fight." We will demonstrate how we have applied OPFOR to build a continuous feedback loop between penetration testing and incident response. In OPFOR 4Ever, the defense trains the offense just as much as the offense trains the defense, and the exercise has no end date. Come see us demonstrate some attacks as seen from the point of view of the defender as well as the attacker. You can then watch the replay as we use OPFOR principles to evolve these attacks to a form more suitable for real-world penetration testing, pentesting that strives to better simulate what blackhats actually do. This of course raises the bar for incident responders. Evolve or die.

Tim Maletic is a Senior Security Consultant within the Penetration Testing team at Trustwave's SpiderLabs. Tim has been working in IT since the birth of the web, and has been focused full-time on information security since 2001. Prior to joining Trustwave, Tim held positions as Senior UNIX Engineer, Senior Security Engineer, and Information Security Officer.

Christopher Pogue is the Managing Consultant of the SpiderLabs Incident Response and Digital Forensics team. Having served as a US Army Signal Corps Warrant Officer, he worked on digital forensic investigations and as Cyber Security Instructor. Pogue joined the IBM Internet Security Systems (ISS) X-Force after leaving the military. As a Penetration Tester and Forensic Investigator with IBM, he performed over 300 penetration tests and 50 investigations. In his role with SpiderLabs, Pogue leads the team that performs investigations all over the United States, Central and South America, and the Caribbean Islands. He also assists local, state, and federal law enforcement agencies with cases involving digital media.

return to top

Weaponizing the Windows API with Metasploit’s Railgun

No part of the Metasploit Framework has been shrouded in more mystery and confusion than the Railgun extension. Railgun is one of the most powerful tools in the Metasploit arsenal when it comes to Post Exploitation. In this talk we will examine what Railgun is, and how we can use it to turn Windows completely against itself by weaponizing the Windows API libraries. We will demystify Railgun by explaining exactly how it works under the covers and how you can use it to create powerful post modules.

David “thelightcosine” Maloney is a Software Engineer on the Metasploit Team at Rapid7. Before joining the team, he was a frequent contributor to the open source side of the project. As a contributor he specialized in Post Exploitation. Before Rapid7 he was a Penetration Tester, most recently for Time Warner Cable. David is also one of the founders of Hackerspace Charlotte in Charlotte, North Carolina.
Twitter: @thelightcosine

return to top

Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2

MS-CHAPv2 is an authentication and key negotiation protocol that, while old and battered, is still unfortunately deployed quite widely. It underpins almost all PPTP VPN services, and is relied upon by many WPA2 Enterprise wireless deployments. We will release tools that definitively break the protocol, allowing anyone to affordably decrypt any PPTP VPN traffic or CHAPv2-based WPA2 handshake with a 100% success rate.

Moxie Marlinspike was the CTO and co-founder of Whisper Systems, is a member of the Institute For Disruptive Studies, runs a cloud-based password cracking service, is the original developer of sslstrip and sslsniff, manages the GoogleSharing targeted anonymity service, is the creator of the Convergence SSL authenticity system, and is the co-creator of the TACK certificate pinning protocol. His tools have been featured in many publications, including CNN, Forbes, The Wall Street Journal, and The New York Times. He is also the author of the sailing film "Hold Fast."

return to top

SCADA HMI and Microsoft Bob: Modern Authentication Flaws With a 90's Flavor

SCADA HMI software provides a "control panel" interface to SCADA/ICS systems, allowing system operators and engineers the capability to visually monitor and make changes to parameters in the system. Many HMI packages provide the ability to authenticate users, to allow access to dangerous or sensitive controls and data to specific users, while restricting other users to observation or less sensitive areas of the system.

Microsoft Bob was a failed Microsoft project from 1995: an attempt to make computers easy for end-users by providing a non-technical captive interface of "rooms" that users could move around, use the launch programs, and store files. Cartoon guides helped users with every step of the way. Thanks to an overly-helpful cartoon dog that would offer to change your password for you if you forgot it, it's frequently used as an example of bad security design choices.

In this presentation, Wesley will point out the similarities and differences between Microsoft Bob and SCADA HMI software, and demonstrate previously unpublished vulnerabilities in the HMI systems that are very reminiscent of the problems with Microsoft Bob (which will also be demonstrated!). For penetration testers, the techniques used to quickly identify these vulnerabilities will be discussed, as well as mitigations for those who have to defend such systems.

Robert McGrew is currently a lecturer and researcher at Mississippi State University's National Forensics Training Center, which provides free digital forensics training to law enforcement and wounded veterans. He has interests in both penetration testing and digital forensics, resulting in some interesting combinations of the two. He has written tools useful to both fields (NBNSpoof, msramdmp, GooSweep), and tries to stay involved and interactive with the online infosec community. He is currently expanding and exposing the rest of the security community to the SCADA HMI research he began with the release of user authentication vulnerabilities in the iFIX HMI product.
Twitter: @McGrewSecurity
http://mcgrewsecurity.com

return to top

Don't Stand So Close To Me: An Analysis of the NFC Attack Surface

Near Field Communication (NFC) has been used in mobile devices in some countries for a while and is now emerging on devices in use in the United States. This technology allows NFC enabled devices to communicate with each other within close range, typically a few centimeters. It is being rolled out as a way to make payments, by using the mobile device to communicate credit card information to an NFC enabled terminal. It is a new, cool, technology. But as with the introduction of any new technology, the question must be asked what kind of impact the inclusion of this new functionality has on the attack surface of mobile devices. In this paper, we explore this question by introducing NFC and its associated protocols. Next we describe how to fuzz the NFC protocol stack for two devices as well as our results. Then we see for these devices what software is built on top of the NFC stack. It turns out that through NFC, using technologies like Android Beam or NDEF content sharing, one can make some phones parse images, videos, contacts, office documents, even open up web pages in the browser, all without user interaction. In some cases, it is even possible to completely take over control of the phone via NFC, including stealing photos, contacts, even sending text messages and making phone calls. So next time you present your phone to pay for your cab, be aware you might have just gotten owned.

Charlie Miller is Principal Research Consultant at Accuvant Labs. He was the first with a public remote exploit for both the iPhone and the G1 Android phone. He is a four time winner of the CanSecWest Pwn2Own competition. He has authored three information security books and holds a PhD from the University of Notre Dame. He is currently being held in a maximum security prison in Cupertino, but hopes to be released soon for good behavior.
Twitter: @0xcharlie

return to top

How to Hack VMware vCenter Server in 60 Seconds

This talk will discuss some ways to gain control over the virtual infrastructure through vCenter's services. I will describe a few non-dangerous bugs (they were 0-days when we found them), but if we can use all of them together, we will get administrative access to vCenter which means to the whole virtual network.

Alexander Minozhenko works in the leading IT security company ERPScan as penetration tester. Alexander graduated in 2012 from St. Petersburg National Research University ITMO, faculty of computer science. Also he likes to participate in CTF competition.
Twitter: @al3xmin

return to top

DEF CON Comedy Jam V, V for Vendetta

You know you can't stay away! The most talked about panel at DEF CON! Nearly two hours of non-stop FAIL. Come hear some of the loudest mouths in the industry talk about the epic security failures of the last year. So much fail, you'll need the food cooked on stage to survive. Nothing is sacred not even each other. This years fail includes cloud, mobile and apt to name just a few topics. If that's not enough, we'll also be making crepes on stage. Over the last two years, we've raised over $1,500 for the EFF, let's see how much we can do this year....

David Mortman is the Chief Security Architect at enStratus and is a Contributing Analyst at Securosis. Before enStratus, he ran operations and security for C3. Formerly the Chief Information Security Officer for Siebel Systems, Inc., Previously, Mr. Mortman was Manager of IT Security at Network Associates. Mr. Mortman has also been a regular panelist and speaker at RSA, Black Hat, DEF CON and Source Boston as well. Mr. Mortman sits on a variety of advisory boards including Qualys. He holds a BS in Chemistry from the University of Chicago. David writes for Securosis, Emergent Chaos and the New School blogs. David was an editor for the 2nd Ed of the Cloud Security Alliance Guidance.

Rich Mogull is a recovering industry analyst and the C-something-or-other of Securosis. Deep in his past he worked as a systems and network administrator, before moving on to a web developer and then focusing on security. Previous Fail panel exploits include impersonating an aspiring money mule, running a robot off the stage, some cool wireless stuff that surprisingly worked, and mucking with cloud APIs.

He promises to keep his pants on this year. He dislikes hippies and hipsters.
Twitter: @rmogull


Chris Hoff is a senior director at Juniper Networks where he serves as chief security architect. He was previously director of cloud & virtualization solutions at Cisco Systems where he focused on virtualization and cloud computing security, spending most of his time interacting with global enterprises and service providers, governments, and the defense and intelligence communities. Prior to Cisco, he was Unisys Corporation’s chief security architect, served as Crossbeam Systems' chief security strategist, was the CISO and director of enterprise security at a $25 billion financial services company and was founder/CTO of a national security consultancy amongst other startup endeavors.

Hoff is interviewed regularly by the media and press, is a featured guest on numerous podcasts and has keynoted and presented at numerous high-profile security conferences including Black Hat, DEF CON, Microsoft's Bluehat, RSA, Source, SecTor, FIRST, SANS and Troopers.

Hoff is a founding member and technical advisor to the Cloud Security Alliance, founder of the CloudAudit project and the HacKid conference and blogs at http://www.rationalsurvivability.com/blog. He serves on numerous advisory boards.

Hoff was a CISSP, CISA, CISM and NSA IAM but he spends the AMF's on coffee now, instead. He was twice nominated as the Information Security Executive of the Year and won the Security 7 award in Financial Services in 2005. Hoff is a 2010, 2011 Microsoft MVP (Security) and a 2010 VMware vExpert.


Dave Maynor is a founder of Errata Security and serves as the Chief Technical Officer. Mr. Maynor is responsible for day-to-day technical decisions of Errata Security and also employs a strong background in reverse engineering and exploit development to produce Hacker Eye View reports. Mr. Maynor has previously been the Senior Researcher for Secureworks and a research engineer with the ISS Xforce R&D team where his primary responsibilities included reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread. Before ISS Maynor spent the 3 years at Georgia Institute of Technology (GaTech), with the last two years as a part of the information security group as an application developer to help make the sheer size and magnitude of security incidents on campus manageable. Before that Maynor contracted with a variety of different companies in a widespread of industries ranging from digital TV development to protection of top 25 websites to security consulting and penetration testing to online banking and ISPs.

