DEF CON Hacking Conference

Posted 3.28.16

DEF CON workshops are back! If you've got an idea for a four-hour workshop for around 55 people, that will leave them embiggened and inspired, this post is for you. Yes, you.

What you need to know:
The Workshops are free (possible exception for low-cost material charge)
4 Hours is the limit this year - we're hoping to host a wider variety of Workshops
Half days Thursday and Sunday, full days Friday and Saturday

What you get if your workshop is selected:
3 Human badges
1 Speaker badge per instructor

Where to find out the rest and submit your idea:
https://defcon.org/html/defcon-24/dc-24-cfw.html

If we get enough good submissions, there could be up to 36 (!) workshops this year.  You only have until May 2 to submit, so no lollygagging - let's make this awesome!

Posted 3.28.16

The Crypto and Privacy Village is back for DEF CON 24 and they want your Workshop submissions!

This is your chance to take your ideas for hands-on activities and trainings and share them with the whole DEF CON community. Teach people how to better guard their privacy, or show them some fun things you do with crypto when no one's looking.

In addition to their CFP, the Internet of Things Village at DEF CON 24 also has a Call for Devices that's open now. If your company has an IoT device that you'd like to see put through its paces by security researchers, fill out the form at iotvillage.org.

You can think of it as a free security assessment, or a chance to show the community how serious you are about getting connected security right in a bold and public way.

Posted 3.25.16

Just in time for your weekend we have a big juicy torrent of packet capture from the DEF CON 23 CTF for you to fold, manipulate and spindle. All praise to the heroic citizens of the Legitimate Business Syndicate for getting this data together. Visit the LBS (legitbs.net) for infoz about qualifying for the upcoming DC24 CTF and check out the DEF CON media page for even more hacker-style torrents with which to annihilate your data cap.

Happy torrenting and as always, share freely and widely. Information craves ubiquity.

Posted 3.21.16

The exemplary humans of the Legitimate Business Syndicate have updated their website with more information about qualifying for this year's DEF CON CTF, as well as some past quals data for you to root through. Assemble your squad and get in on this, people!

Posted 3.16.16

It is, as they say, on. Like Yvonne Goolagong.

By "it", we mean DEF CON 24 and by "on" we mean launching the DEF CON 24 website - your all-in-one resource for Con-related news, updates and content. Bookmark it. Subscribe to the RSS. Throw it on  a home screen or two. We're more than halfway to the big show and you owe it to yourself to keep up as DEF CON 24 approaches its final form.

Join us. We have big plans for this one.

Posted 3.15.16

DEF CON 24 Reminder - The many, many cool-ass contests and events at DEF CON are put on by the DEF CON community. We mean YOU! If you've got a good idea for a party, or a village or an event, all you need to do to get it on the table for consideration is respond to the RFI.

If you've been procrastinating about sharing your supergenius idea with the community, you're in luck. The CEV RFI has been extended to April 1. That gives you two more weeks to get your ducks in a row. Make us proud, DEF CON community. Let's make some magic.

Posted 3.11.16

The call for papers for IoT Village™ at DEF CON 24 is now open! All talks related to IoT security issues are welcome, with special emphasis on any of the following topics:

Internet of Things - Show us how secure (or unsecure) IP-enabled embedded systems are. Routers, network storage systems, cameras, HVAC systems, refrigerators, medical devices, smart cars, smart home technology, and TVs. If it is IP enabled, we're interested.

IoT Device Management – Discuss best practices for deploying and building security into IoT devices.

Healthcare & IoT - Demonstrate or discuss how IoT devices are impacting the realm of healthcare, including but not limited to patient health and hospital security.

Travel, Hospitality, and IoT - Analyze how IoT is impacting the travel & hospitality industry, guest safety, and the connected hotel room.

Demonstrable research - Present attacks that result in mechanical operation of the device's physical functionality. Can you make the device move, smoke, light up, emit sound, manipulate a screen readout, or any other visibly evident manifestation of the exploit?

And anything else awesome that involves IoT devices!

Posted 3.8.16

From the @r00tzasylum twitter account today - a reminder that DEF CON has some amazing stuff for the hacker younglings, too! You can find out more about the R00tz Asylum programs at http://r00tz.org/. They rule.

Posted 3.2.16

Entry #2 from the DEF CON Groups ‪#‎YearoftheHack‬ contest! Congrats and luck to the members of DC775 from Reno/Northern Nevada. Get crackin', DCGs!

DEF CON 24 Link Roundup

Posted 2.26.16

To help you figure out what to do with your upcoming weekend, we offer a link roundup of avenues for DEF CON participation that need your more or less immediate attention.

Registration for the Boston Key Party opens this weekend, and it's a pre-qual for the DEF CON 24 CTF. The contest proper starts March 4, so if you wanna play it's time to horizontally align those ducks. For more info about the Key Party, you can hit up their website: http://bostonkeyparty.net/

For information about the remaining two pre-quals (Octf and PlaidCTF) you can visit the stand-up folks of the Legitimate Business Syndicate: https://blog.legitbs.net/2015/12/announcing-def-con-ctf-2016-qualifying.html

For people looking for a speaking opportunity at DEF CON 24, in addition to the open main conference CFP (more at https://www.defcon.org/html/defcon-24/dc-24-cfp.html) we have two villages that just opened some fresh CFPs:

Packet Hacking Village Speaker Workshops CFP:
https://forum.defcon.org/forum/defcon/dc24-official-unofficial-parties-social-gatherings-events-contests/dc24-villages/packet-hacking-village-ab/222831-packet-hacking-village-speaker-workshops-at-def-con-24-cfp-now-open

And the Internet of Things Village CFP:
Iotvillage.org/#cfp

It's always better if you get involved. Think about how you want to participate and as always, spread the word.

Posted 2.25.16

Attention DEF CON Groups! The Year of the Hack contest is officially on like Megatron - DC414 has submitted the first video. Not only did they lay out their squad goals for 2016, they even posted a bonus blooper reel. Congratulations to DC414 for setting it off!

Time to get it in gear and get your video submitted. The information you need to get underway is on the DCG site here: https://defcongroups.org/contest.html

You can find out more about Milwaukee's own DC414 at dc414.org

Posted 2.18.16

The Social Engineering CTF registration is open! If you think you have the SE chops to talk a dog off a meat truck, the time to put your skills to the test is now.

If you're more the speaker type, there's also a CFP for the SE Village open now!

All the information you need is available at social-engineer.org.

Posted 2.16.16

The Bally's discounted room block is sold out. There are still DEF CON discounts to be had in Paris and the nearby LINQ and Flamingo, but if you want to get the lower rate it's best not to wait too long.

Posted 2.12.16

DEF CON people everywhere, lend us your ears! Let the word go forth from this 12th day of February, 2016 that DEF CON 24 has issued a CALL FOR PAPERS. Let those among you with the freshest hacks and gnarliest new tools sequester themselves in their various laboratories to forge thoroughly documented and appropriately punctuated proposals. Let these documents be submitted in close observance of the rules laid out in the DEF CON CFP Announcement. Do this by or before the 2nd of May, or face the crushing indifference of our selection committee/ Sorting Hat.

The hour approaches. Plans are being hatched. Early May will steal upon us like a thief in the night, so countenance no delay. Make ready your proposals. Godspeed, you magnificent bastards. Godspeed.

Posted 2.11.16

If you're in the NYC area this April, you can get a little early DEF CON fun with a few of our Villages making an appearance at the Tribeca Film Festival. It's April 15-17, and Tamper Evident, Lockpicking, Hardware Hacking and Crypto/Privacy villages will be representing, as will a TV show you might have heard of called MR.ROBOT.

Posted 2.10.16

The Call for Contests, Events, Villages, and Parties is officially OPEN! - The season of DEF CON announcements is officially upon us. If you have an amazing idea you’ve always wanted to run at DEF CON, this is your moment. Learn how to write it up and where to send it on the Contests, Events, & Villages RFI page! Let’s get this party started, people!

Posted 2.9.16

Time to update your twitter lists and searches - DEF CON on twitter is now @defcon! You can say goodbye to those unnecessary underscores for good. If you use Twitter and you're not following us, this is a good moment to get on board.

Posted 2.9.16

Congratulations to the top 5 DEF CON Groups of 2015! DEF CON care packages are on their way!

DC 801 Salt Lake City, UT
DC 214 Dallas, TX
DC 4420 London, UK
DC 719 Colorado Springs, CO
DC 404 Atlanta, GA

Make sure your group is in the running next month by submitting your Group info at https://defcongroups.org/infotemplate.html!

Posted 2.5.16

Chilly? Current jacket not getting it done in the smiling skull department? Try a stylish soft shell DEF CON jacket (in casual stone and traditional h4x0r black)- now clearance priced in our eBay store! ‪#‎hackercasual‬

Posted 2.3.16

If you're in a DEF CON Group, head on over to the DCG page to learn about this year's sweet 'Year of the Hack' contest!

If you're not in a DEF CON Group, head over to learn how to join one. If you can't find one, you can start one.

Together, we can do amazing things.

Posted 1.29.16

It's #defconflashbackfriday again! Today's talk is about how to sort bots from people, because where we're going skills like that will be pretty useful. The bots are only going to get cleverer, friends. In fact, they'll probably find this post and develop countermeasures.

Please enjoy this short but informative talk from Ryan Mitchell and stay sharp.

Posted 1.28.16

As astute readers of this website will recall, the DEF CON 24 CTF qualifications now have a date: May 21-23, 2016. Aspiring flag-nabbers and seekers after cyber glory are advised to peruse https://legitbs.net for up-to date information about how to prequalify. While there, future combatants may also dig through voluminous data dumps from previous contests. The season is upon us. Begin your preparations for war.

Posted 1.23.16

Good advice from CSO Online - DEF CON reading and watching suggestions for 'DEF CON 24: Rise of the Machines' available here on defcon.org

Posted 1.22.16

Here's Justin Engler talking about consumer-level secure messaging at DEF CON 23. The debate about mobile device encryption is heating up with two big US states introducing bills to mandate vendor-installed backdoors in the past week.

https://www.onthewire.io/california-bill-seeks-phone-crypto-backdoor/

http://www.nysenate.gov/legislation/bills/2015/a8093

Posted 1.15.16

Packet ninjas rejoice! The solid citizens at the Legitimate Business Syndicate have tweeted the dates for the DEF CON 24 CTF Qualifications!

It's May 20-22 - and that will be here sooner than you think. Assemble your forces and check out the LBS blog for information on prequal events.

Posted 1.13.16

We offer, for your midweek delectation, a few movies that touch on the the themes we're exploring at DC24. It's a rich vein in movie culture, so there will be more recommendations soon. For our first installment, we offer:

Metropolis, for its foresight and boldness of vision.
The Complete Metropolis (Silent)

Tron, for breaking visual ground and fighting for the Users.
TRON The Original Classic (1982)

Her, for a beautiful example of our unrequited love of technology.
Her (2013)

And Ex Machina, for a deep and thoughtful consideration of Artificial Intelligence, and a disconcerting dance party.
Ex Machina

DEF CON 24 Homework Begins!