Larry Pesce is a penetration tester with NWN Corporation's NProtect team. He spends his days hacking in his underwear, playing with various radios and often burning his fingertips with a soldering iron, while not hanging out with the pauldotcom.com crew.

James Arlen sometimes known as Myrcurial, is a security consultant usually found in tall buildings wearing a suit, founder of the Think|Haus hackerspace, contributing analyst for Securosis, columnist at Liquidmatrix Security Digest, Infosec geek, hacker, social activist, author, speaker, and parent. He’s been at this security game for more than 15 years and loves blinky lights and shiny things.

Robert David Graham created BlackICE Defender (one of the first personal firewalls) and BlackICE Guard (first IPS). Developed various attack tools and methods, like "sidejacking", a component of most attack toolkits. Expert in SCADA hacking.

return to top

Cortana: Rise of the Automated Red Team

Do you ever wish that you could clone yourself during a penetration test?

Meet Cortana, a new scripting language to automate Metasploit and extend Armitage. Cortana is a penetration tester's scripting language inspired by scriptable IRC clients and bots. Its purpose is two-fold. You may create long running bots that simulate virtual red team members, hacking side-by-side with you. You may also use it to extend the Armitage GUI for Metasploit. To prevent self-aware bots from taking over the world, Cortana has blanket safety features to provide positive control when enabled. This talk will introduce Cortana, the automation gap it fills, and its capabilities to you. You will see several demonstrations of Cortana in action and get a flavor of what's now possible. Cortana was developed through DARPA's Cyber Fast Track program.

Raphael Mudge is the founder of Strategic Cyber LLC, a Washington, DC based company that creates software for red teams. He created Armitage for Metasploit, the Sleep programming language, and the IRC client jIRCii. Previously, Raphael worked as a security researcher for the US Air Force, a penetration tester, and he even invented a grammar checker that was sold to Automattic. His work has appeared in Hakin9, USENIX ;login:, Dr. Dobb's Journal, on the cover of the Linux Journal, and the Fox sitcom Breaking In. Raphael regularly speaks on security topics and provides red team support to many cyber defense competitions.
Twitter: @armitagehacker
http://www.fastandeasyhacking.com/

return to top

Making Sense of Static - New Tools for Hacking GPS

GPS receivers are a part of everyday life, you probably own several already and use them everyday, in your phone or in your car. Its really pretty amazing that you can find your position anywhere on Earth with just a small device you can fit in your pocket, but how does it actually work? In this talk we would like to guide you through the amazing technical journey that makes this possible and to open it up to the hacker community to explore.

Current GPS receivers found in mobile phones etc. are capable of about 5m accuracy but high-end receivers costing thousands can get this down to centimeters just using some more sophisticated algorithms and processing. This really opens up a lot of opportunities for UAVs and Quadcopters (and other applications we haven’t even thought of - what would you use it for?) and we would like to see this level of performance available in an open-source system.

We have developed and would like to share with you a new set of tools which we hope will make GPS accessible to hackers and experimenters; a library, libswiftnav, which contains a complete toolset for building a GPS receiver, and Piksi, a stand-alone hardware platform to run it on. The prototype is already very capable - we can’t wait to see what you can come up with.

Fergus Noble graduated in 2011 with an MSc. in Physics from the University of Cambridge, UK. Whilst at Cambridge he spent most of his spare time working on an 100km amateur rocket attempt which led to his frustration with available GPS systems. After graduating, he moved to California to work for Joby Energy on GPS systems for high-altitude wind turbines before co-founding Swift Navigation with Colin Beighley and Henry Hallam to work on a new open-source GPS receiver. He is also a co-maintainer of libopencm3, an open-source peripheral library for ARM Cortex-M based microcontrollers and creator of Plot-o-matic, an open-source tool for quickly visualising real-time data streams.
https://github.com/fnoble

Colin Beighley graduated from the University of California at Santa Cruz in 2010 with a BS in Electrical Engineering. He worked at Joby Energy in Bonny Doon, California, before co-founding Swift Navigation with fellow GPS hackers Fergus Noble and Henry Hallam. He is the creator of softgnss_python, an open-source GPS/GNSS post-processing library.

return to top

SQL ReInjector - Automated Exfiltrated Data Identification

In 2011, SQL injections became front page news as ever more high profile companies were victims of automated SQL injection attacks. Responders spent countless hours looking at values in log files like "0x31303235343830303536" trying to figure out what was being exfiltrated by whom. Incident response costs skyrocketed while the cost of attacking fell.

This presentation will debut SQL ReInjector, a tool for the rapid assessment of logs from SQL injection attacks to determine what data was exfiltrated.

When responding to an SQL injection attack, responders have to determine what was exfiltrated by manually parsing the web server logs from the victimized host. This is a time consuming process that requires a significant amount of a responder’s time. Moreover, manual replay of the SQL injection does not account for system level discrepancies in how queries are executed by the system – running SQL against a SQL server directly doesn’t account for the behavior of any intermediary systems – e.g. any application layer logic or nuances in how the web application and database server interact.

SQL ReInjector uses the log files from the machine that has been subject to a SQL injection attack to replay the attack against the server (or a virtualized forensic image thereof) and captures the data returned by the SQL injection web site requests, reducing the amount of time responders have to spend looking at web server logs and allows for responders to recreate the data exfiltrated through a SQL injection attack.



Jason A. Novak is an Assistant Director of Digital Forensics in Stroz Friedberg's Chicago office. At Stroz Friedberg, Mr. Novak has been lead examiner in a wide range of cases involving digital forensics, incident response, application testing, source code analysis, and data analytics, and has developed numerous tools to expedite the firm's analysis and response capabilities. The proprietary tools developed by Mr. Novak have included: an anti-money laundering data analytics platform and tools to process electronically stored information to respond to forensic and electronic discovery requests. As a co-writer of the Google Street View report, Mr. Novak analyzed the source code to gstumbler, the WiFi device geolocation application used by Google as part of the Street View project, and documented its structure and functionality in a publicly released report; Mr. Novak has responded to inquiries about the report from domestic and foreign regulators.
Twitter: @strozfriedberg
http://www.strozfriedberg.com


Andrea (Drea) London is a Digital Forensic Examiner in Stroz Friedberg's Dallas office. At Stroz Friedberg, Ms. London acquires and examines digital evidence from laptops, desktops and mobile phones in support of legal proceedings, criminal matters, and/or corporate investigations. Additionally she is responsible for implementing large-scale, end-to-end electronic discovery for both civil and criminal litigation. Ms. London previously held positions at Arsenal Security Group and IBM’s Internet Security Systems Emergency Response Team. At Arsenal, Ms. London was an integral part of the company’s immediate response team for worldwide cyber security incidents. During this time she completed and has maintained certification as a Payment Application Qualified Security Assessor (PA QSA), Payment Card Industry (PCI QSA), and PCI Forensic Investigators (PFI), one of the first appointed by the PCI Council. At IBM, she acted as an official Quality Incident Response Assessor (QIRA) reporting PCI breaches to major card brands. Prior to her work for IBM, Ms. London was with the Air Force Office of Special Investigations (AFOSI), where she was one of two Airmen chosen for special duty assignment at the Defense Cyber Crime Center, and where she was tasked with testing and evaluating forensic software and hardware for the Center.

return to top

Meet the EFF

Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation’s premiere digital civil liberties group fighting for freedom and privacy in the computer age. This session will include updates on current EFF issues such as surveillance online and fighting efforts to use intellectual property claims to shut down free speech and halt innovation, discussion of our technology project to protect privacy and speech online, updates on cases and legislation affecting security research, and much more. Half the session will be given over to question-and-answer, so it's your chance to ask EFF questions about the law and technology issues that are important to you.

Kurt Opsahl is a Senior Staff Attorney with the Electronic Frontier Foundation focusing on civil liberties, free speech and privacy law. Opsahl has counseled numerous computer security researchers on their rights to conduct and discuss research. Before joining EFF, Opsahl worked at Perkins Coie, where he represented technology clients with respect to intellectual property, privacy, defamation, and other online liability matters, including working on Kelly v. Arribasoft, MGM v. Grokster and CoStar v. LoopNet. Prior to Perkins, Opsahl was a research fellow to Professor Pamela Samuelson at the U.C. Berkeley School of Information Management & Systems. Opsahl received his law degree from Boalt Hall, and undergraduate degree from U.C. Santa Cruz. Opsahl co-authored "Electronic Media and Privacy Law Handbook.” In 2007, Opsahl was named as one of the “Attorneys of the Year” by California Lawyer magazine for his work on the O'Grady v. Superior Court appeal, which established the reporter’s privilege for online journalists.
Twitter: @kurtopsahl, @eff
Facebook: eff
https://www.eff/org


Marcia Hofmann is a senior staff attorney at the Electronic Frontier Foundation, where she focuses on computer crime and security, electronic privacy, free expression, and other digital civil liberties issues. Prior to joining EFF, Marcia was staff counsel and director of the Open Government Project at the Electronic Privacy Information Center (EPIC).

Hanni Fakhouri is a Staff Attorney with the Electronic Frontier Foundation focusing on the intersection of technology and criminal law within the Coders Rights Project. Prior to joining EFF, Hanni worked as a federal public defender in San Diego. In less than four years, he tried fourteen felony jury and bench trials and argued before the Ninth Circuit Court of Appeals four times, winning three reversals, including a published reversal in U.S. v. Sandoval-Gonzalez. He also served as a copy editor for the 2010 edition of Defending a Federal Criminal Case. While in law school, Hanni worked at the federal public defender's office in Sacramento, where he obtained acquittals in one jury trial and two bench trials. Hanni is a graduate of UC Berkeley, where he received two degrees, including a honors degree in history, and Pacific McGeorge School of Law, where he was elected to the Order of Barristers for his excellence in written and oral advocacy. Hanni is a member of the National Association of Criminal Defense Lawyers.

Peter Eckersley is Technology Projects Director for the Electronic Frontier Foundation. He keeps his eyes peeled for technologies that, by accident or design, pose a risk to computer users' freedoms—and then looks for ways to fix them. He explains gadgets to lawyers, and lawyers to gadgets. Peter's work at EFF has included privacy and security projects such as Panopticlick, HTTPS Everywhere, SSDI, and the SSL Observatory; and running the first controlled tests to confirm that Comcast was using forged reset packets to interfere with P2P protocols.

Eva Galperin is EFF's International Freedom of Expression Coordinator, and has been instrumental in highlighting government malware designed to spy upon activists around the world. A lifelong geek, Eva misspent her youth working as a Systems Administrator all over Silicon Valley. Since then, she has seen the error of her ways and earned degrees in Political Science and International Relations from SFSU. She comes to EFF from the US-China Policy Institute, where she researched Chinese energy policy, helped to organize conferences, and attempted to make use of her rudimentary Mandarin skills.

Trevor Timm is an activist at the Electronic Frontier Foundation. He specializes in free speech issues and government transparency. Before joining the EFF, Trevor helped the longtime General Counsel of The New York Times, James Goodale, write a book on the First Amendment. He has also worked for the former President of the ACLU and at The New Yorker. He graduated from Northeastern University and has a J.D. from New York Law School.

return to top

The End of the PSTN As You Know It

The PSTN as you know it is changing. In March of 2012, the NSA announced "Project Fishbowl", a reference architecture for secure mobility VoIP usage on smartphones using WiFi or 3GPP networks. At the same time, mobile carriers in the US (seemingly) ensure that subscribers must purchase voice plans on their smartphones and can't opt for data only plans - which curtails a compelling option of purchasing a smartphone for data only usage, such as VoIP. Other mysterious clues abound. Since the mid-to-late 90s, users have been able to host their own web and email servers using open standards and DNS for advertisements, peering directly between domains and systems. At the same time, since the early 2000s, the technology and protocols have existed for enabling direct VoIP peering between enterprises, bypassing the PSTN, using DNS SRV records and ENUM - the same way we've been using DNS for HTTP and SMTP for years. But why is this seemingly attractive option for cost savings and collaboration not more widely adopted? Surely this is the way VoIP was meant to be used? Or isn't it?

In this talk, we will explore the so-called market buzz of "UC Federation". Rather, we will kick this term to the bit bucket, and present an overview of how the industry is deploying these solutions technically. We will take a closer look at the security of being able to use UC between organizations, advertised using DNS, the same way that companies use UC internally for VoIP, HD Video, data sharing, IM & Presence, and collaboration applications. This talk is divided into three sections.

First, we'll share our research on the state of public SIP peering using DNS SRV. Is SIP peering proliferating? How? What does it mean? Using a PoC research tool, we'll look at some initial data we've found, in order to plot the increase of peering using DNS SRV records for SIP service location advertisement.

Second, we will show the audience findings from our UC “Federation” Honeypot research project. We've built a UC solution using a large commercial vendor, and have tested "Federation" with the help of the Global Federation Directory. Just to see what would happen. We've also set up a network of cloud based UC Federation honeypots using open source software, to explore attacks against UC Federation Systems.

Last, we show it can be done and how. Did you know that you can set up your own VoIP server with DNS based routing and HA and directly peer between VoIP servers, providing services for your friends and your company from your favorite BYOD using an address just like your email address, right now? For little to no cost, using open source software? It's interesting that when companies communicate VoIP inter-domain, the most prevalent architecture is to route calls over a private network, or through a carrier connected to the PSTN. Ironically, the infrastructure has existed for years to do direct public SIP peering. We'll explore this concept of "Islands of VoIP", and bring together our security research findings in this area along with industry roadblocks. Can a more open standard protocol be adopted using existing open source software, to easily UC "Federate" between different vendors? We think this is the future. It's exciting, and we want to show it to you.

Celebrating the 20th anniversary of DEF CON, this presentation is bold. We can't promise that it will be 100% complete, as it will likely evolve well past DEF CON. But we do promise some ballyhoo demos and shenanigans. Tomfoolery will ensue.

Jason Ostrom is a security researcher working in the VIPER Lab, with an interest in UC application (In)security. He is a graduate of the University of Michigan, Ann Arbor, and has over 14 years of experience in the IT industry, including VoIP penetration testing. He is the author of the VoIP Hopper security tool and has contributed to other open source UC security tools.

Karl Feinauer is a Vulnerability Research Software Engineer working in the VIPER Lab. Karl has a strong interest in Windows and UC security, and contributed to the development of the OCS Assessment Tool. He is a graduate of the University of Texas at Arlington.

William Borskey is a Senior Security Consultant working in the VIPER Lab. His areas of interest include telecommunications and security. He is a graduate of Louisiana State University at Baton Rouge.

return to top

APK File Infection on an
Android System

This concept of APK file infection on Android is similar to the concept of PE file infection on Windows systems. As the performance of Android device has increased, it's become possible to implement such a concept in Android systems. We will demonstrate how to implement this concept. In addition, we will also give a demo to show that a PoC virus can infect normal APK files in a real Android mobile phone.

Bob Pan mainly focuses on mobile platform security domain(including Android/iOS platforms). He likes reverse-engineering and contributes to opensource. He is the owner of dex2jar (http://code.google.com/p/dex2jar/) which is one of most popular tools in the android security industry.

Now he works as a Mobile Security Research Engineer at TrendMicro.

return to top

Panel: The Making of DEF CON 20

Have you ever wondered what it takes to put DEF CON together, Well now is your chance to find out. DEF CON is broken down into 10 departments: Security, Networking, Press, Speaker Ops, Contests, Vendors, Swag Booth, Registration, Quarter Master, and Operations. Each of the department heads (aka the DEF CON Planning Staff) will be part of this panel and will give an overview of what we do the other 361 days of the year to plan DEF CON. There will also be time for Q&A from the audience so if you want to know how we do this, come prepared with questions.

return to top

Adventures in Bouncerland

Meet [REDACTED]. He is a single function app that wanted to be much more. He always looked up those elite malware and botnet apps but now that the Google’s Bouncer moved into town his hopes and dreams appeared to be shattered. This was until he was handed a text file while strolling along a shady part of the Internet (AKA Pastebin). The title of this txt file was “Bypassing Google’s Bouncer in 7 steps for Fun and Profit”. Upon reading this, our little app began to glow with excitement. He routed himself all the way to the gates of Google Play and began his journey from a simple benign app that [REDACTED], to a full-fledged info stealing botnet warrior. In this presentation we will tell the story of how our little app beat the Bouncer and got the girl (well, at least all her personal information, and a few naughty pics).

Nicholas J. Percoco: With more than 15 years of information security experience, Percoco is the lead security advisor to many of Trustwave¹s premier clients and assists them in making strategic decisions around security compliance regimes. He leads the SpiderLabs team that has performed more than 1300 computer incident response and forensic investigations globally, run thousands of penetration and application security tests for clients, and conducted security research to improve Trustwave's products. Percoco and his research has been featured by many news organizations including: The Washington Post, eWeek, PC World, CNET, Wired, Hakin9, Network World, Dark Reading, Fox News, USA Today, Forbes, Computerworld, CSO Magazine, CNN, The Times of London, NPR, Gizmodo, Fast Company, Financial Times and The Wall Street Journal.
Twitter: @c7five
http://blog.spiderlabs.com


Sean Schulte: Sean is an engineer at Trustwave who works primarily with Java and Ruby. He is responsible for building external APIs such as the SSL reseller API, and internal APIs including a Google Safe Browsing blacklist along with the infrastructure to support various SSL services. In his spare time he maintains an unpopular, but feisty, baseball blog.
Twitter: @sirsean

return to top

Anti-Forensics and Anti-Anti-Forensics: Attacks and Mitigating Techniques for Digital-Forensic Investigations

Digital investigations may be conducted differently by various labs (law enforcement agencies, private firms, enterprise corporations) but each lab performs similar steps when acquiring, processing, analyzing, or reporting on data. This talk will discuss techniques that criminals can use to throw wrenches into each of these steps in order to disrupt an investigation, and how they can even force evidence to be excluded from litigation. Each of these techniques can be detected early by an investigator who is aware of them, and they can be avoided if you know what to look for. Come learn about Anti-Forensic techniques, and the Anti-Anti-Forensic techniques that mitigate them.

Michael Perklin is a Senior Investigator and has performed digital-forensic examinations on over a thousand devices. Michael is a member of the High Technology Crime Investigations Association, a professor of digital forensics at Sheridan College, and is currently writing his thesis paper on anti-forensic techniques.
Twitter: @mperklin

return to top

Creating an A1 Security Kernel in the 1980s (Using “Stone Knives and Bear Skins”)

This is a retrospective of computer security research and the process of building a secure operating system for the US government 1983-1990. The paper presents the case study of Kernelized Secure Operating System (KSOS), an A1 security-kernel operating system. KSOS was written to protect SCI/compartmented data (sometimes referred to as “above TOP SECRET”), and entered production. KSOS-11 ran on PDP-11, and KSOS-32 ran on DEC VaX. KSOS-11 ran in less than 64K bytes and was a fully functional OS including a security kernel, UNIX compatibility layer and first generation TCP/IP stack.

The design for KSOS was the first operating system design that was mathematically “proven correct” using formal specifications and computer based theorem provers.

The presentation also discusses the computing technology of the day - 16 bit computers, line editors, primitive (by current standards) compilers, theorem provers and how that affected development methods and what could be accomplished.

This presentation is a technical retrospective of computer security research during 1983- 1990 placed in its social and technical context. This presentation is being written especially for DEF CON’s 20th anniversary and has never been published before. The last paper published specifically on KSOS was at the 7th NBS Computer Security Conference in 1984.

Tom “tep” Perrine started on the ARPANET in grade school, with accounts at MIT-MULTICS and other sites. After college graduation he shared an IMP on the original ARPANET with the Navy and UCSD. During the 80s he worked on secure operating systems such as KSOS for the intelligence community. In the 90s he was a security researcher and CSO at the San Diego Supercomputer Center (SDSC), where he was also involved in “the Kevin affair”. While at SDSC he also consulted for the FBI on Critical Infrastructure Protection and was invited to give Congressional testimony on the FBI’s Carnivore program. Since 2003 he has worked at a video game company, supporting game development studios and operating hosting facilities for online video games. He is since moved on to developing world wide IT strategies for the same company. He owns a complete set of the Rainbow Books and the only copy of Takedown signed by both Tsutomu Shimomura and Kevin Mitnick.

return to top

Network Anti-Reconnaissance: Messing with Nmap Through Smoke and Mirrors

Reconnaissance on a network has been an attacker's game for far too long, where's the defense? Nmap routinely evades firewalls, traverses NATs, bypasses signature based NIDS, and gathers up the details of your highly vulnerable box serving Top Secret documents. Why make it so easy?