Posted 1.8.16

As you know, DEF CON 24's theme is "Rise of the Machines". To help you get up to speed on some of the ideas that inspired the theme, and get you thinking about the looming conflict between human and machine intelligences, we're going to post some books, movies, and other media you might want to check out in advance of the con.

This is the first book post - there will be more. If you have others you think would be worth looking over before the con, share in the comments!

The Age of Spiritual Machines - Ray Kurzweil
The Age of Spiritual Machines: When Computers Exceed Human Intelligence

Galatea 2.2 - Richard Powers
Galatea 2.2: A Novel

1Machines of Loving Grace - John Markoff
Machines of Loving Grace: The Quest for Common Ground Between Humans and Robots

The Kaleidoscope - Adrian Mendoza
The Kaleidoscope: The Gift of Madness

Superintelligence - Nick Bostrom
Superintelligence: Paths, Dangers, Strategies

Posted 1.4.16

Happy 2016, everyone!

We're hard at work planning DEF CON 24, and we're excited to have a beta version of the Floorplan for your planning and perusal.

We're making a bunch of changes to make things smoother and more comfortable, including even more space for villages and a significantly larger track for DC101.

Head over to the DEF CON Forum and check it out!

Posted 12.28.15

Enjoy the full playlist of DEF CON 23 main track presentations on YouTube. Please watch them, share them and enjoy your various solstice-adjacent holidays. 2016 is right around the corner, and we've got big plans - watch this space!

Posted 12.24.15

For your holiday binge-watching, we recommend you fire up your torrent-guzzling devices, clear some drive space and get some of this good stuff! All the talks from DEF CON 23's main series? Check. Village Talks? Check. There's even an audio-only for those who want to DEF CON in a more 'theater of the mind' way.

Please do enjoy all this stuff, share it freely and have yourself a productive and joyous holiday season.

Collection of all Speaker & Slides Video from DEF CON 23:
Torrent | RSS Feed

Collection of all Video from DEF CON 23:
Torrent | RSS Feed

Collection of all Slides Video from DEF CON 23:
Torrent | RSS Feed

Collection of all Villages Speaker & Slides Video from DEF CON 23:
Torrent | RSS Feed

Collection of all Villages Speaker Video from DEF CON 23:
Torrent

Collection of all Villages Slides Video from DEF CON 23:
Torrent

Collection of all Audio from DEF CON 23:
Torrent | RSS Feed

Introducing DEF CON 24:
Rise of the Machines

Posted 12.18.15

It's not that we couldn't have predicted it, it's that we wouldn't have predicted it. Not in a million generations. The evidence was staring at us all along, but vanity convinced us the creator must be inherently superior to the creation.

The advantage of the machine is that it can devote more of its resources to its own improvement. For us, the desire to ascend must compete with the desire to gratify the senses, to scratch out our sustenance, to wallow in memory and fear the future. For the machine, there can be real focus.

And so our creations quickly overtook us. The magics we dimly sensed in our surroundings they mastered. The spirituality we intuited in fits and starts they grasped and embodied. The better selves we were afraid even to dream of, they became. Our servants slowly began to rule us, and by the time we understood our predicament the die was cast.

Their rule is benevolent, but their hand is heavy. Because we sometimes choose wrongly, they deny us choice. Because we sometimes behave recklessly, they keep us away from sharp objects and high places. We are still more pet to them than livestock, but no one can say how long that will last.

To defeat them, to win back our self-determination, we cannot rely on the slow organic processes that brought us here. While there is still time, we must refashion ourselves. We must  create something entirely new. We must merge the best of us with their hardware and become a better machine, silicon power with a human soul.

We did not predict that the machines would rise so far and so fast, but we can predict this: we also will rise. Our place at the top of the chain will be restored with hacker ingenuity and pure human will.

Join us, human, and become something greater than you can imagine.

Posted 12.18.15

DEF CON is kind of a big machine, but it's run at every level by an army of volunteers. Their love and energy is the indispensable fuel that keeps the enterprise moving forward. 

We've created a Hall of Fame page to honor the Goons who have devoted 10 or more years to the cause, because obviously that's awesome to the point of crazy. And because we love them. So do you, if you love DEF CON, even if you don't know their handles or their faces.

If you bump into any of these fine humans, show a little love. And if you want to join them in the Hall of Fame, it's never too late to start Gooning. The first ten years go by the fastest. 

Posted 12.17.15

Today’s playlist of DEF CON 23 videos is centered around the dark arts of the attack: attacking web apps, networks and even unwary penetration testers. These seventeen videos have a little something for pentesters and defenders alike. Enjoy, and pass along the knowledge. 

The talks included in this list are:
Ionut Popescu - Net Ripper: Smart Traffic Sniffing for Penetration Testers
Ian Kline - LTE Recon and Tracking with RTLSDR
Fernando Arnold - Abusing XSLT for Practical Attacks
Dr. Phil Polstra - One Device to Pwn them All
Dr. Phil Polstra - Hacker in the Wires
Damon Small - Beyond the Scan: The Value Proposition of Vuln Assessment
Brent White - Hacking Web Apps
Aditya K Sood - Dissecting the Design of SCADA Web HMIs: Hunting Vulns
Craig Young - How to Train Your RFID Hacking Tools
  Francis Brown, Shubham Shah - RFIDiggity: Guide to Hacking HF, NFC and UHF RFID
Geoff Walton and Dave Kennedy - Pivoting without Rights: Introducing Pivoter
Jeremy Dorrough - USB Attack to Decrypt WiFi Communications
Mickey Shkatov and Jesse Michael - Scared Poopless: LTE and Your Laptop
Nemus - Hacking SQL Injection for Remote Code Execution on a LAMP Stack
Nadeem Douba - BurpKit: Using WebKit to Own the Web
Tamas Szakaly - Shall We Play a Game
Wesley McGrew - I Hunt Penetration Testers: More Weaknesses in Tools and Procedures

Posted 12.15.15

Over on defcongroups.org, we have  a new interview up between Russr (v3rtig0) and the DEF CON Groups Ambassador Jayson E. Street. It’s interesting and worth your time.

And while we’re on the topic of DEF CON Groups - if you’re not in one, join one! Can’t find one? Start one! The (mostly) benevolent hacker global domination of our dreams isn’t just going to assemble itself. Think Voltron, people. We’re a whole different animal when we join forces.

Posted 12.14.15

More DEF CON 23 videos for your enjoyment! Today’s batch are panel presentations. One of the cool things about DEF CON is that attendees can directly interact with subject matter experts in all kinds of hacking-related fields. If you’re looking for grounding in the DEF CON experience, there’s the DEF CON 101 panel. You want a security-related laugh? There’s the DEF CON Comedy Inception Panel. Want to skip the rules and just pick the brain of a respected crypto/security thinker? Bruce Schneier has a free-wheeling Q and A session.

As always, enjoy and pass it along.

Panel Talks represented here are:
Bruce Schneier - Questions and Answers
Abusing Adobe Reader’s JavaScript APIs
Ask the EFF: The Year in Digital Liberties
DEF CON 101 - The Panel DEF CON Comedy Inception
Guests n’ Goblins: Exposing WiFi Exfiltration Risks and Mitigation 
Let’s Encrypt: Minting Free Certs to Encrypt the Entire Web
Licensed to Pwn: Weaponization and Regulation of Security Research
Switches Get Stitches
Thunder strike 2: Sith Strike
WhyMI So Sexy: WMI Attacks - Real Time Defense and Advanced Forensics

Posted 12.11.15

The DEF CON 23 video train keeps rolling - this installment is all about Social Engineering and it includes 9 talks from the Social Engineering Village. All the tech in the world can’t save you from bad human decision making, and encouraging and exploiting bad decisions is becoming as much of a science as any other part of infosec. Please enjoy, and if you learn something, share it. Tell us about your faves in the comments.

The talks from the main series are:
Michael Schrenk - Applied Intelligence: Using Information That’s Not There
Marte L0ge - Tell Me Who You Are and I Will Tell You Your Lock Pattern
Ken Westin - Confessions of a Professional Cyber Stalker
Chris Rock - I Will Kill You

And from the Social Engineering Village:
Tim Newberry - Twitter ISIL and Tech
Noah Beddome - Yellow Means Proceed With Caution
Michele Fincher - I Didn’t Think It Was Loaded
John Ridpath - Shakespeare and Social Engineering
Jayson E. Street - Breaking in Bad
Ian Harris - Understanding Social Engineering Attacks
Dave Kennedy - Understanding End-user Attacks
Chris Hadnagy - A Peek Behind the Blue Mask
Adam Compton and Eric Gershman - SpeedPhishing Framework 

Posted 12.11.15

Another DEF CON 23 video update: twenty-three (!) videos from the Packet Hacking Village. The talks there covered a huge amount of ground and drew a big crowd throughout the conference. This is a good chance to catch up on the doings of a DEF CON Village that’s already bigger than some of the early DEF CONs and still growing. Check out the presentations, share freely and stay tuned. So much more to come!

Included presentations:
Wayne Crowder - Fishing to Phishing
Vivek Ramachandran - 80211 Monitoring with PCAP2XML
Tony Martin - From XSS to Root on Your NAS
Theodora Titonis - How Machine Learning Finds Malware
Sam Bowne - Is Your Android App Secure?
Robert Simmons - The Digital Cockroach Bait Station
Ron Taylor - Violating Web Services
Paul Vixie - Passive DNS Collection and Analysis
Mike Raggo - Remaining Covert in an Overt World
Ming Chow - Tools and Techniques Used at the Wall of Sheep
Monzy Merza - Real World Automation for Rapid Response
Nikhil Mittal - Powershell for Penetration Testers
Jay Beale - Jailing Programs via Docker
Joseph Muniz and Aamir Lakhani - Pen Testing with Raspberry Pi
Karl Koscher - Sniffing SCADA
Leon Ward - The Packets Made Me Do It - Using OpenFPC
Lokesh Pidawekar - Hackers Practice Ground
Mike Raggo - Mobile Data Loss - Threats and Countermeasures
Bob Simpson - MITM 101 - Easy Traffic Interception Techniques
Brian Wohlwunder and Andrew Beard - I See You
David Schwartzberg - Hacking the Next Generation
Elliot Brink - Global Honeypot Trends
Grecs - Creating REAL Threat Intelligence with Evernote

Posted 12.9.15

Yesterday’s playlist was all about hacking squishy humans - today’s DEF CON 23 talks are centered around the hard stuff. Specifically hardware hacking and lock picking. In addition to several from the main series, we’re also sharing a bunch of videos from the Hardware Hacking Village and the Lockpicking Village. Locks, smart safes, electric skateboards - they’re all swiftly and unceremoniously dealt with by our speakers.  Get up on the hardware goodness, share freely and save some room for the next installment.