In this talk, we will explore how to prevent network reconnaissance by using honeyd to flood your network with low fidelity honeypots. We then discuss how this lets us constrain the problem of detecting reconnaissance such that a machine learning algorithm can be effectively applied. (No signatures!) We will also discuss some important additions to honeyd that we had to make along the way, and perform a live demonstration of our free software tool for doing all of the above: Nova.

Dan "AltF4" Petro: By day, Alt is a security researcher for DataSoft Corp, a small business in Scottsdale Arizona, where he focuses on developing open source tools for network security. He holds a M.S. in Information Assurance from Arizona State University where he studied network security and cryptographic protocols. By night, he is a rogue free software and privacy activist with a penchant for the dramatic. He is a lifelong hacker and regular member of the Phoenix 2600.
Twitter: @2600AltF4

return to top

Bypassing Endpoint Security for $20 or Less

In this talk cheap easily constructed devices which can be used to bypass endpoint security software by making any USB mass storage (flash or hard) drive appear as authorized devices will be presented.

The design and implementation will be discussed in detail. Devices can be constructed for approximately $18 and $30 for a small package which requires soldering of 4 wires, and a slightly larger package which requires no soldering, respectively. Some familiarity with microcontrollers and C programming would be helpful, but not required for attendees to get the most from this talk.

Phil Polstra was born at an early age. He cleaned out his savings at age 8 in order to buy a TI99-4A computer for the sum of $450.

Two years later he learned 6502 assembly and has been hacking computers and electronics ever since. Phil currently works as a professor at a private Midwestern university. He teaches computer security and forensics.

His current research focus involves use of microcontrollers and small embedded computers for forensics and pentesting. Prior to entering academia, Phil held several high level positions at well-known US companies. He holds a couple of the usual certs one might expect for someone in his position. Phil is also an accomplished aviator with several thousand hours of flight time. He holds 12 ratings including instructor, commerical pilot, mechanic, inspector, and avionics tech. When not working, he likes to spend time with his family, fly, hack electronics, and has been known to build airplanes.

Over the last few years Phil has spoken on various USB-related topics at a number of conferences such as 44Con, NetSecure, MakerFaire Detroit, and Black Hat. He has developed a number of cheap, fun, and useful devices for infosec and forensics professionals.
Twitter: @ppolstra
Facebook: ppolstra
http://ppolstra.blogspot.com

return to top

The Safety Dance - Wardriving the Public Safety Band

The 4.9Ghz Public Safety Band has been deployed to a town near you! Police, Emergency Medical, and even Critical Infrastructure (power plants, etc.) maintain wireless networks on this seemingly ‘hidden’ band – but what’s actually there? How can you identify and monitor these networks? Stop by and find out the answers to those questions and more!

Robert Potvliet heads Foundstone’s wireless service line.

Brad Antoniewicz Brad Antoniewicz works in Foundstone's open security research division to uncover flaws in popular technologies. He is a contributing author to both the Hacking Exposed and Hacking Exposed: Wireless series of books and has authored various internal/external Foundstone tools, whitepapers, and methodologies.
Twitter:@foundstone
http://blog.opensecurityresearch.com

return to top

Kevin Poulsen Answers Your Questions



Kevin Poulsen is the news editor of Wired.com and author of Kingpin: How One Hacker Took Over the Billion-Dollar Cyber Crime Underground (February 2011, Crown), the story of the white hat hacker Max Vision and his turn to the dark side of the for-profit carding underground.

Poulsen is a former hacker, whose best known hack involved penetrating telephone company computers in the early 1990s to win radio station phone-in contests. By taking over all the phone lines leading to Los Angeles radio stations, he was able to guarantee that he would be the proper-numbered caller to win, for example, $20,000 in cash, and a Porsche 944 S2 Cabriolet.

When the FBI started pursuing Poulsen, he went underground as a fugitive. He was featured on NBC’s Unsolved Mysteries, and was finally arrested in April 1991 after 18 months on the run. He pleaded guilty to computer fraud and served a little over 5 years in prison. At the time, it was the longest U.S. sentence ever given for hacking.

Following his release from prison Poulsen was briefly barred from using computers. Reformed, but still possessed of the curiosity that contributed to his hacking when he was younger, he became a journalist. His first magazine feature ran in WIRED in 1998, and covered computer programmers who were driven to survivalist tactics by fear of the looming Y2K bug.

When Poulsen’s court supervision expired, he joined a California-based web start-up called SecurityFocus as editorial director in 2000, and began reporting security and hacking news. Poulsen repeatedly broke stories of national importance that were picked up by the mainstream press: a computer intrusion at a U.S. hospital that, for the first time, breached patient medical records ; hackers “war driving” for open Wi-Fi networks; a computer virus crippling a safety system at a nuclear power plant in Ohio; a southern California hacker’s successful penetration of a Secret Service agent’s PDA, and the attendant theft of confidential agency files.

Poulsen left SecurityFocus in 2005 and joined Wired.com, where he now serves as a news editor. In a computer-assisted reporting effort in 2006, Poulsen wrote software that scoured MySpace for registered sex offenders, identifying hundreds. The story resulted in the arrest of an active pedophile, led to significant policy changes at MySpace and spawned federal legislation. In 2007, Poulsen’s reporting revealed that the FBI had been using a custom spyware program, called a CIPAV, to infect the computers of criminal suspects. In June 2010, Poulsen and a co-writer broke the news that the government had secretly arrested Army intelligence analyst Bradley Manning on suspicion of leaking hundreds of thousands of classified documents to the secret-spilling website WikiLeaks.

Poulsen is the founding editor of Wired’s Threat Level blog, which won the 2008 Knight-Batten Award for Innovation in Journalism, and the 2010 MIN award for best blog. In 2009 Poulsen was inducted into MIN’s Digital Hall of Fame for online journalism, and in 2010 he was among those honored as a “Top Cyber Security Journalist” in a peer-voted award by the SANS Institute. Poulsen's encyclopedic knowledge of "I Love Lucy" trivia helped propel his team to victory in Hacker Jeopardy at DEF CON 8.

return to top

Q&A with the Men (and Women) in Black

Back at DC9 a brave MIB from the CIA received clearance and volunteered to answer any and all DC attendee's questions with no restrictions as honestly as he could. After that experience it's only taken us 10 years to get several someone's to come back and do it again!

This will be your chance to meet and ask any question you want of the so called Men (and Women) in Black. Representatives from the NRO, CIA, NSA, DIA, and US Military will field any and all questions you have on any topic you want. However you may not like the answers.

We promise there will be no extreme renditions, water boarding, assassinations, or mind control unless you really truly deserve it.

return to top

Hacker + Airplanes = No Good Can Come Of This

What happens when a hacker gets bored and starts looking at an aircraft tracking systems? This talk will look at ADS-B (Automatic Dependent Surveillance-Broadcast), a common technology installed or being installed on a vast majority of commercial airliners that involves an unencrypted and unauthenticated radio broadcast. This technology has some interesting features and weaknesses that are a useful lesson in failures when security is not built in from the beginning. This talk constitutes a work in progress and hopes to spur more research and investigation into this field.

Brad Haines (RenderMan) CISSP, is a Whitehat by trade, Blackhat by fashion. A very visible and well known member of the wardriving and hacker community, he does whatever he can to learn how things work, how to make them better and to teach people the same. A firm believer in the hacker ethic of openness, sharing, and collaboration. Never afraid to try something new, he can usually be found taking unnecessary risks for the sake of the experience.
Twitter: @ihackedwhat

return to top

MegaUpload: Guilty or Not Guilty?

On January 19, 2012, Kim DotCom was arrested in a dramatic raid after being indicted on federal criminal charges that he knew that his website, MegaUpload, was a haven of piracy and counterfeiting. In the days that followed, the media commented on the presumed guilt of MegaUpload. In this debate, Jim argues that the law and evidence clearly point to MegaUpload's officers being found guilty, while Jennifer will argue that the MegaUpload case is built on unprecedented and wrongheaded interpretations of copyright law, and thus the principles should be found not guilty. The debate will concentrate on the charges of conspiracy to commit copyright infringement and aiding & abetting copyright infringement. After the arguments and rebuttals, the audience will vote and decide the fate of MegaUpload.

Jim Rennie is an attorney currently specializing in privacy and data protection law and regulation. Previously he was a Public Defender in Las Vegas, and prior to law school was a web application developer. He has spoken previously at DEF CON and other conferences on a variety of topics concerning law and technology.
Twitter: @falconred


Jennifer Granick specializes in computer crime law and has held such positions as Civil Liberties Director at the Electronic Frontier Foundation and Executive Director of the Center for Internet and Society at Stanford Law School. She is best known for her work with Intellectual Property law, free speech, privacy, and other things relating to computer security, and has represented several high profile hackers.
Twitter: @granick

return to top

Stamp Out Hash Corruption! Crack All The Things!

The precursor to cracking any password is getting the right hash. In this talk we are going to cover how we discovered that Cain and Able, Creddump, Metasploit and other hash extraction tools regularly yield corrupt hashes that cannot be cracked. We will take a deep dive into password extraction mechanics, the birth of a viral logic flaw that started it all and how to prevent corrupt hashes. At the conclusion of this talk we will release patches that prevent hash corruption in these tools that many security professionals use every day.

Ryan Reynolds has been with Crowe for five years and is the Manager responsible for Crowe's Penetration Testing services. Ryan has a wide range of knowledge and experience in system administration and networking to include security applications and controls. He is a technical lead for engagements including application, network and infrastructure penetration testing on both internal and external systems as well as social engineering & physical security assessments.
Twitter: @reynoldsrb


Jonathan Claudius is a Security Researcher at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has ten years of experience in the IT industry with the last eight years specializing in Security. At Trustwave, Jonathan works in the SpiderLabs Research Division where he focuses on vulnerability research, network exploitation and is the creator of the BNAT-Suite. Before joining SpiderLabs, Jonathan ran Trustwave's Global Security Operations Center.
Twitter: @claudijd

return to top

Spy vs Spy: Spying on Mobile Device Spyware

Commercial spyware is available for mobile devices, including iPhones, Android Smartphones, BlackBerries, and Nokias. Many of the vendors claim that their software and its operation is undetectable on the smartphones after setup is complete. Is this true? Is there a way to identify whether or not some jerk installed spyware on your mobile phone or are you destined to be PWN'd?

This presentation examines the operation and trails left by five different commercial spyware products for mobile devices. Research for both Android and iPhone 4S will be given. A list of results from physical dumps, file system captures, and user files will be presented to show how stealthy the spyware really was. The results from the analysis of the install files will also be presented. From this information a list of indicators will be presented to determine whether or not spyware is on your phone.

Michael Robinson a/k/a Flash, conducts forensic examinations of computers and mobile devices for consulting firm in the Washington, DC area. In addition to his day job, he teaches graduate level courses in computer forensics and mobile device forensics at Stevenson University and George Mason University. Prior to his current consulting gig, Flash conducted computer forensic examinations in support of federal law enforcement. He worked for the Department of Defense for a bunch of years doing IT and forensics work. Flash has been in school forever. Eventually he'll get smart. He's building on his Master's in Computer Forensics with a Doctorate in the same field.

Chris Taylor is a security researcher and teacher that has been doing IT security, incident response, computer forensics, and mobile device forensics for the last 12 years. His experience comes from doing research, not reading research. Imagine that. He makes fun of his co-presenter constantly. He is also a staunch privacy advocate that hates writing bios.

return to top

Scylla: Because There's no Patch for Human Stupidity

When there's no technical vulnerability to exploit, you should try to hack what humans left for you, and believe me, this always works.

Scylla provides all the power of what a real audit, intrusion, exclusion and analysis tool needs, giving the possibility of scanning misconfiguration bugs dynamically.

Scylla aims to be a better tool for security auditors, extremely fast, designed based on real scenarios, developed by experienced coders and constructed with actual IT work methods.

The words “Configuration Tracer” are the best definition for Scylla, a tool to help on IT audits.

Sergio 'flacman' Valderrama has been a coder and hacker since he was in school (15 Years old?). Consulting Manager of 2Secure S.A.S, he has worked as security consultant for more than 6 years. Founder of ColombiaUnderground Team, he studied Computer Engineer at the Universidad de los Andes... (lot of non interesting crap about titles and experience). And of course, he's the main developer of Scylla.

Carlos Alberto Rodriguez is Co-Founder at 2Secure, a Colombia-based company that provides specialized security services for multiple sector companies. Senior Developer focused in security development with emphasis in cryptographic algorithms, Senior Security Consultant, R&D Manager and Security Applications Leader for 2Secure with over 7 years of experience in security and incident handling.
Twitter: @_S_aint_Iker

return to top

Bruce Schneier Answers Your Questions

Bruce Schneier will answer questions topics ranging from the SHA-3 competition to the TSA to trust and society to squid.

Internationally renowned security technologist Bruce Schneier has authored twelve books -- most recently Liars and Outliers -- and hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram," and his blog "Schneier on Security," are read by over 250,000 people. Schneier is the Chief Security Technology Officer of BT.

http://www.schneier.com

return to top

Programming Weird Machines with ELF Metadata

The Executable and Linkable Format (ELF) is omnipresent; related OS and library code is run whenever processes are set up and serviced (e.g., dynamically linked). The loader is the stage manager for every executable. Hardly anyone appreciates the work that the ELF backstage crew (including the linker and the loader) puts in to make an executable run smoothly. While the rest of the world focuses on the star, hackers such as the Grugq (in Cheating the ELF) and Skape (in Locreate: An Anagram for Relocate), and the ERESI/ELFsh crew, know to schmooze with the backstage crew. We can make a star out of the loader by tricking it into performing any computation by presenting it with crafted but otherwise well-formed ELF metadata. We will provide you with a new reason why you should appreciate the power of the ELF linker/loader by demonstrating how specially crafted ELF relocation and symbol table entries can act as instructions to coerce the linker/loader into performing arbitrary computation. We will present a proof-of-concept method of constructing ELF metadata to implement the Turing-complete Brainfuck language primitives and well as demonstrate a method of crafting relocation entries to insert a backdoor into an executable.

Rebecca "bx" Shapiro is a graduate student at a small college in Northern Appalachia. She enjoys tinkering with systems in undocumented manners to find hidden sources of computation. She hopes to continue this work to find more specimens for Sergey Bratus's weird machine zoo.
Twitter: @bxsays


Sergey Bratus is a Northern Appalachian who hacks DWARF and ELF. It is his ambition to collect and classify all kinds of weird machines; he is also a member of the http://langsec.org conspiracy to eliminate large classes of bugs.
Twitter: @sergeybratus

return to top

We Have You by the Gadgets

Why send someone an executable when you can just send them a sidebar gadget? We will be talking about the windows gadget platform and what the nastyness that can be done with it, how are gadgets made, how are they distributed and more importantly their weaknesses. Gadgets are comprised of JS, CSS and HTML and are application that the Windows operating system has embedded by default. As a result there are a number of interesting attack vectors that are interesting to explore and take advantage of.

We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets.

Mickey Shkatov AKA "Laplinker" , is a proud DC9723 member, not a Mossad agent, a breaker of code, a researcher of vulnerabilities that will never see the light of day, a lunatic and a fun guy to drink with.
Twitter: @laplinker
http://www.laplinker.com


Toby Kohlenberg is an opinionated loud mouth who occasionally has interesting insights and useful things to say about a wide variety of information security topics. He's worked on a large number of different technologies in the information security space. Past speaker at: T2, Shmoocon, Toorcon Seattle, PacSec and CanSecWest.

return to top

Can You Track Me Now? Government And Corporate Surveillance Of Mobile Geo-Location Data

Our mobile phones and apps systematically collect and store comprehensive historical lists of our locations and our travels. Advertising and marketing companies extract and interpret these lists for use in their information-gathering networks, effectively turning our phones into 24/7 location tracking devices. Because this information is readily available to the government, law enforcement agencies now have unparalleled access to knowledge of where you are, where you've been, and through inference, who you are.

In this panel, tech experts Christopher Soghoian and Ashkan Soltani, alongside Catherine Crump, staff attorney with the ACLU's Project on Speech, Privacy, and Technology, will present a briefing on the current technological and legal landscape of location data tracking. The panelists will explore how consumer location tracking efforts weave a story about the systemic privacy vulnerabilities of smart phones and the legal ways in which law enforcement has been able to hitch a ride. The panel will be moderated by the Director of the ACLU's Project on Speech, Privacy, and Technology, Ben Wizner.

Christopher Soghoian is a Washington, D.C. based Open Society Fellow, a Graduate Fellow at the Center for Applied Cybersecurity Research, and a Ph.D. Candidate in the School of Informatics and Computing at Indiana University. Soghoian's research is focused on the topic of tech privacy, including both consumer issues and government surveillance. He has used the Freedom of Information Act and other investigative techniques to shed light on the scale of and methods by which the U.S. government spies on mobile cell phones and this work has been cited by the Ninth Circuit Court of Appeals and featured on the Colbert Report.
Twitter: @csoghoian
http://www.dubfire.net/, http://paranoia.dubfire.net/


Ben Wizner is the Director of ACLU's Speech, Privacy &amp; Technology Project, which is dedicated to protecting and expanding the First Amendment freedoms of expression, association, and inquiry; expanding the right to privacy and increasing the control that individuals have over their personal information; and ensuring that civil liberties are enhanced rather than compromised by new advances in science and technology. He has litigated numerous cases involving civil liberties abuses, including challenges to government watchlists and Internet censorship. He has appeared regularly in the media, testified before Congress, and traveled several times to Guantanamo Bay to monitor military commission proceedings. Ben is a graduate of Harvard College and New York University School of Law.

Catherine Crump is a Staff Attorney with the ACLU's Speech, Privacy and Technology Project. She specializes in free speech and privacy litigation, particularly regarding the impact of new technologies on First and Fourth Amendment rights. Crump recently organized a nationwide public records investigation that found local police departments regularly tracking citizens through their cell phones without warrants. The project was featured in myriad news outlets, including The New York Times, The Washington Post, and MSNBC. She is also litigating a series of cases challenging the government's claim that it can legally track the location of people's cell phones without a warrant. Crump has been counsel of record for several ACLU amicus briefs in important cases involving technological surveillance, including United States v. Jones, the Supreme Court case heard last term ruling that the GPS tracking of vehicles constitutes a search. Crump is a non-residential fellow at the Stanford Center for Internet and Society, a 2004 graduate of Stanford Law School, and a 2000 graduate of Stanford University.
Twitter: @catherinencrump


Ashkan Soltani is an independent researcher and consultant focused on privacy, security, and behavioral economics. He has more than 15 years of experience as a technology consultant and has published three major reports on the extent and means of data tracking: "KnowPrivacy: The Current State of Web Privacy, Data Collection, and Information Sharing," "Flash Cookies and Privacy," and "Flash Cookies and Privacy II." His work highlights the prevalence and practice of tracking online, including the use of specific technologies designed to circumvent consumer privacy choices online. He has served as a staff technologist in the Division of Privacy and Identity Protection at the Federal Trade Commission and also worked as the primary technical consultant on the Wall Street Journal's What They Know series, investigating Internet privacy and online tracking.
Twitter: @ashk4n

return to top

Botnets Die Hard - Owned and Operated

Botnet designs are becoming more robust and sophisticated with the passage of time. While the security world is grappling with the security threats posed by Zeus and SpyEye, a new breed of botnets has begun to flourish. Present-day botnets such as smoke, ICE-X, NGR, etc use a mix of pre-existing and newly developed exploitation tactics to disseminate infections. Botnets have been successful in bypassing advanced defense mechanisms developed by the industry . This talk will take you to the journey of the lives of present-day botnets. With a good set of demonstrations, we will dissect the crux of upcoming breed of botnets.

Aditya K. Sood Aditya K Sood is a senior security practitioner and PhD candidate at Michigan State University. At present he is working for iSECPartners. Prior to that, he has already worked in the security domain for Armorize, COSEINC and KPMG. He is also a founder of SecNiche Security Labs, an independent security research arena for cutting edge computer security research. At SecNiche, he also acts as an independent security consultant for providing services including software security and malware analysis. He has been an active speaker at industry conferences and already spoken at RSA, Virus Bulletin, HackInTheBox, ToorCon, LayerOne, HackerHalted, SANS, Source, EuSecWest, XCON, Troopers, OWASP AppSec USA, TRISC and others. He has published several papers for IEEE Magazines, Virus Bulletin, CrossTalk, Usenix Login, Elsevier Journals, HITB Ezine, Hakin9, ISSA and ISACA.
Twitter: @AdityaKSood
Blog
Secniche.com


Richard J. Enbody Ph.D., is associate professor in the Department of Computer Science and Engineering at Michigan State University (USA) where he joined the faculty in 1987. Enbody has served as acting and associate chair of the department and as director of the computer engineering undergraduate program. His research interests include computer security; computer architecture; web-based distance education; and parallel processing, especially the application of parallel processing to computational science problems. Enbody has two patents pending on hardware buffer-overflow protection that will prevent most computer worms and viruses.
http://www.cse.msu.edu/~enbody

return to top

How to Channel Your Inner Henry Rollins

Have you ever found yourself thinking “Boy I sure wish I could witness a guy rant for 20 minutes and barely come up for air” or maybe “I sure wish I could have seen firsthand an old time tent revival with a preacher screaming at me” Well then great news you are in luck. This is a talk on not just how we need to take a hard look at how we interact with people outside of our field. It also addresses how we can escape the echo chamber and hopefully burn it to the ground as we leave! All presented in a hopefully comical but most likely just ranty way!