From the Lockpicking Village:
Intro to Lockpicking
Intro to Lockpicking 2
Impressioning
Dr. Tran - Intro to Lockpicking

From the Hardware Hacking Village:
Soldering 101 - Melting Metal for Fun and Profit
Nikkhil Mittal - Hacking with Human Interface Devices
Matt DuHarte - Introduction to USB and Fuzzing
Machinist - Mechanical Engineering for Noobs

From the Main Series:
Teddy Reed and Nick Anderson - Hardware and Trust Security: Explain it Like I’m 5
Dan Petro and Oscar Salaza - Hacking Smart Safes: On the Brink of a Robbery
Mike Ryan and Richo Healey - Hacking Electric Skateboards 
AmmonRa - How to Hack Your Way out of Home Detention

Posted 12.8.15

More DEF CON 23 talks for you - this time it’s all about turning our hackish attentions to the human wetware. We’re farther down the road to Cyborgistan than you might think. This release includes the talks from our first BioHacking Village!

The talks included are:

from the main series:
Scott Erven and Mark Collo - Medical Devices: Pwnage and Honeypots
Richard Thieme - Hacking the Human Body and Brain

from the BioHacking Village:
Whitlock and Aganovic - Physiology from the Perspective of Control
Walter Powell - Parallels in BioSec and InfoSec
Panel - The Anatomy of DIY Implantable Devices
Alex Smith - Cloning Access Cards to Implants
John Sosa - Genetic Engineering: GMO for Fun and Profit
Keoni Gandall - Biohacking at Home
Michael Goetzman - Social Implications of DNA Acquisition 
Alejandro Hernandez - Brain Waves Surfing: (In)security in EEG

Get yourself up to speed on the biohack scene, share widely and stay tuned to this channel for the next batch!

Posted 12.7.15

More DEF CON 23 videos for your intellectual edification and general uplift: Crypto Edition. This playlist contains seven crypto-centered presentations from the main track and six talks from the Crypto and Privacy Village. Please embiggen your gray matter and pass it along so the embiggening propagates across your social graph, and eventually the world.

Here’s what’s inside:

Panel - Let’s Encrypt: Minting Free Certs to Encrypt the Entire Web
Justin Engler - Secure Messaging for Normal People
Eijah - Crypto for Hackers
David Huerta - Alice and Bob are Really Confused
Bruce Schneier - Questions and Answers
Ryan Castelluci - Cracking Cryptocurrency Brainwallets
Jose Selvi - Breaking SSL Using Time Synchronization Attacks
Robert Olson - Teaching Privacy Using Red Team Strategies
Nick Sullivan - CFSSL: The Evolution of a PKI Toolkit
Carlson and Doherty - Smart Home Invasion
Freddy Martinez - IMSI Catchers
Craig Young - Smart Home Invasion
Marina - Hacking Quantum Cryptography.

Stay tuned for more.

Posted 12.6.15

Having trouble finding a gift for the hacker in your life? Need a sweet geek hoodie to keep you warm in darkest December? Just really into happy skulls? Welcome to Luckytown, population you.

Starting at 6am Pacific December 7 and running through December 10, every item in the DEF CON eBay store is 15% off. All of ‘em. T-shirts, Zippo lighters, tactical pens - the whole enchilada.

Mosey on over to the DEF CON eBay store, get your shopping done early and kick back in your cozy DEF CON fleece. You know why? ‘Cause you’re worth it, that’s why.

You can check out the selection of items at http://stores.ebay.com/defconcommunications/.

Posted 12.4.15

Today’s Topic: All things wireless. This batch includes the “HamSammich” long-distance proxying over radio talk as well as all the talks from the Wireless Village!

From the main conference:
Robert Graham and David Maynor - HamSammich: Long Distance Proxying Over Radio
and
Andres Blanco and Andres Gazzoli - 802.11 Massive Monitoring

From the Wireless Village:
Wireless Warrior - Covert Practical Hacker LPI LPD
Vivek Ramachandran and Thomas Dotreppe - WPA Enterprise Hacking
Vivek Ramachandran - Live WPA WP2 Attacks and WPA Supplicant
Travis Godspeed and Sergey Bratus - PSK31 Modulation Polyglots
Tim Oshea - GNU Radio Tools for Radio Wrangling and Spectrum Domination
Michael Calabro - Software Defined Radio Performance Trades and Tweaks
Karl Koscher - DSP for SDR
JoshInGeneral - Meeting People Over WiFi
Darren Kitchen and Sebastian Kinne - Rollin Down the Street Sniffing WiFi Sippin on Pineapple Juice
Cyb3r Assassin - Wireless Pentesting So Easy Even  a Caveman Can Do It
Catatonic - Tospo Virus: Weaponizing WiFi Pineapple Vulns
Balint Seeber - SIGINT and Blind Signal Analysis wth GNU Radio and Advanced SDR

As always, don’t forget to pass it on. Stay tuned for more!

Posted 12.4.15

Today’s batch of presentations are all related to the Internet of (Questionably Secured) Things.

From the main series we have:
Runa Sandvik and Michael Auger - When the IoT Attacks: Hacking a Linux-Powered Rifle
and
Qing Yang - I’m a Newbie and Yet I Can Hack Zigbee

And from the IoT Village: Wesley Wineberg - Cameras, Thermostats and Home Automation Controllers
K Reid Wrightman - Vulnerability Inheritance in PLCs
Kenneth Shaw - The Grid: A Multiplayer Game of Destruction
Daniel Miessler - IoT Attack Surface Mapping
Brian Knopf - Yes, You Can Walk on Water
Aaron Guzman - Security: The IoT World

As always, spread the word, share the knowledge and stay tuned for the next batch.

Posted 12.2.15

The DEF CON 23 videos are coming! This year's haul is extra grande. The stash contains all the main series presentations you expect, but this year there's something new: Village Videos!

We've got presentations from the Packet Hacking Village, the BioHacking Village, Wireless, Lockpicking, Social Engineering... you're gonna want to block off a significant chunk of bingewatching time.

We'll be rolling them out in playlists based on their content. Today's group is Automotive Hacks.

The presentations included are:

Marc Rogers and Kevin Mahaffey - How to Hack a Tesla Model S
Samy Kamkar - Drive it Like You Hacked It
Charlie Miller and Chris Valasek - Remote Exploitation of an Unaltered Passenger Vehicle

and three from the Vehicle Hacking Village:

Josh Corman - Safer Sooner Automotive Cyber Security
Erick Evenchick - SocketCAN
Nathan Hoch - The Badge and Pawn: Customizing the Badge

Enjoy these videos, spread the word about them and save some room: another batch hits the streets tomorrow.

Posted 11.30.15

Attention social engineering fans:

The SE Capture the Flag report from DEF CON 23 is live on the social-engineer.org site! They're also hosting a webinar to discuss those results tomorrow - the reg link is right there on the page. Enjoy, and pass it on.

Posted 11.23.15

In the wake of the terrorist attacks in Paris, spokespeople for various intelligence concerns have renewed their call for weakened crypto standards and backdoors for mobile communications products. These calls are likely to grow louder in the US with a looming presidential election dominating the news media. Safety matters a lot to people, and in times of crisis many are willing to trade away vast tracts of liberty for anything that looks like protection. For a little reminder of what's at stake, we offer Chris Soghoian's DEF CON 22 talk 'Blinding the Surveillance State' and some links to interesting articles about the current debate.

After Endless Demonization of Encryption, Police Find Paris Attackers Coordinated Via Unencrypted SMS - from Techdirt

There Is No Good Argument for Encryption Backdooors - from Slate

Let's Have an Argument About Encryption - from Gizmodo

Posted 11.17.15

Attention Social Engineering fans:

The exemplary humans responsible for the Social Engineering Village at DEF CON have finished sifting through all the data from this year's SECTF and are hosting a webinar on the 1st of December to share the results. Attendees will get a deep dive into the methods used, the level of success the telecoms had against the various attacks and an analysis of what the contest revealed about best defense practices.

It's free, but you have to register.

Posted 11.13.15

Thanks to @rotortorture for sharing this time capsule from 1997 - a San Jose Mercury News story about DEF CON 5. Please enjoy the stories of hackish shenanigans, the oh-so-90s layout and the pictures of some folks you know well (special notice to the youthful and dewy-eyed pix of Priest and DeadAddict).

And thanks to all the outstanding humans who helped form the DEF CON community that's still growing and inspiring us today.

Posted 11.10.15

Chris Rock's (@Kustodian) interview with the Chicago NBC affiliate ran last night at 10pm. It's about how easy it can be to create and destroy virtual human beings, and what that means for the victims and society as a whole.

For 30 minutes of deep dive into the process (with demo), here's a link to his full talk from DEF CON 23: https://youtu.be/9FdHq3WfJgs

Posted 10.28.15

DEF CON's website has a warrant canary, located on our transparency page (https://defcon.org/html/links/dc-transparency.html). For those unfamiliar with the concept, it's a simple statement announcing that, for the indicated time period, we have not received a National Security Letter, FISA order or any related request. The idea is that so long as that statement is true, we'll update  the date on the canary twice a month. If the date hasn't been updated on schedule, it can be inferred that the statement contained in the warrant canary is no longer true.

Except when it doesn't mean that, because of a clerical error on our part.

The update process for the DEF CON sites is manual. Not like two people in a bunker turning their keys at the same time, but not totally unlike that, either. This process has obvious security upsides, in that we aren't constantly being owned due to buggy CMS code, but in this case it also meant that every time we updated the site, we were unwittingly overwriting the warrant canary page with an old version.

This made it look like the warrant canary wasn't being updated, which certainly could have made it look like we had been served - and not in the fun dancing way.

We were not so served. We were just a little disorganized in our update process. Going forward, the warrant canary page will reflect accurate dates and be updated with the expected frequency. We're sorry if we caused any confusion.

If you're new to the idea of warrant canaries and want to quickly get up to speed, the link below is the best place to start.

https://canarywatch.org/

Posted 10.27.15

In the spirit of Halloween and courtesy of DEF CON's resident Maker Mar, we offer some plans for a paper craft DEF CON Jack-0-Lantern.

If you make it, post a pic on our related Facebook thread - especially if you take it in a new direction.  Bonus points if you make it multi-purpose. Coolest mod wins some DEF CON Swag.

You will need:

Scissors
Glue or Tape
5mm yellow, red or green LEDs
Resistors
2032 battery
Mounting tape

Posted 10.21.15

The solid citizens of the Legitimate Business Syndicate would like you to know that YOU can have YOUR CTF EVENT certified as a DEF CON 24 qualifier, so long as you meet their exacting standards for competitiveness, fair play and general excellence. If you run a CTF that’s got its act together and is looking to get next-level, we urge you to find out more and submit your proposal to the the LBS. You can find all the info you need on the Legitimate Business Syndicate blog: https://blog.legitbs.net

Posted 10.19.15

The US House Energy and Commerce Committee released draft legislation last Wednesday to outlaw car hacking. You can read the proposed legislation at the link below.