Jayson E. Street is the author of the book 'Dissecting the Hack: The F0rb1dd3n Network' plus creator of the site http://dissectingthehack.com

He's also spoken at DEF CON, BRUCON, UCON & at several other CONs & colleges on a variety of Information Security subjects. His life story can be found on Google under 'Jayson E. Street'.

He's a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time's persons of the year for 2006.
Twitter: @jaysonstreet
Facebook: jayson.e.street
http://F0rb1dd3n.com

return to top

Can Twitter Really Help Expose Psychopath Killers' Traits?

Recent research has identified links between Psychopaths and the language they use (Hancock et al 2011), with media reports suggesting that such knowledge could be applied to social networks in order help Law Enforcement Agencies expose "Psychopath killers' traits". This is the first public study to research Psychopathy in the context of social media.

This study explored the extent to which it is possible to determine Psychopathy, and other personality traits based on Twitter usage. This was performed by comparing self-assessment 'Dark Triad' (Psychopathy, Machiavellianism, Narcissism) and 'Big Five' (Openness, Conscientiousness, Extraversion, Agreeableness, Neuroticism) personality traits with the Twitter information, usage and language of 2927 participants.

Results show that there are a number of statistically significant correlations between an individual's darker personality traits and their Twitter activity. We also identified links between users' attitudes to privacy, their personality traits and their twitter use. We will present the improvement gains possible through the use of machine learning for personality prediction and share the models and techniques employed.

In addition to presenting our results, this talk will provide an introduction into identifying psychopathic traits using the Hare Psychopathy Checklist (PCL-R), present the technical approaches to collecting, storing and analyzing Twitter data using Open Source technologies and discuss the current ethical, privacy and human rights concerns surrounding social media analysis, vetting and labeling.

We will conclude with two proof of concept works, the first using the visualization tool Maltego to explore how visual analysis could be used to identify potential troublemakers at events such a far right demonstrations; the second to look at how personality traits influence response and interaction with a benign Twitter Bot.

The results highlight that in certain contexts, personality prediction through social media can perform with a reasonably high degree of accuracy.

Chris is a contributor in the emerging discipline of Social Media Behavioral Residue research where he combines his interests in Psychology, Social Networks, Data Mining and Visual Analytics. He has previously spoken about these topics at BlackHat and DEF CON and is scheduled to speak at the European Conference on Personality in July 2012 with a team of academic personality researchers.

Chris has been directly involved in Corporate Information Security at Hewlett-Packard since 1999 and is currently focused on Security in the Development Lifecycle. Outside of work and together with a small group of likeminded individuals, he co-founded the not-for-profit Online Privacy Foundation to conduct topical research and raise security awareness at a community level.
Twitter: @TheSuggmeister
https://www.facebook.com/onlineprivacyfoundation
http://www.onlineprivacyfoundation.org/


Randall Wald is a researcher studying data mining and machine learning at Florida Atlantic University. Following his BS in Biology from the California Institute of Technology, Randall chose to shift his focus to computer science, applying his domain knowledge towards bioinformatics and building models to predict disease. He also studies machine learning for other domains, including machine condition monitoring, software engineering, and social networking.
http://www.ceecs.fau.edu/directory/randallwald

return to top

Attacking TPM Part 2: A Look at the ST19WP18 TPM Device

The STMicroelectronics ST19WL18P TPM die-level analysis. Companies like Atmel, Infineon and ST are pushing motherboard manufacturers to use these devices. End-users trust these devices to hold passwords and other secrets. Once more, I will show you just how insecure these devices are.

Christopher 'Biggun' Tarnovsky owns Flylogic, Inc. and specializes in analysis of semiconductors from a security "how strong is it really" standpoint. Flylogic offers detailed reports on substrate attacks which define if a problem exists. If a problem is identified, we explain in a detailed report all aspects of how the attack was done, level of complexity and so on. This is something we believe is unique and allows the customer to then go back to the chip vendor armed with the knowledge to make them make it better (or possibly use a different part).

return to top

Twenty Years Back, Twenty Years Ahead: The Arc of DEF CON Past and Future

Thieme's keynote at DEF CON 4 for a few hundred people was "Hacking as Practice for Trans-planetary Life in the 21st Century." Mudge recently said, "Some of us knew what you meant, and some of us thought you were nuts." That's likely to be the response to this talk too. Thieme addresses what he said 17 cons ago, why it was true, and illuminates some likely futures for hacking and hackers, anonymous 2.0.1, and the gray space of the noir world in which one is deemed a "criminal," not because of what one does, but according to who one does it for.

Identity, in short, is destiny. More than ever, identity is a choice, modular and fluid.

Mudge was with the l0pht then, now he's with DARPA. Jeff Moss was an entrepreneurial hacker, now's he's with Homeland Defense. Too many to name work in agencies or stateless names and nameless states, fulfilling the vision of Thieme's first speech.

But that was then. What's likely to be next?

The more we idealize lone hacker wolves in fiction and films, the more assimilated we nevertheless become into many Borgs, not one. Technologies determine identity, flows of information shape our souls. The forms into which we fit - in thought, word, and deed - are who we think we are.

So most humans are flocks of birds in digital cages. Hackers however see the implications of making the cages, create the space in which others live. So the question still is, which pill do you want? But the matrix has morphed. It's malleable, plastic, and biological, infinitely fun to stretch into new shapes.

The next twenty years ... the vision of "a deranged old man, wandering around the con," as someone said. But insanity, sainthood, wisdom look the same. The long view of distance, perspective across the years, is worth a million fast twitches. Combine rapid action and perspective, however ... turn context into content ... use both sides of your brain ... and you'll have mastery, a wild trip, and one hell of a good time.

Richard Thieme is an author and professional s peaker focused on the deeper implications of technology for twenty-first century life. He speaks professionally about the challenges posed by new technologies and the future, how to redesign ourselves to meet these challenges, and creativity in response to radical change. Thieme has spoken for sixteen years for the Black Hat Briefings (intelligence and corporate security) and DEF CON, an annual computer hackers' convention.

About a decade ago, a friend at the National Security Agency suggested that he could address the issues they discussed in a context of "ethical considerations for intelligence and security professionals" only if he wrote fiction. "It's the only way you can tell the truth," he was told. Three dozen published short stories and one novel-in-progress later, the result is "Mind Games," published in 2010.
Twitter: @neuralcowboy
https://www.facebook.com/pages/Richard-Thieme/107319815723
www.thiemeworks.com,
neuralcowboy@skype,
Richard Thieme at LinkedIn

return to top

Off-Grid Communications with Android: Meshing the Mobile World

Before they were a team, the members of project SPAN thought it was highly limiting to only be able to network smart phones over standard Wi-Fi or with a Cellular infrastructure. Honestly, the SPAN team isn't a big fan of infrastructure-based networks in general. They wanted a headless, dynamic network that allowed for resilient communications when the other infrastructure either wasn't available or when they just didn't feel like using it. They also really liked the idea of a communication system where there was no central router, server or other central point of sniffing of data. With this in mind, they teamed up and created project SPAN (Smart Phone AdHoc Networks). They decided to open source the project and to share not only the code (initial release to coincide with the presentation) but also the whole process and idea with the community at large. The team is annoyed that the current generation smart phone radios have the intrinsic ability to communicate directly with one another, but hardware vendors and mobile OS frameworks don’t make it easy to do so. Let us show you how it can be done and the fun that can be had from it.

Join the SPAN team for a deep dive into the Android network stack implementation and its limitations, an analysis of the Wi-Fi chipsets in the current generation of smart phones and a collection of lessons learned when writing your own network routing protocol (or 5 of them). The team will also share a "How To" walkthrough into implementing your own Mesh network and incorporating general "Off Grid" concepts into your next project; this will include securing your mesh from outside parties while tunneling and bridging through the internet. The team will delve into specific Android limitations of Ad-Hoc networking and provide workarounds and bypass mechanisms. Lastly, the team will give an overview of the implementations and network surfaces provided by the new collection of networking alternatives, including NFC and Wi-Fi Direct.

Josh "m0nk" Thomas is a Security researcher, mobile phone geek, mesh networking evangelist and general breaker of things electronic. His past projects have commonly spanned the hardware / software barrier and rarely have a UI. He's spent the past 12 years poking at embedded systems, networks, IP stacks, AI and right-time communication systems. A code monkey at heart, m0nk has spent the last year digging deep into Android and iOS internals, with a major focus on both the network stack implementations and the driver / below driver hardware interfaces. He uses IDA more frequently than Eclipse, really just likes playing with gadgets and wants to make the world a better place. His life dream is to ride a robot unicorn on a moonlit beach.
Twitter: @m0nk_dot


Jeff "stoker" Robble has been writing Java and Android software for quite a while now and he's become bored pushing blinky lights to the screen. He wanted to dig deeper into the internals of network stacks and smart phone handsets and SPAN was the perfect opportunity. At last count, Stoker was seen carrying 14 Android devices in his backpack and was mumbling something about Ice Cream Sandwich and WiFi Direct scalability.

return to top

Socialized Data: Using Social Media as a Cyber Mule

I don't wear hats. But if I did, even though I'm in an underground bunker in the dark, it would be kind of "off-whitish-grey." Like many, many of us in this industry I don't do anything "bad" even though I can. That's because I choose not to. I think "Freedom" is doing what you want to do - as a corollary, I think "Liberty" is the degree of *choice* one has in exercising their Freedom. This is the basis of my "grey" affinity. Though my actions are "white" by choice, I get very, very concerned when I see governmental/legislative/enforcement effort encroach upon my liberties even though it doesn't affect me personally. For instance, I'm totally fine with DRM and copyright laws. If you don't like the way the vendor produces their product, don't buy it. However, when legislation like SOPA comes along, it provides a mechanism for the government to dictate what private, non-affiliated companies must do in order to protect property belonging to another private company on their behalf. Thought I buy my music and software (really) I'm vehemently opposed to such legislation, particularly when all we have to do is edit a hosts file to bypass it. As such, I assert than any legislator who supported/supports SOPA or similar laws is an ignorant fucking slag.