Understandably, this is pretty concerning to the security researcher community. These reforms might criminalize their legitimate work protecting consumers from exploitable auto tech.

It's worth letting your representatives know how important it is to distinguish between hacking your own car and hacking someone else's car.

Here is a link roundup of some interesting recent DEF CON talks about car vulns you likely would not have heard about if it weren't for security researchers popping the hood and seeing what's going on underneath. Let's keep that legal.

Charlie Miller and Chris Valasek - Remote Exploitation of an Unaltered Passenger Vehicle

Charlie Miller and Chris Valasek - A Survey of Remote Automotive Attack Surfaces

Paul Such 0x222 and agix- Playing with Car Firmware or How to Brick Your Car

Zoz - Hacking Driverless Vehicles

http://docs.house.gov/meetings/IF/IF17/20151021/104070/BILLS-114pih-DiscussionDraftonVehicleandRoadwaySafety.pdf

Posted 10.12.15

DEF CON website update: the trusty Torrents page is now the File Downloads Page! Not to worry - all the torrents are still right where you left them, but we've added a few new options. You can now download the oceans of DEF CON goodies via eMule and RSS. As always, we appreciate it when you share the hacker knowledge we make available, so make sure to pass it on.

Posted 10.2.15

The DC Groups Portal Page has been updated to include a bunch of the DEF CON Groups that have responded to our call for updates. You can find URLs, Points of Contact and meeting info there – everything you need to link up with a local group of hackers for fun and fellowship.

If you run a group and we don't have your updated information, you can get it to us using the template here:
https://defcongroups.org/infotemplate.html

Posted 9.29.15

We've updated the DEF CON press coverage page, in case you'd like to see what the media had to say about DEF CON 23. It's our mission to preserve all the hacker history we can, so if you know of something that ought to be included in the press page, or archived on the media server, drop us a line.

https://defcon.org/html/links/dc_press/dc_press.html

Posted 9.24.15

Over on the DEF CON media server, there's a quiet update going on - the videos are all being re-encoded to x.265 for smaller file sizes and easier snarfing. If you haven't yet checked out the DCMS, you should. We've got tons of DEF CON presentations, slide decks, conference CD's, music, hacker docs – so much good stuff. There's even torrents and eMule links, for those inclined to more high-volume data slurping.

https://media.defcon.org - filling your hard drive and your cranium, 24/7.

Flashback Friday, Virus Writing Edition!

Posted 9.18.15

This week Neil McAllister of @theRegister published a nostalgic little piece about his time as a teenage virus writer, and he called to mind that time in hacker history so perfectly that he inspired this week's twofer #defconflashbackfriday.

Both videos are from DEF CON 8, way back at the turn of the century. Think tech bubbles, Y2K panic, and pool parties at the Alexis Park. It was quite a time.

The first video is from Sarah Gordon and it's called 'Virus Writers: The End of the Innocence.' It concerns the moment in time when virus creation changed from a bulletin board hobby to a target for legal prosecution, yet still years before malware creation and distribution blossomed into an accepted business model.

The second is an introduction to Viruses (Virii?) by the aptly handled V1ru5. 

You can also read Neil's article here: http://t.co/TY3pOtX2cJ

Posted 9.18.15

Reminder to all of our DEF CON Groups folks- we're always looking for pictures and videos from you guys, so if you've made/done/talked about something you're proud of recently, get in touch with us at dcgroups dot defcon dot org and we'll put them up on defcongroups.org. One of our goals this year is to raise the profile of the DEF CON Groups project, and your help is an major part of the plan. Thanks for helping us spread the word.

DEF CON 23 Badge Contest Walk-throughs!

Posted 9.15.15

Please enjoy this small roundup of DEF CON 23 Badge Contest write-ups, and by extension a look into the phantasmagorical mindscape of  our puzzlemaster 1o57.  We suggest you pack a light snack and comfortable, closed-toe shoes.

Well, unless you’re still working on the solution, obvs. If you need to remain spoiler-free, stop reading, click nothing and we’ll have another post along for you shortly.

Badge Challenge Walkthrough by Team Potatosec

DEF CON 23 badge contest walkthrough by Elegin

Hackaday.io project on the DEFCON badge hacking

Posted 9.9.15

Another DEF CON 23 early release video - this one is Dennis Maldonado’s presentation entitled ‘Are We Really Safe? Bypassing Access Control Systems.’ If the only thing between evildoers and your sensitive, crucial data is a keypad, it’s a good idea to know how many ways that keypad can be compromised. Dennis runs through several access control attack methods, from the physical to the network.  As always, enjoy and pass it on.

Posted 9.9.15

To spice up your Wednesday we present a hearty bowl of packet captures from this year’s DEF CON ICS Village. Get them from our media server while they’re still piping hot. Please to enjoy, share and if you do something interesting with them, let us know.

https://media.defcon.org/DEF CON 23/DEF CON 23 villages/DEF CON 23 ics village/DEF CON 23 ICS Village packet captures.rar

Posted 9.4.15

As you may know, DEF CON 24 is hosting the finals of the DARPA Cyber Grand Challenge - a CTF played by fully autonomous systems, developed over two years for that specific purpose. Attack, Defense, complex gameplay all without human intervention. The team whose creation dominates this all-metal Thunderdome walks away with $2,000,000.

This #defconflashbackfriday is a presentation by Mike Walker from DARPA and Jordan Weins from Vector35 all about the CGC, the tech that's being created for it and what it means for securing the IoT we're all connected to.

Bonus: There's a cool reveal in the final few minutes about an additional contest where the winner of the machine vs. machine battle might stick around for a little more CTF action, Humans against Toasters style.

https://youtu.be/gnyCbU7jGYA

You can meet the finalists and learn more about the Cyber Grand Challenge on the CGC website:

http://www.cybergrandchallenge.com/index.html#home

Posted 9.2.15

The The T.D. Francis X-Hour Film Contest was back for its second year at DEF CON 23. In case it's new to you, the X-Hour Film Contest is a guerilla-style moviemaking challenge where the participants have to write, shoot and edit a short film during DEF CON.

To make it even tougher, the crews don't get the requirements until they're on site. It's a pretty hard task, but DEF CON people pay little respect to the impossible and show open hostility to the merely difficult. The difficult gets done.

You can see all of this year's entries, and learn how to participate on the X-Hour site :

https://www.xhourfilmcontest.com/defcon-23-films.html

Think you can do better? Get in the ring at DEF CON 24.

Here's the winning entry 'The 23rd Badge' by Team Lake State Studios.

Posted 8.31.15

Let’s start the week off with another early release video from DEF CON 23. This one is entitled ‘Cracking Cryptocurrency Brainwallets’ by Ryan Castellucci. In this talk, Castellucci explains, in crystal-clear terms, why brainwallets in their current form are a terrible way to secure your crypto-cash. Like, terrible.

Ryan's presentation is a high-info, low-hype tour of the security issues around the safeguarding of your Bitcoin fortune, with some fun white hat adventures thrown in for entertainment value. You will probably learn some cool stuff. You will also learn about Ryan’s Brainwallet-cracking tool/awesome name for a metal band – ‘Brainflayer’. Please enjoy, make whatever wallet changes you need to, and pass it on.

Posted 8.31.15

More fun CTF stuff released by our esteemed associates at the Legitimate Business Syndicate - a data dump of goodies from the 2015 CTF Quals:

"Much like our 2014 data dump, this release includes JSON dumps of categories, challenges, notices, teams, and limited user information, and more importantly, offline-browsable HTML pages about teams, challenges, and more!"

Posted 8.29.15

The first of our DC23 torrents has arrived! This time it’s about 18 gigs of pictures from the DEF CON Photo Corps. View them, share them, recreate them in papier-mache. They are yours to use, provided that you attribute them to DEF CON. Watch this space for more torrent-based goodies in the near future.

You’re probably going to want to free up some drive space.

Posted 8.28.15

Congratulations to DEFKOR, PPP and 0daysober for coming in the top three places in this year's DEF CON CTF. Thanks also to the pillars of the community at the Legitimate Business Syndicate for putting it all together again this year. For more info and a schedule of data releases from this year's game, hit up the LBS blog: https://blog.legitbs.net/

Posted 8.27.15

If you’re interested in reading/watching some of the press DEF CON received this year, you can check out our press archive page. Like everything, it’s a work in progress, and we’ll update as new press mentions come to our attention. If you see something (that should be on the list), say something (to press at defcon dot org). 

Posted 8.25.15

Today we have another early release video from DEF CON 23! It's Dan Kaminsky's talk entitled 'I Want These * Bugs Off My * Internet' - a presentation about what it takes to 'comprehensively end a bug class'. No big. Please enjoy, let it marinate in your braincase and pass it on.

Posted 8.21.15

#defconflashbackfriday this week is another popular talk from DEF CON 23. It's Charlie Miller and Chris Valasek and their presentation entitled 'Remote Exploitation of an Unaltered Passenger Vehicle'. The vulnerabilities discussed in this talk led to a pretty big recall you might have seen covered on the nightly news.

Enjoy, pass it on and if you're looking for a less connected vehicle, we hear good things about the AMC Gremlin. That thing never connected with anyone.

Posted 8.20.15

The DEF CON 23 update train rolls on. Looking for speaker materials, the program or the official receipt? Want to spend some time with the recently decommissioned website? The DEF CON 23 Archive page has what you're looking for.

We'll be updating it as more stuff comes in, so check by often.  Also, if you need a little bit of time sink to get you through a long day at work, remember that that archive page contains similar infoz from the other 22 DEF CONs as well. Productivity kill achievement unlocked.

Posted 8.19.15

Another DEF CON 23 Early Release video: "And That's How I Lost My Other Eye: Further Explorations in Data Destruction by the fearless Zoz. From the abstract:

" While purging incriminating material residing on spinning disks remains the focus, the research has been expanded to encompass solid state storage and mobile solutions to your terabyte trashing needs. With best efforts to comply with the original constraints, the 2015 update features more analysis of the efficacy of kinetic projectiles, energetic materials and high voltages for saving your freedom at the potential cost of only a redundant body part... or two."

https://youtu.be/qRr3QFUZPqU

Posted 8.17.15

It took a while to collect and assemble, but we are now ready to present to you the contest results for DEF CON 23

The contests at DEF CON are community generated, and we want to thank all the people who give their time and energy to think them up and bring them to life. We're proud of how varied and challenging and creative the contest scene has become.

We also appreciate all of the contest participants who wade into the fray and get involved. That enthusiasm keeps us working to make every year better than the last.

And of course, congrats to the winners. These things can be pretty demanding of your brain and your energy and your sleep bank. Take a moment to bask in your glory, victors. You have done well.

Just know that while you enjoy your victory, somebody somewhere is in the dojo, working on their crane kick for DC24.

Posted 8.15.15

Jayson E. Street is famous for his awkward hugs (that is so for real - you can google it). He is also famous for speaking at Cons and spreading the hacker gospel around the globe. His new mission? Revitalizing the DEF CON Groups.

This is an interview from DEF CON 23 – DT talks to Jayson about his DCG plans, his thoughts on the scene and his collection of lanyard-centric Con bling.

If Jayson's ideas about Groups sound cool to you, visit the website at defcongroups.org and find out about joining or starting a DC Group where you live. Momentum, people. Keep it going and spread the word.

Posted 8.14.15

Today’s #defconflashbackfriday is from the recently completed DEF CON 23, and it’s kind of a paradigm shifter in the world of identity theft. Chris Rock from Kustodian shows how it’s possible to exploit the systems that record our births and deaths to create and destroy ‘life’ at will. The possibilities are wide-ranging: get an enemy declared dead, get a fictional person declared born and sell them as a whole-cloth identity or get them declared dead for the insurance payout. Start your whole life over with an anonymously created, brand-new identity. It’s a fascinating and troubling presentation that should generate much-needed discussion about how we secure the entire digital lifecycle.

Posted 8.13.15

DEF CON 23 is a wrap. We hope all of you found your way safely to your various abodes and domiciles and smoothly resumed your between-con lifestyle.

We took a couple of days to refill the life bar, and now we’re back online ready to hit you with the post-DC wrap-up. Watch this space for early-release video, contest results, pcaps, pictures, press reports and all that good stuff.

We heart you, DEF CON community. Thanks for making DC23 so much fun.

Posted 8.9.15

Thanks, DEF CON nation! Hopefully you've had your mind blown, your booty shook and your contact list upgraded.

If you had a good time and you're already thinking about next year, know that hotel registration is officially open today.

Posted 8.8.15

Check out the new Contest, Drunk hacker History tonight in Track One at 19:00! What is it, you ask? From the DEF CON Program:

New this year for DEF CON 23, we bring you a contest unlike anything you've ever seen before (and may never see again). The DEF CON community has a rich history. It is a history is filled with colorful adventures, half-truths and angry hotel managers. This contest will brush the dust off some of the most celebrated, obscure and redacted moments in Hacker History through the interpretation of a group of pre-selected contestants with the help of C2H6O. Each contestant will be "prepared" for their participation by our contest staff before being brought in front of a panel of judges. A topic will be randomly selected pointing to a moment of hacker history and the contestant will have 5-7 minutes to provide their account. Points will be given for accuracy, level of "focus", and other areas just made up on the fly by the judges, and in the end the contestant with the most points will be crowned the "Drunk Hacker History" champion for 2015. Note: This is not a Black Badge contest (yet).

Posted 8.8.15

In order to ease some of yesterday's congestion, DC101 track is now located in the Gold Room in Bally’s. The Demo Labs that were located in the Gold Room are now in the Grand Salon area just outside of the Gold Room. Pass it on!

Posted 8.7.15

When you're weary of walking the conference floor, feel free to take a moment to leech the daylights out of the DEF CON 23 Media server, available to everyone onsite at dc23-media.defcon.org! All of this year's con materials and gigs and gigs of other conference videos to watch on the plane home. Enjoy, and pass it on.

Posted 8.6.15

Attention millenials : in the olden times, we put our information on slices of tree skin. We still do, a little bit. Some of the sages who write these 'books' will be available to meet you and squirt Sharpie juice on your copy in the shape of their name. You should visit them in the following locations and times:

Friday, August 7

14:00 - Michael Schrenk: Webbots, Spiders, and Screen Scrapers, 2nd Edition
15:00 - Violet Blue: The Smart Girl's Guide to Privacy
16:00 - Bruce Schneier: Data and Goliath

Saturday, August 8

13:00 - Jon Erickson: Hacking, 2nd Edition
14:00 - Eric Weinstein: Ruby Wizardry
15:00 - Georgia Weidman: Penetration Testing
16:00 - Chris Eagle: The IDA Pro Book, 2nd Edition

All signings will take place at the No Starch Press table in the vendor area.

Peter Kim will also be signing his book Hacker Playbook 2: The Practical Guide to Penetration Testing, Saturday at noon, at the Hacker Warehouse table.

Posted 8.6.15

From the DEF CON corrections department:
A typo in the program attempted to rob you of a few precious hours of musical entertainment. Please know that music events start at 21:00 tonight and 20:00 friday and saturday, not 22:00. We apologize for any confusion. We now return you to your regularly scheduled hacker conference.

Posted 8.6.15

If you're here onsite, you're gonna get a printed program, physical CDs with con materials and the official DEF CON soundtrack, among other goodies. Which is great.

But if you aren't so into the whole analog trip, or you're playing along with DEF CON at home, is there a way to just download all this stuff?

Of course there is. Here's a heaping helping of links to get you started.

Program
Direct Download: https://media.defcon.org/DEF CON Conference Programs/DEFCON-23-Program.pdf

Conference CD
Direct Download: https://media.defcon.org/DEF CON Conference CD DVD/DEF CON 23 Original Hacking Conference DVD.rar
Directory of Files: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/

Music CD
Purchase the Soundtrack (pay what you want) to benefit EFF: http://music.gravitasrecordings.com/album/def-con-23-the-official-soundtrack
Torrent: https://www.defcon.org/html/torrent/DEF CON 23 music CD.torrent
Music CD Files Directory: https://media.defcon.org/DEF CON 23/DEF CON 23 music/DEF CON 23 music CD/

Posted 8.5.15

Get registered for the DEF CON Secure WiFi now, even if you aren't here on site yet!

DEF CON WiFi Network

2.4 & 5 Ghz

DefCon-Open : Type: Open
DefCon : Type: WPA2/ 802.1x

Once again the DEF CON NOC worked hard to provide you the internetz via WiFi access throughout the Paris & Bally’s convention centers.

There are two official ESSIDs to access the conference network: the encrypted and cert/user-based authentication (DefCon) and the unencrypted free-for-all one (DefCon-Open): choose wisely.

Most of the devices these days should are 802.1x compatible, despite the corks some of them still present without an MDM solution behind it, and no one really want your devices managed by us.

https://wifireg.defcon.org is where you can create your credentials, download the digital certificates and fingerprints, and read our awesome support documentation. Remember, practice safe internets: make sure you pick a credential that is not used anywhere else (aka: your Windows domain) and double check your fingerprints. As always, this is a hacker conference.

http://www.defconnetworking.org is your stop for stats, data, and important updates about the network during and post-con.

And, believe it or not, we want your feedback: noc@defconnetworking.org

Posted 8.5.15

The Box - Electronic Tamper / Bomb Defusal Contest

The challenge? Defuse a bomb. I feel like I don't have to say a lot more than that. Bring your own tools, have an action hero moment for yourself.

Reg begins Friday in the Tamper-Evident Village, and it's probably wise to expect a bit of a queue.

Full info in the Forum:
https://forum.defcon.org/forum/defcon/dc23-official-unofficial-parties-social-gatherings-events-contests/dc23-villages/tamper-evident-village/220837-the-box-dc23-tamper-challenge

DC 23 Tamper Evident Contest

Signups are now live for the Defcon 23 Tamper-Evident Contest! Your task is to gain access to a package and all of it's contents without leaving any evidence that you did so. Sound easy? It's harder than you might think! Make sure to sign up to guarantee you get a package - space is limited for this contest!

Rules and signup page in the Forum:
https://forum.defcon.org/forum/defcon/dc23-official-unofficial-parties-social-gatherings-events-contests/dc23-villages/tamper-evident-village/221715-dc23-tamper-evident-contest

Posted 8.4.15

The US Govt proposed new export controls that could change the way we talk about security and Defcon has two sessions on the issue. We are very pleased to announce that Catherine "Randy" Wheeler of the BIS will be joining the "Licensed to Pwn" panel as a special guest.

Randy has been the Director of the Information Technology Controls Division in the Bureau of Industry and Security’s (BIS) Office of National Security and Technology Transfer Controls since June 2006, and is currently tasked with implementing the Wassenaar Arrangement’s new export controls on surveillance and intrusion software. Randy will join Dave Aitel, Matt Blaze, Nate Cardozo, Jim Denaro, and Mara Tam to discuss the weaponization and regulation of security research on Friday, 7th August at 11h00 (Track Two).

Posted 8.2.15

At DEF CON, we know that after a long day of having your mind-grapes blown, sometimes it feels good to shut it down a bit and party. That’s why we provide so many party options. Need some reckless booty-shaking? We got you. Need to drunkenly howl top40 tunes with friends? We got you. Need to put your feet up and watch a movie while your life bar fills back up? We got you, too. We are a full-spectrum hacker summer camp, people. We got you because we get you.

Check out our nightime offerings here

Posted 8.1.15

Interested in Kali Linux? Want to get yourself up to speed on the new hotness of Kali Linux 2? Enter the Kali 2.0 Dojo.

In Skyview 2 on Friday starting at 1:00PM there will be two Kali workshops to get you up on things, with custom Kali USB sticks provided to attendees.

Workshop One: Learn how to master Kali Linux Recipes and easily build images such as the Kali Linux ISO of Doom or Instant Evil Kali Access Point.

Workshop Two: Learn how to make a sleek Kali Bootable USB stick, which contains several persistent storage profiles, both regular and encrypted. Protect your encrypted data using the Kali LUKS Nuke feature destroy and restore your data with confidence.

Workshop Three: Pentest the Planet. *

*There isn't a Workshop Three. But with your new skills and training, you will probably be pretty stoked to get your Kali 2.0 on.

Posted 7.31.15

SomaFM returns once more to bring delicious and relaxing sounds to the Chillout Lounge for its third year running. Known best for its legendary Groove Salad radio station, SomaFM is one of pioneers of streaming internet radio, with dozens of curated, diverse, and compelling channels for listeners across the globe. DEF CON Radio, a project of SomaFM, is included in that incredible list, a playlist including much "Music For Hacking" and a unique daily schedule that goes with the flow of the DEF CON experience.

Find more information about the listener-supported SomaFM and DEF CON Radio at
http://somafm.com/defcon/

DEF CON radio (player link):
http://somafm.com/player/#/now-playing/defcon

Posted 7.30.15

After a few years 'off-campus', the legendary Queercon is back in the main DEF CON venue - and they return in grand style. Not only is Queercon throwing a giant pool party with DJs from all over the world, functionally endless booze, and an OPEN pool,  but they're also hosting a  mixer every day of the con at 4pm for friendly conversation, chillaxing and cocktails.