I feel the same way about communications as it relates to monitoring, intercepting, collection and storage outside of my control. That's why I wrote TGP - so people could use cloud-based resources to encrypt their communications in a way that no-one can decrypt (presumably). But I always look for ways around encryption, and more importantly around *detection* of any method by which I choose to communicate in a manner to ensure it isn't intercepted, detected, or otherwise divulged to anyone.

And this finally leads us to what this talk is about. When thinking like a "bad guy" with the goal of distributing any number of covert communications to any number of recipients, there are a number of critical attributes which should be present. The message should:

- Be portable and "self-sustaining.
- Be able to be propagated without the originator actually having to *own* the message or carry it on him.
- Have the ability to control which recipients receive/can read the message.
- Have the messages backed up and managed by a 3rd party in perpetuity.
- Be free
- Be able to be received without any privileged access to equipment or require specialized equipment to receive.
- Be detection resistant, or even detection PROOF.

This session will be about how to go about just that. ALL of these attributes will be satisfied, and I will illustrate how you can literally have a "detection-proof" covert communication. I don't think I've ever said that before, and just writing the words "detection-proof" makes me cringe just a bit. But I've racked my brain on a way to detect what I'll show you and I can't find a way to do it.

That will be the other cool part of this talk - we'll all brainstorm at the end on a way to detect this. I bet you can't. :) To me, this is the epitome of what DEF CON is about, and I hope you'll join me at this talk. Besides, my super-hot wife will be there. Get hammered at Hammer of God!!!

Timothy Mullen is a Principal Security Architect for a worldwide, multibillion-dollar commerce platform, and is rumored to operate somewhere in the vicinity of Seattle, Washington.

Also known as "Thor," he is the founder of the "Hammer of God" security co-op group. He is a member of American Mensa, a Microsoft Certified Trainer, has Microsoft Engineer certifications in all remotely recent operating systems, and has been awarded Microsoft's "Most Valuable Professional" (MVP) award in Windows Enterprise Security four years running.

Mullen has spoken at security conferences world-wide, and has recently published Thor's Microsoft Security Bible, his latest of many books. He has delivered by-invitation presentations to organizations such as Microsoft, the US Federal Court system, the Hong Kong Police and the Geneva School of Engineering. Mullen has also been named a Distinguished Speaker by the NSA and The United States Cyber Command.
hammerofgod.com

return to top

Safes and Containers: Insecurity Design Excellence

Insecure designs in physical security locks, safes, and other products have consequences in terms of security, liability, and even loss of life. Marc Weber Tobias and his colleagues Tobias Bluzmanis and Matthew Fiddler will discuss a number of cases involving design issues that allow locks and safes to be opened in seconds, focusing on consumer-level containers that are specified as secure for storing valuables and weapons, and in-room hotel safes that travelers rely upon.

In one instance, the insecurity of a consumer gun safe that is sold by major retailers in the United States played a part in the death of a three year old child who was able to gain access to a handgun that was locked in a supposedly secure container.

The presenters will demonstrate different product designs that were represented as secure but in fact are not.

Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He is the principal attorney for Investigative Law Offices, P.C. and as part of his practice represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. Marc and his associates also conduct technical fraud investigations and deal with related legal issues. Marc has authored five police textbooks, including Locks, Safes, and Security, which is recognized as a primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two- volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book (LSS+) is also available online.

Marc has written extensively about the security vulnerabilities of products and has appeared in numerous television and radio interviews and news reports as well as magazine articles during the past thirty years. He is a member of several professional organizations including the American Bar Association (ABA, American Society for Industrial Security (ASIS), Associated Locksmiths of America (ALOA), Association of Firearms and Tool mark Examiners (AFTE), American Polygraph Association (APA) and the American Police Polygraph Association (APPA).


Matt Fiddler is a certified and registered locksmith and Security Professional with over 20 years of experience. Mr. Fiddler's research into lock bypass techniques have resulted in many public and private disclosures of critical lock design flaws. Mr. Fiddler began his career as an Intelligence Analyst with the United States Marine Corps. Since joining the commercial sector in 1992, he has spent the last 20 years enhancing his extensive expertise in the areas of Covert Entry Tool Design, Physical Security Consulting, Computer Forensics and Intrusion Analysis.

Tobias Bluzmanis, Born in Caracas, Venezuela, Tobias came to the United States in 1995 and was granted citizenship in 2000. He has been a professional locksmith for the past 20 years. Tobias is an expert in Covert Methods of Entry and has developed many unique forms of bypass, custom tools, including a decoder for Medeco locks, which was the impetus for the book "Open in Thirty Seconds".

return to top

Rapid Blind SQL Injection Exploitation with BBQSQL

Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don't you have to write something custom. This is time-consuming and tedious. This talk will be introducing a new tool called BBQSQL that attempts to address these concerns. This talk will start with a brief discussion of SQL Injection and Blind SQL Injection. It will then segue into a discussion of how BBQSQL can be useful in exploiting these vulnerabilities. This talk will cover how features like evented concurrency and character frequency based searching can greatly improve the performance of a SQL Injection tool. This talk should leave you with enough knowledge to begin using BBQSQL to simplify and speed up your application pentests.

Ben Toews is a Security Consultant at Neohapsis where he specializes in application and network pentesting. Previously, Ben has worked as a sysadmin and as a developer. Ben has spoken at Thotcon 0x03 and has been published in HITB Magazine. Ben has a BS in Information Assurance and Security Engineering from DePaul University.
Twitter: @mastahyeti
http://btoe.ws


Scott Behrens is currently employed as a Security Consultant at Neohapsis and an Adjunct Professor at DePaul University. Before Neohapsis, Scott Behrens was an Open Systems Architect for a financial consulting firm, as well as a Network Administrator at Argonne National Laboratories. Scott Behrens’ expertise lies in software security assessment, network penetration testing, social engineering, security architecture, and security research. Scott is also the co-developer of NeoPI, a framework to aid in the detection of obfuscated malware. Scott has also presented at Chicago B-sides and has published numerous articles in various security outlets. Scott Behrens has an MS in Network Security from DePaul University.
Twitter: @HelloArbit
http://www.scottbehrens.com

return to top

Subterfuge: The Automated Man-in-the-Middle Attack Framework

Walk into Starbucks, plop down a laptop, click start, watch the credentials roll in. Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attacks and make it as simple as point and shoot. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network, and even exploiting machines through race conditions. Now walk into a corporation…

A rapidly-expanding portion of today’s Internet strives to increase personal efficiency by turning tedious or complex processes into a framework which provides instantaneous results. On the contrary, much of the information security community still finds itself performing manual, complicated tasks to administer and protect their computer networks. The purpose of this presentation is to discuss a new Man-In-The-Middle attack tool called Subterfuge. Subterfuge is a simple but devastatingly effective credential-harvesting program, which exploits vulnerabilities in the inherently trusting Address Resolution Protocol. It does this in a way that even a non-technical user would have the ability, at the push of a button, to attack all machines connected to the network. Subterfuge further provides the framework by which users can then leverage a MITM attack to do anything from browser/service exploitation to credential harvesting, thus equipping information and network security professionals and enthusiasts alike with a sleek “push-button” security validation tool.

Matthew M. Toussain developed the Air Force’s introductory Cyber Warfare curriculum at the United States Air Force Academy, promoting information assurance through a ten day, fast-paced, offense focused program. As a senior at the Academy he participates in national and international cyber competitions with the AF Academy’s Cyber Competition Team.
Twitter: @0sm0s1z
Facebook: mtoussain
http://code.google.com/p/subterfuge/


Christopher Shields, Lieutenant in the United States Air Force, was the first-ever Cyber Commander pioneering the United States Air Force Academy's intensive summer curriculum. As an integral four-year member of the Academy's internationally-recognized Cyber Warfare CompetitionTeam, he drove their 2012 Cyber Defense Exercise win, hosted by the NSA, and their second place finish at the 2012 National Collegiate Cyber Defense Competition. A Cyberspace Operations Officer, Lieutenant Shields holds a Computer Science-Cyber Warfare degree. His growing experience and interest includes network penetration testing, network mapping and enumeration, intrusion detection, exploitation and persistence, and security research.

Drinking From the Caffeine Firehose We Know as Shodan

Shodan is commonly known for allowing users to search for banners displayed by a short list of services available over the internet. Shodan can quite easily be used for searching the internet for potentially vulnerable services to exploit, but it's also a powerful defensive posturing tool as well as the first step in aggregating wide scopes of data for mining. Everyone knows routers, switches and servers are connected to the internet - but what else is out there? Has anybody even looked? I suspect people stop after the popular searches and forego what's left. Did you know there are hydrogen fuel cells attached to the internet? Some of my findings were pretty surprising, and these discoveries are an excellent metric for identifying how successful our security campaigns as an industry are. It's a way to measure our success as a whole, by scanning the entire internet.

Viss (Dan Tentler) is currently freelancing as a Security Consultant and parachutes into various clients in southern California. During the last 5 years Dan has carried a wide breadth of clients and engagements, ranging from wireless site surveys and penetration testing, to full blown social engineering campaigns, to lockpicking and threat & vulnerability assessments. Dan has presented at various BarCamps, Toorcon San Diego, ToorCon Seattle, Refresh San Diego and SDSU computer security advanced lecture classes. Come find Dan and ask him about things, he'll talk your ear off.
Twitter: @viss

return to top

The DCWG Debriefing - How the FBI Grabbed a Bot and Saved the Internet

In November of 2011 a multinational force of feds and wizards took down Rove Digital's on-line infrastructure including the DNS Changer name servers. Under contract to the FBI, employees of Internet Systems Consortium (ISC) installed "clean" replacement DNS servers to take care of a half million DNS Changer victims.

On July 9 2012 the last court order expired and we turned these name servers off, having had only mixed success in getting the malware cleaned up. Andrew Fried and Paul Vixie of ISC will present the whole story and talk about some of the hard lessons to be learned.