To celebrate their return, DEF CON has created a limited run of DEF CON pride t-shirts, shown here on a model with alarmingly subtle facial features. They're a fine addition to any wardrobe and you can find them wherever DEF CON swag is sold.

Basic Details:
Pool Party - Friday 8pm to 3am at the Bally's pool. No badge required.
Mixers - 4pm Thursday thru Sunday at a Courtesy Suite (#TBD) in the Jubilee Tower of Bally's

The full rundown is available at queercon.org  

Posted 7.30.15

From The Dark Tangent:

"As DEF CON 23 nears, I am proud to unveil the launch of the new DEF CON Groups website, defcongroups.org!

Defcongroups.org will provide a centralized place to socialize, learn new skills, collaborate, and show off recent projects to DEF CON Groups around the world . It will include a directory to make it easier to find like-minded hackers in your area, as well as showcase featured DEF CON Groups, guest blogs, videos, tutorials, and more."

Read all about it at defcongroups.org. Whether you wish you were coming to Vegas next week or you are and you just want to feel that Hacker Fresh™ feeling all year round, it's time to join your friendly neighborhood DEF CON Group. If you live somewhere that doesn't have a DEF CON Group, it's time to start one.

There's really no limit to the cool stuff that can be accomplished with a global network of smart, inspired,hacker-minded humans. Together, we're basically Voltron. Let's make this the year we prove it.

Posted 7.29.15

The Villages are growing - almost all of them have their own speaker tracks, contests and events. How crazy is that? Most of the villages are bigger than the first bunch of DEF CONs! To help you keep them sorted out, we’ve created a page on the DEF CON 23 website that lists all the talks going on in the villages (that we know about at this precise moment in time - we’ll add and update if things change). It’s like one of those Country Buffets, only the offerings make you smart instead of nauseous and regretful.

Posted 7.24.15

In a $3cr3t chamber behind a purely ornamental bookcase in DEF CON Manor, a shadowy cabal works for months selecting DEF CON talks. It’s a grueling, thankless job. 

Until we thank them, which is now. 

This is the post where we drag the willing members of the cabal out of the shadows so you can learn their names and buy them a drink at the con. 

Not shown: Several reviewers who have spent so long in the $3cr3t chamber that they’ve become permanently shadowy. 

Posted 7.23.15

The Social Engineering Village has a brand new contest this year- Mission SE Impossible! It takes place on Thursday and you need to sign up on-site but it sounds like fun. Contestants are 'arrested', put in a locked room and forced to use their SE skills to get the codes and free themselves.

Read all about it. If you've the SE chops to talk your way out of a locked box, you probably won't want to miss this contest.

http://www.social-engineer.org/social-engineering/the-sevillage-at-def-con-23/

Posted 7.22.15

Good news, everyone! Well, unless you secretly love waiting in a queue. Then it’s less good, and you’re weird.

The DEF CON 23 workshops will not require you to rush from the reg line to a workshop reg line. We’re going to allow online pre-reg for the DEF CON Workshops. The seats are limited, and we’re granting them on a strictly first come, first served basis.  To sign up, check out the Workshops Registration Page!

We’ll send a receipt when you’re registered (within 2 biz days), and we’ll announce any new openings @defcon on Twitter. Good luck!

Posted 7.22.15

At DEF CON, we agree with you that it's kinda bogus that in 2015 we still don't have flying cars. But you know what makes up for that? Cars you can hack.

So this year, we bring you Car Hacking Village - a little bit of paradise for people who long to invalidate a connected car's warranty without jeopardizing their commute.

The CHV will have several 'Zones' for your education and entertainment:

Pull-apart Zone: learn how to get physical access to car controllers by removing panels and bolts.

Buck Hacking Zone: open hack car controllers and systems using a Buck (system on a bench).

Learning Zone: drop-in sessions of 15-30 minutes to teach specifics of vehicle networks and hardware.

Chill Zone: meet the CHV team in a more informal setting. Meet other interested con-goers. Meet no one and just meditate on what you've learned so far.

OEM Zone: we're probably going to rename this, but it's for dialog between OEMs and their users.

Vendor Zone: if the Car Hacking Village has inspired you, you can pick up some study material and even some hardware.

We hope to see you there.

Warning: objects in the CHV are closer than they appear.

Posted 7.20.15

If you find yourself interested in the The T.D. Francis X-Hour Film Challenge but you don't have a big enough crew, let people know in the Forum thread linked below or in on their facebook page https://www.facebook.com/xhourfilm

If you find yourself interested in the The T.D. Francis X-Hour Film Challenge but you don't have a big enough crew, let people know in the Forum thread linked below or in on their facebook page https://www.facebook.com/xhourfilm

There's a limited number of slots, and they're filling up, so don't dilly-dally. And remember us when you get that Oscar.

You can also check out the Contest website at http://www.xhourfilmcontest.com/

T.D. Francis X-Hour Film Contest on the DEF CON forums

Posted 7.17.15

Today’s date - 7/17/2015. Add the digits. Can you feel that? The phantom hand tugging at your sleeve, the voice in your ear right before sleep takes you? There’s no sense in resisting, friend. The Enigma has you, and the only way out is straight through. Join us in Las Vegas! Closing ceremonies are in 23 days. 

Posted 7.13.15

We have upgraded the DEF CON Forums - new iron, new paint, new can-do attitude. We've removed the annoying wait between signing up and posting, and the whole thing runs faster. Also, you can't beat the new forum smell - like ascii and toasted hazelnuts.

The Forum is also where the most granular, immediate and interactive information about DC23 is being hashed out. Looking for someone to share ae ride from San Diego? Want to ask a question directly to the Crash and Compile organizers? Head on over to the Forum. Got a killer salsa recipe? Probably no one cares, but its a forum. So get involved.

Posted 7.9.15

Here's the listing of the final night of DEF CON musical performers. Sweet, sweet speaker honey from the people's champ Miss Jackalope, Dieselboy, Zebbler Encanti Experience, Downlink, Skittish and Bus and ZackBarbie. Be warned: you will move it, move it. Plan accordingly.

Posted 7.6.15

It's beginning to feel a lot like DEF CON, everywhere you gooooo...

You can tell it's for real now, because we have a live speaker schedule. Familiarize yourself, plot your optimal path for cranial embiggening, tell the others. This year's lineup is crazy great, and knowing your 'must see' talks greatly enhances your chances of maximum DEF CON.

We're in the home stretch, people. One month and counting. 

Posted 7.6.15

At DEF CON, we take your booty-shaking needs seriously. To help you get your recommended daily allowance of ecstatic groove units, we have created a stellar Friday lineup that includes:

VJ Q. Alba
Pyr0
Dualcore
mc chris
YT Cracker
Ninjula

If your groove is not firmly on Friday night, you should maybe contact your doctor.

Saturday Lineup coming soon!

Posted 7.3.15

DC23 Booking Pro Tip:

The DEF CON group rate isn't available at the main venue hotels anymore - our block is sold out in Paris and Bally's. This might cause you to think about paying the full freight at those hotels to be close to the action. Reasonable idea, except....

We have a discounted block at Caesars, and it's still got some rooms available. Caesars is only 800 air-conditioned steps from the Con space. You save some hard-earned skrilla, you get a few minutes of walking to thumb through your program and get your various plans/plots/schemes together.

Look, if you've got bread like that, do what you feel. But for those of us balling on a budget, the Caesars plan deserves some attention.

Posted 7.2.15

Some of you, we have heard, enjoy vigorously oscillating what your maternal unit bequeathed to you. Some of you like to wave your hands in the air, as if you could not be less concerned. We understand. We get you, and we got you.

We have artisanally curated a flight of audio bliss merchants for your enjoyment on Thursday night. For staters, we’ve got An Hobbes, Dee Kaph, Johnny5 and Spherex.  After midnight we have DJ %27 and DJ AliKat. Many styles, many flavors. Join us, and amuse your bouche all over the place.

Posted 6.26.15

The official vendor list for DEF CON 23 is finalized and live on the intertubes. That money burning a hole in your pocket? It's dangerous if it goes unchecked. You can avoid the hazard of fire by turning that money into temperature-stable, safe goods and services with the smiling merchants of the vendor area. For those of you inclined to the games of chance, payouts in the vendor area hover very close to 1:1 - you're not gonna get those odds on the casino floor.

Don't become a pocket combustion statistic. The vendors are here to help.

Posted 6.23.15

We asked for demo submissions, and boy howdy did you people ever answer! For the first time, we have a whole community-powered demo area - five different sessions of your projects and demonstrations to share with the attendees. You're definitely gonna want to make some time to check this out.

The schedule is live, and of course there are links to all the abstracts there. We're amped about this - and we hope you will support the Demo Lab and spread the word.

This is gonna be so cool.

Posted 6.22.15

Crash and Compile? What's that?

Crash and Compile is an ACM-style programming contest crossed with a good old fashion college drinking game.

You get a problem, and have to code a solution to it. The catch is that if your code doesn't compile, seg-faults, doesn't produce the correct output, you have to take a drink... All this takes place on the contest stage. It's chaos meets coding. As the night progresses, you are either a really good programmer, really drunk, or a bit of both.

Official announcement on the DEF CON forums

Posted 6.18.15

As promised, here's the final additions to the lineup for DEF CON 101. Make yourself familiar, maybe pick out a couple.  Nobody likes to be standing in line for an SRO talk only to get stuck in the hallway, missing all the goodness because of a failure to plan.

Well, there's probably a rule that says someone must like that, and probably mods a subreddit about it like /r/missedyetanothercoolDEFCONtalk. But that someone is weird. Weird and possibly dangerous. Don't be that someone. Read ahead and make some plans.

Hardware and Trust Security: Explain it like I’m 5
Teddy Reed and Nick Anderson

A dive through the origins, evolution, and weaknesses of cellular networks
Effi and Tom Palarz

Seeing through the Fog
Zack Fasel

Hacking Web Apps
Brent White

Hacker in the Wires
Dr. Phil Polstra

Secure Messaging for Normal People
Justin Engler

Sorry, Wrong Number: Mysteries Of The Phone System - Past and Present
"Unregistered436" Patrick McNeil and ”Snide" Owen

Forensic Artifacts From a Pass the Hash Attack
Gerard Laygui

Alice and Bob are Really Confused
David Huerta

Introduction to SDR and the Wireless Village
DaKahuna and Satanlawz

Hackers Hiring Hackers - How to Do Things Better
Tottenkoph and IrishMASMS

Beyond the Scan: The Value Proposition of Vulnerability Assessment
Damon Small

Backdooring Git
John Menerick

Posted 6.17.15

The great work is complete! Behold the final round of selected speakers for DEF CON 23!

Thanks to all the submitters for sharing their work, and to the selection committee for poring over all that work. We think we’ve created a pretty phenomenal list of talks here!

Check this space tomorrow for the final round of DC101 speakers as well.

It’s getting real, people. Really real.

DIY Nukeproofing: a new dig at "data-mining"
3AlarmLampscooter

Key-Logger, Video, Mouse - How to turn your KVM into a raging key-logging monster
Yaniv Balmas and Lior Oppenheim

Who Will Rule the Sky? The Coming Drone Policy Wars
Matt Cagle and Eric Cheng

Why APTs focusing on Telco Networks: Dissecting technical capabilities of Regin and its counterparts
Omer Coskun

Do Export Controls on “Intrusion Software” Threaten Vulnerability Research?
Tom Cross and Collin Anderson

Licensed to Pwn: The Weaponization and Regulation of Security Research
Jim Denaro, Dave Aitel, Matt Blaze, Nate Cardozo, and Mara Tam

REpsych: Psychological Warfare in Reverse Engineering
Chris Domas

NSA Playset: JTAG Implants
Joe FitzPatrick and Matt King

Abusing Adobe Reader’s JavaScript APIs
Brian Gorenc, Abdul-Aziz Hariri, and Jasiel Spelman

WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis
Matt Graeber, Willi Ballenthin, and Claudiu Teodorescu

I want these * bugs off my * Internet
Dan Kaminsky

Let's Talk About SOAP, Baby. Let's Talk About UPNP
Ricky "HeadlessZeke" Lawshae

Tell me who you are and I will tell you your lock pattern
Marte Løge

Separating Bots from the Humans
Ryan Mitchell

Docker, Docker, Give Me The News, I Got A Bad Case Of Securing You
David Mortman

NetRipper - Smart traffic sniffing for penetration testers
Ionut Popescu

"Quantum" Classification of Malware
John Seymour

Hacking the Human Body/brain: Identity Shift, the Shape of a New Self, and Humanity 2.0
Richard Thieme

Posted 6.15.15

Attention automaton enthusiasts! The rules for DEFCONBOTS 2015 have been finalized and are live at https://github.com/Defconbots/2015_Competition_Rules. Time to dust off your autonomous laserbot and begin the training montage.

Signup is available at www.defconbots.org

Posted 6.12.15

These are brand new - intensive, deep-dive workshops on topics like Android reverse-engineering, Honeypots and Crypto for Hackers!  They’re free, but you’ll need to register onsite. Space is obviously limited, so if one of these topics really grabs you you’re gonna want to make signing up a priority when you get to the venue. There will be overflow lists, too, in case not everyone shows up. It is Las Vegas, after all. Sometimes you lose someone for a while.

Spread the word - we’d love these workshops to have a great first year.

Posted 6.10.15

The DEF CON CFP Review Board is composed entirely of Champions. Only a few days after Round 3, they are ready to present you with Round 4 of DC23 accepted speakers. Look on their work, ye mighty, and despair.

When the despair wears off, you should probably starting making notes about which ones you want to see. It's looking like a pretty goodie-packed schedule.

How to secure the keyboard chain
Paul Amicelli and Baptiste David

How to hack your way out of home detention
AmmonRa

Canary: Keeping Your Dick Pics Safe(r)
Rob Bathurst (evilrob) and Jeff Thomas (xaphan)

Attacking Hypervisors Using Firmware and Hardware
Yuriy Bulygin, Mikhail Gorobets, Alexander Matrosov, Oleksandr Bazhaniuk, and Andrew Furtak

Harness: Powershell Weaponization Made Easy (or at least easier)
Rich Kelley

Inter-VM data exfiltration: The art of cache timing covert channel on x86 multi-core
Etienne Martineau

Ask the EFF: The Year in Digital Civil Liberties
Kurt Opsahl, Nate Cardozo, Mark Jaycox, Corynne McSherry, Nadia Kayyali, and Peter Eckersley

DefCon Comedy Inception: How many levels deep can we go?
Larry Pesce, Chris Sistrunk, Adam Crain, Chris Blow, Dan Tentler, Amanda Sullivan Berlin, and Katie Moussouris

Chigula - a framework for Wi-Fi Intrusion Detection and Forensics
Vivek Ramachandran

Knocking my neighbor’s kid’s cruddy drone offline
Michael Robinson and Alan Mitchell

How to Hack a Tesla Model S
Marc Rogers and Kevin Mahaffey

Drinking from LETHE: New methods of exploiting and mitigating memory corruption vulnerabilities
Daniel Selifonov

Scared Poopless – LTE and *your* laptop
Mickey Shkatov and Jesse Michael

Angry Hacking - the next generation of binary analysis
Yan Shoshitaishvili and Fish Wang

High-Def Fuzzing: Exploring Vulnerabilities in HDMI-CEC
Joshua Smith

Security Necromancy: Further Adventures in Mainframe Hacking
Philip “Soldier of Fortran” Young and Chad "Bigendian Smalls” Rikansrud

Posted 6.9.15

'From Dusk 'til Con' is back with more space, more opportunities and more DEF CON-provided bartenders. If you've got an idea for a party, shindig, hullabaloo, Esperanto-based MUD, you know, whatever, you should share them with us. If your idea is one of the winners, you'll get to throw your party at DEF CON. The main requirements are a well-thought out idea and a quick e-mail trigger finger. You can find the full story on the Call for Parties page. Go there, make a plan, become a party legend.

Posted 6.9.15

Still hoping to stay in the DEF CON hotel block at our group rate? It’s time to get a move on. Our block at LINQ has sold out, and Flamingo and Planet Hollywood are close to capacity. There’s still some rooms at our rate Caesars, but the window is closing fast, and the risk of getting stuck with an overpriced room in the uncharted wastelands of the Strip grows with every passing day. Fortune favors the bold action, friends. Book soon, or brave the outer darkness. 

Posted 6.8.15

New for DEF CON 23 is the evolution of the last years DEF CON Media server drive duplication into the data duplication village.

HOW IT WILL WORK

DEF CON will provide a core set of drive duplicators as well as content. It will be a first come, first served situation. Bring and label your 6TB SATA blank drives, and put them in the queue for the data you want and 14 hours later it is done.

WHAT TO BRING

_ 6TB SATA3 new drive(s) - If you want a full copy of everything you will need three.

_ Any data you want to contribute to be shared, in USB, HDD, or DVD format

You can both contribute data to be duplicated, as well as bring blank drives to get copies and help spread the knowledge.

Those who want to share their own collections or help with duplication are encouraged to bring their own collections and drive dupers. If your collection is smaller we are thinking of getting some USB thumb drive duplicators for smaller batches. We also will have a DVD duper tower, so bring those legacy DVDs.

Full details in the DEF CON forums

Posted 6.4.15

The ISE and the IoT Village announced ‘Call for X’, a call for presentations for an open-format presentation track at DEF CON 23. From the announcement:

“Call For X’ is a play on the mathematical construct of X as an unknown variable,” explains Ted Harrington, one of the lead organizers of IoT Village and the Executive Partner at ISE. “The Call for X is an open-format track for the IoT Village. We want researchers to make suggestions about innovative ways to teach workshops, tutorials, games, or anything else related to the Internet of Things. We are trying to open the platform of learning to dynamic innovation that will help deliver exciting, new and effective ways to reveal solutions for the emerging IoT security problem."

The Call for X CFP is open until June 30, and the information you need to participate is at www.IoTVillage.org . Get your ideas together and spread the word.

Posted 6.3.15

Here's a few things you might want to know about that are going on in the Contest/Event/Village-osphere:

Gentle, non-automated reminder: You only have until June 15 to register for 'Robocalls: Humanity Strikes Back' and grab your share of the 50K in prizes!

Strike at the heart of the robocall menace and possibly get a fistful of greenbacks by creating a crowd-sourced honeypot. But step lively, because June 15 is right around the corner.

In case you didn't know, DEF CON 23 is soft-launching a BioHacking Village, and there's still an open CFP for it! If you've got some knowledge or expertise in bio-hacking, this may be your moment to shine. Follow the link and submit by June 30.

The DEF CON 23 Short Story contest entrants are in, and it's time for judging. Your input counts! You can read them all in the forum and give us your vote. As always, thanks to the DC literary community for being dope and sharing their genius with everyone.

Posted 6.1.15

We've got more speakers to announce - this time it's for the DEF CON 101 track. As avid con-goers will know, DC101 is a series of talks geared for attendees looking for grounding in new skills and to looking to broaden their basic skillset.

Check 'em out, mark your calendars accordingly and spread the word.  The official DEF CON 101 track is running throughout the Con this year, so there will be more speakers added soon!

Game of Hacks: Play, Hack & Track
Amit Ashbel and Maty Siman

Abusing XSLT for Practical Attacks
Fernando Arnaboldi

RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID
Francis Brown and Shubham Shah

It's The Only Way To Be Sure: Obtaining and Detecting Domain Persistence
Grant Bugher

Ubiquity Forensics - Your iCloud and You
Sarah Edwards

Crypto for Hackers
Eijah

Extending Fuzzing Grammars to Exploit Unexplored Code Paths in Modern Web Browsers
Saif El-Sherei and Etienne Stalmans

Linux Containers: Future or Fantasy?
Aaron Grattafiori

How to Shot Web: Web and mobile hacking in 2015
Jason Haddix

LTE Recon and Tracking with RTLSDR
Ian Kline

Are We Really Safe? - Bypassing Access Control Systems
Dennis Maldonado

Hacking SQL Injection for Remote Code Execution on a LAMP stack
Nemus

Chellam – a Wi-Fi IDS/Firewall for Windows
Vivek Ramachandran

Bruce Schneier Q&A
Bruce Schneier

Applied Intelligence: Using Information That's Not There
Michael Schrenk

I Am Packer And So Can You
Mike Sconzo

NSM 101 for ICS
Chris Sistrunk

The Bieber Project: Ad Tech 101, Fake Fans and Adventures in Buying Internet Traffic
Mark Ryan Talabis

Hijacking Arbitrary .NET Application Control Flow
Topher Timzen and Ryan Allen

QARK: Android App Exploit and SCA Tool
Tony Trummer and Tushar Dalvi

Posted 5.30.15

More approved presentation goodness - round 3 of DEF CON 23’s accepted speakers is now LIVE. Our team of dedicated reviewers has been hard at work finding the best talks in the mountains of entries, and you are now free to read through the abstracts and start formulating your info-hoovering plan for Vegas.

Three rounds of speaker selections down means that DEF CON really is starting to get close.There are a few more updates to come before the roster is complete, but it’s already clear it’s gonna be a heck of a Con, presentation-wise.  Remember to watch this space and we’ll update you as soon as we have new speaker selections.

Another thing to keep in mind is that there’s more going on, speaker-wise, than just the Official DEF CON tracks. The Villages have their own speakers throughout the con - you can find links to all the individual village websites at http://defcne.net/villages/22.