Dr. Paul Vixie is Chairman and Founder of Internet Systems Consortium. He served as President of MAPS, PAIX and MIBH, as CTO of Abovenet/MFN, and on the board of several for-profit and non-profit companies. He has served on the ARIN Board of Trustees since 2005, where he served as Chairman in 2008 and 2009, and is a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC). Vixie has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. He is considered the primary author and technical architect of BIND 8, and he hired many of the people who wrote BIND 9 and the people now working on BIND 10. He has authored or co-authored a dozen or so RFCs, mostly on DNS and related topics, and of Sendmail: Theory and Practice (Digital Press, 1994). He earned his Ph.D. from Keio University for work related to the Internet Domain Name System (DNS and DNSSEC).

Andrew Fried is a Senior Consultant with Cutter Consortium's Business Technology Strategies and Government & Public Sector practices. His unique skill set has earned him a worldwide reputation; his background includes working as a uniformed police officer, a computer programmer and security analyst, and a Senior Special Agent with the US Department of the Treasury, a post he retired from after a 20-year career. Mr. Fried's extensive knowledge allows him to identify large data sources that are seemingly unrelated and combine them to produce findings that would not be otherwise identified. His passion and tenacity for identifying and stopping Internet criminal activity has earned him the respect of leading industry experts. During his last two years at the US Treasury, Mr. Fried was credited with identifying and mitigating over 3,000 fraudulent online schemes. He currently works as a security researcher for a nonprofit organization involved in identifying organized criminal enterprises responsible for fraudulent schemes, denial-of-service attacks, malware propagation, and large-scale botnets. Mr. Fried's work routinely involves data mining and analysis of data sets that contain hundreds of millions of records.

return to top

The Christopher Columbus Rule and DHS

“Never fail to distinguish what’s new, from what’s new to you.” This rule applies to a lot people when they think about innovation and technology in the government. At the U.S. Department of Homeland Security, in addition to running the National Cybersecurity and Communication Integration Center (NCCIC), the US-CERT and the ICS-CERT, they work daily with companies from across the globe to share critical threat and vulnerability information. DHS also supports and provides funding for a broad range of cutting-edge cybersecurity research initiatives, from the development and implementation of DNSSEC to sponsoring the use of open source technologies and from development of new cyber forensics tools to testing technologies that protect the nation’s industrial control systems and critical infrastructures. This is not your grandfather’s Buick! During this presentation Deputy Under Secretary for Cybersecurity Mark Weatherford will talk about research and training opportunities, the growing number of cybersecurity competitions sponsored by DHS, and how they are always looking to hire a few good men and women.

Mark Weatherford is the Deputy Under Secretary for Cybersecurity for the National Protection and Programs Directorate (NPPD) at the United Stated Department of Homeland Security. Weatherford most recently served as the Vice President and Chief Security Officer of the North American Electric Reliability Corporation (NERC), where he directed the organization’s critical infrastructure and cybersecurity program. He previously served as the Chief Information Security Officer in the State of California’s Office of Information Security, and as Chief Security Officer for the State of Colorado, where he helped establish the state’s first cybersecurity program. Weatherford is a former Naval Cryptologic Officer, where he led the Navy’s Computer Network Defense operations and the Naval Computer Incident Response Team.

return to top

The Art Of The Con

The Art of the Con.

Paul Wilson is the writer and star of "The Real Hustle" and creator of "The Takedown" on Court TV and "Scammed" on The History Channel. He is one of the world's finest magicians and an expert on cons, scams, casino cheating and gambling sleight of hand. He has pulled more confidence tricks than anyone in history in his efforts to inform and protect the public.

This talk will include a live con game, cheating devices and reasons why people will always be vulnerable.

Paul Wilson is a world renowned expert on cheating, an award winning conjuror and magic inventor. He now works in film and television. Paul has worked as an actor, presenter, writer, producer and director. He has created, developed and produced television shows for NBC, CBS, A&E, BBC, Court TV and Tru TV.

He has been studying sleight of hand, cheating and conjuring since he was eight years old. After twelve years as a computer consultant, he became a professional performer and lecturer, using the time to study film before moving into the industry.

He also produced A&E's hit show Mondo Magic , advised Criss Angel for his hit TV show, appeared on "Modern Marvels'" casino technology episodes and is the resident cheating expert on Italian TV's "Arcana" show.

He co-created, produced and starred in Court TV's "The Takedown", a twelve episode series where Paul was challenged to beat Casino security systems. He went on to write and present "The Real Hustle" for the BBC. The show is now a hit in the UK and the fifth season has finished airing. A US version was commissioned by Court TV.

Paul was also the host of VOOM’s “Ultimate Tourist Scams” and has written and presented a one hour special for BBC ONE where he performed the impossible for members of the public.

He currently works as a professional consultant, producer and director. He occasionally performs his one-man show "Lie. Cheat. Steal." for the public and corporate clients and is a regular talk-show guest in the UK.
Twitter: @rpaulwilson

return to top

Improving Web Vulnerability Scanning

A new approach for web vulnerability scanning that outbids most existing scanners.

Dan Zulla contributed to various open source vulnerability scanning projects and to the security of most international web hosting and virtualization companies. He did vulnerability scanner development, penetration testing and performance optimization in scaling environments for many years. Last year he built his first security research company and sold it in less than 8 months to a larger competitor at the age of 18.
Twitter: @zulladan
www.zulla.org

return to top

Speaker Index


A

Alex Abdo
Gen. Keith B. Alexander
Chema Alonso
Anarchy Angel
Anch (1, 2)
Chris Anderson
Brad Antoniewicz
James Arlen
atlas

B

Adam "EvilPacket" Baldwin
James Bamford
Kevin Bankston
Michael Baucom
Rod Beckstrom
Scott Behrens
Colin Beighley
William Binney
Bitweasil
Blakdayz
Matt Blaze (1, 2)
Tobias Bluzmanis
William Borskey
Rodrigo Rubira Branco
Joshua Brashars
Sergey Bratus (1, 2)
Jonathan Brossard
Dave Brown
Francis Brown
Jeff Bryner
Elie Bursztein
Linda C. Butler

C

Thomas Cannon
Mr. Leon Carroll
Alan "Avenir" Chung
Jim Christy (1, 2)
cifo
Sandy Clark
Jonathan Claudius
Gabriella Coleman
Chris Conley
Greg Conti
Michael Copplola
Joshua Corman
Ang Cui
Cutaway
Zachary Cutlip
Catherine Crump

D

Christian "quaddi" Dameff
Darkred
The Dark Tangent
Dead Addict
Robert Deaton
Dave DeSimone
Jerry Dixon
Cory Doctorow
dotAero
Nadeem Douba
Matthew Duggan
Tom "Tdweng" Dwenger

E

Peter Eckersley
Egypt
Richard J. Enbody
esden
Amir "Zenofex" Etemadieh

F

Hanni Fakhoury
Nick Farr
Zack Fasel
Karl Feinauer
Matt Fiddler
John Floren
Andy Fried (1, 2)
FX

G

Svetlana Gaivoronski
Nick Galbreath
Martin Gallo
Eva Galperin
Dennis Gamayunov
Andrew Gavin
Kenneth Geers
Robert David Graham
Joe Grand
Jennifer Granick (1, 2)
Greg
Dan Griffin

H

Mercedes Haefer
Peter Hannay
Woody Hartzog
Shawn Henry
CJ Heres
Chris Hoff
Dustin Hoffman
Marcia Hofmann (1, 2, 3)
Ryan Holeman

I

Jon Iadonisi
Alberto García Illera


J

Jameel Jaffer
Robert E. Joyce

K

Corey Kallenberg
Dan Kaminsky (1, 2)
Dave Kennedy
Andrew King
James Kirk
Toby Kohlenberg
Xeno Kovah
Mischel Kwon

L

Anthony "Darkfloyd" Lai
Eddie Lee
Jay Leiderman
Gideon Lenkey
Katy Levinson
Andrea (Drea) London
LosT
Amber Lyon

M

Tim Maletic
David Maloney
Manu "The Sur"
Dave Marcus
Rich Marshall
David Maynor
Moxie Marlinspike
David McCallum
Wesley McGrew
Charlie Miller
Alexander Minozhenko
misterj
Tony "MT" Miu
Rich Mogull
David Mortman
Raphael Mudge

N

Fergus Noble
Jason A. Novak

O

James Oakley
Gráinne O’Neil
Omega
Kurt Opsahl
Jason Ostrom

P

Bob Pan
Nicholas J. Percoco
Michael Perklin
Tom Perrine
Larry Pesce
Dan "AltF4" Petro
Christopher Pogue
Phil Polstra
Robert Portvliet
Kevin Poulsen
Priest

R

Rob Ragan
Renderman
Jim Rennie
Ryan Reynolds
Semon Rezchikov
Riley Repko
Jeff "stoker" Robble
Michael Robinson
Carlos Alberto Rodriguez
Dan Rosenberg

S

Marcus Sachs
Patrick Samy
Bruce Schneier
Sean Schulte
Jason Scott
Rebecca "bx" Shapiro
Lisa Shay
Christopher Shields
Mickey Shkatov
Charles Smith
Christopher Soghoian
Ashkan Soltani
Aditya K. Sood
Jayson E. Street
Chris "TheSuggmeister" Sumner

T

Chris Tarnovsky
Chris Taylor
Gail Thackeray
Richard Thieme
Josh "m0nk" Thomas
Thor
Trevor Timm
Marc Weber Tobias
Ben Toews
Matthew M. Toussain
Jeff "r3plicant" Tully

V

Sergio Valderrama
Viss
Paul Vixie

W

Randall Wald
Mark Weatherford (1, 2)
Dr. Linton Wells
Paul Wilson
Ben Wizner
Kelvin "Captain" Wong
Justin Wykes

Z

Zoz
Dan Zulla

Panels and Special Interest

DCG/Hackspace Panel
ACLU Panel
DEF CON 101
Meet the EFF
Meet the Fed Panel (1, 2,)
DC RECOGNIZE Awards
Panel: Making DEF CON 20
Movie Night: Code 2600
Movie Night: Reboot
Movie Night: 21
Q&A With the Men (and Women) in Black

Thursday Speakers/ DC 101

DEF CON 101
AlxRogan
DaKahuna
Flipper
Hackajar
Lockheed
LoST
Ripshy
Roamer
Siviak
Terence "tuna" Gareau
Dr. Tran