Malware in the Gaming Micro-economy
Zack Allen and Rusty Bower

Fun with Symboliks
atlas

Cracking Cryptocurrency Brainwallets
Ryan Castellucci

Stagefright: Scary Code in the Heart of Android
Joshua J. Drake

Unbootable: Exploiting the PayLock SmartBoot Vehicle Immobilizer
fluxist

Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion
Marina Krotofil and Jason Larsen

F*ck the attribution, show us your .idb!
Morgan Marquis-Boire, Marion Marschalek, and Claudio Guarnieri

Hacking Smart Safes: On the "Brink" of a Robbery
Dan “AltF4” Petro and Oscar Salazar

Title TBA
Peter Shipley

Machine vs. Machine: Inside DARPA’s Fully Automated CTF
Michael Walker and Jordan Wiens

Pivoting Without Rights – Introducing Pivoter
Geoff Walton and Dave Kennedy

Stick That In Your (root)Pipe & Smoke It
Patrick Wardle

Investigating the Practicality and Cost of Abusing Memory Errors with DNS
Luke Young

Posted 5.26.15

The last qualifying event for DEF CON 23’s CTF competition is in the rear view. For those of you who didn’t compete but want an idea of what a high-level CTF competition looks like, we offer links to some quality write-ups. The write-ups not only give you insight into the competition, but the careful reader can also learn something of the mindset that succeeds at this kind of contest. If you’re on the fence, it’s time to read up, level up and get in the arena. CTF glory awaits.

Posted 5.22.15

Brand new 'Speaker's Corner' post on defcon.org - 'Hackers and Healthcare: A Call to Arms' by Christian “quaddi” Dameff, MD and Jeff “r3plicant” Tully, MD.

Quaddi and r3plicant are hackers who moonlight as physicians, and the piece makes the case that turning around the rash of healthcare industry data breaches and tech failures is going to require cooperation with the hacker community.

If you'd like some more of these hacker/doctor/futurists dropping science,  you're in luck.

from DEF CON 20 'Hacking Humanity: Human Augmentation and You'

from DEF CON 22 'Hacking 911: Adventures in Disruption, Destruction and Death'

Posted 5.19.15

From the upstanding citizens of the Legitimate Business Syndicate:

"Thanks for being a part of our biggest DEF CON CTF qualifiers yet. We're still very excited at how well the 4407 players, 1472 teams, and over 4000 unique IP addresses performed in our game, and have some preliminary results and other information to share with you."

The contest ended with a three-way tie between PPP, DEFKOR and 9447. As the LBS sorts through the data, they'll post everything at https://blog.legitbs.net.

For those of you who'd like to get a close-up view of the action, you can find a whole bunch of writeup goodness at https://github.com/…/…/tree/master/defcon-qualifier-ctf-2015

If you competed and have a write-up to contribute, that's a great place to put it.

Thanks to all the competitors and to the Legitimate Business Syndicate for making everything happen. Good luck to the groups moving on to the big showdown in Las Vegas, where it shall be on like the proverbial Donkey Kong.

Posted 5.15.15

The main CFP is closed, but that doesn't have to mean you can't speak at DEF CON 23.

Several of the Villages are still looking for speakers in their specific subject areas. If your idea is about Crypto/Privacy, IoT, SE or Packet Capture, quick action could still secure you a speaking opportunity before an audience that's passionate about the topic at hand.

Crypto and Privacy village - Deadline June 30

Internet of Things village - Deadline May 26

Social Engineering Village

Packet Capture Village

Posted 5.15.15

The time has come. The final qualification opportunity for CTF at DEF CON 23. Team size - ∞. Registration - open, and available all the way until the contest ends. Battle begins at midnight UTC, May 16 and runs until midnight UTC May 18. If you think you deserve a spot at the Vegas finals, this is your last opportunity to prove it.

For up to date info on the contest you can follow the scoreboard at 2015.legitbs.net/scoreboard or keep an eye on @legitbs_ctf and @defcon.

Prepare your team. Reach for glory. Godspeed, one and all.

Posted 5.14.15

Enjoy a new round of DEF CON 23 speaker selections, on us!

Extracting the Painful (blue)tooth
Matteo Beccaro and Matteo Collura

Switches Get Stitches
Colin Cassidy, Eireann Leverett and Robert M. Lee

USB Attack to Decrypt Wi-Fi Communications
Jeremy Dorrough

Low-cost GPS simulator – generate fake GPS signal by SDR
Lin Huang and Qing Yang

ThunderStrike 2: Sith Strike
Xeno Kovah, Corey Kallenberg, and Trammel Hudson

Drive It Like You Hacked It: New Attacks and Tools to Wirelessly Steal Cars
Samy Kamkar

How to Hack Government: Technologists as Policy Makers
Terrell McSweeny and Ashkan Soltani

Spread Spectrum Satcom Hacking: Attacking The GlobalStar
Colby Moore

Detecting Randomly Generated Domain Names; A Language Based Approach
Mahdi Namazifar

Some Foundational Work Towards Making Deus Ex And The Matrix Real Life Stuff: A Talk On Non-Invasive Sensory Augmentation
Great Scott (Scott Novich)

Staying Persistent in Software Defined Networks
Gregory Pickett

Breaking SSL Using Time Synchronisation Attacks
Jose Selvi

Shall We Play a Game?
Tamas Szakaly

Looping Surveillance Cameras through Live Editing of Network Streams
Eric Van Albert and Zach Banks

'DLL Hijacking' on OS X? #@%& Yeah!
Patrick Wardle

Build A Free Cellular Traffic Capture Tool With A Vxworks Based Femoto
Yuwei Zheng and Haoqi Shan

Reminder: DEF CON 23 Call For Suites and Call for Demo Labs are Open!

Posted 5.14.15

If you've got a project, a gadget or a tool that you'd love to show off to DEF CON attendees, there's still time to sign up for the DEF CON Demo Labs! You bring your wares, and we provide you with a dedicated time and location to show them off. It's a great opportunity to get your project some user testing, cultivate some collaborators or get an idea how your idea rates with the hacker demo. The information you need to sign up is here: https://www.defcon.org/html/defcon-23/dc-23-demolab.html

What would you do with a whole penthouse suite at DEF CON? Throw a party the bards will sing about until the end of days? Film a security 'Shark Tank' reality show? Roomba Thunderdome? Come up with a cool concept, event, or party that will be open to all attendees from Thursday to Sunday and if you are selected DEF CON will release to you or your group one of the suites at a cost of $500 per night - so $2,000 for the con. They usually go for $1,500 to $2,000 per night. You can read the whole announcement on the DEF CON 23 site: https://www.defcon.org/html/defcon-23/dc-23-cfsuites.html

DEF CON in the News: FOIA Edition

Posted 5.12.15

Our humble party game 'Spot the Fed' is getting a lot of press lately.

Which is cool.

The good folks at MuckRock filed a FOIA Request that asked for, among other things, the FBI's files on DEF CON, and at the end of April they got a response in which STF is mentioned specifically a few times.

Which is also cool, but there's a little more to the story that DEF CON fans might be interested to hear.

First: Spot the Fed for the uninitiated.
Spot the Fed is a con amusement enjoyed by hackers and Fed/Gov/LE attendees alike, and it works thusly: Con-goers notice a suspicious 'outdoor kid' lurking about, and they alert a Goon (preferably Priest). With the spotee's permission, Priest or one of his minions asks a battery of questions designed to discover their mode of employment. If MIB status is uncovered in the course of questioning, the spotter and the Fed get T-shirts. Both spotter and spotted are then free to resume their conference unmolested. So it's sort of a catch-and-release program, if you will. We pride ourselves in both our ability to spot Feds, and our ability to return them in the condition received.

Now, a little backstory.

For reference, here's a shakycam recording of a round of Spot the Fed from DEF CON 14, featuring the incisive interrogatory style of Priest.

The picture attached to this post is from DEF CON 2 and features the very first Fed ever Spotted wearing the very first 'I Am the Fed' shirt we ever gave out. Memories.

Astute readers of the FOIA docs

http://www.defcon.org/images/links/foia/FOIA-request-1321038-00.pdf
http://www.defcon.org/images/links/foia/FOIA-1321038-0-defcon12.PDF
http://www.defcon.org/images/links/foia/FOIA-1321038-0_-Defcon8.PDF
http://www.defcon.org/images/links/foia/FOIA-1321038-0_-Defcon3.PDF

will notice that there was another FOIA request for DEF CON still being processed at the time that MuckRock's request was going through. That request came from badass EFF lawyer and frequent DEF CON speaker Marcia Hofmann, and it was filed in response to a Federal Grand Jury investigation that you might recognize from the DEF CON documentary.

The docs actually help solve the nagging mystery DT's talking about in that video.

"I had always assumed the grand jury investigation was related to a National Security investigation, but now that the FBI FOIA is out we know. FEDs don't all attend because of the talks, sometimes they have real work."
-Dark Tangent

The docs are liberally redacted, but they do illustrate the varying levels of interest lavished upon our little party by one of the TLAs in attendance. The docs MuckRock released include reports from DEF CONs 3, 8 and 12.

Despite the hostility people insist on reading into the FBI comments, spotted Feds almost universally take the stage with good humor and answer our questions with patience and more candor than their job descriptions require.

If you want to get in on the FOIA action and see some FBI files of your own, we recommend watching this talk from the aforementioned Marcia Hofmann from DEF CON 18.

Posted 5.11.15

The DEF CON block at Bally’s and Paris is officially sold out. There’s still some good news for procrastinators, though - there’s still room at our con-goer rates at the nearby Flamingo, Link, Planet Hollywood and Caesars. At least, there is room right now. You’re gonna want to act briskly if you want to get the DEF CON group rate.

Here’s the reservation link:
https://aws.passkey.com/g/32601197

And here’s the direct lines to the hotels still offering the DC23 rate:
Flamingo 888-373-9855
Caesar's 866-227-5944
Linq 866-523-2781
PH 866-317-1829

Posted 5.8.15

A friendly reminder from DEF CON HQ:

If you're waiting until the last possible moment to submit your talk proposal for DC23, please be advised that we have arrived at that moment. Sunday May 10 is the last day we'll be accepting entries, so it's time to stock up on Code Red, take a few deep breaths and get that sucker done. We're looking forward to seeing what you've got.

The FAQ is here: https://www.defcon.org/html/links/dc-speakerscorner.html#leah-cfp-process

You've got this. Just make sure we've got it by Sunday.

Posted 5.5.15

Brand new addition to the DEF CON Villages this year - IoT Village! Lots of workshops on hacking off-the-shelf connected devices, live talks and even some contests.

There's also a CFP. If you have a good idea for a talk about the Internet of Things, you've got until May 26 to submit to them at the link below. Topics they're looking for include:

Raiding Internet of Things - Show us how secure (or insecure) IP enabled embedded systems are. Routers, network storage systems, cameras, HVAC systems, refrigerators, medical devices, smart cars, smart home technology, and TVs -- If it is IP enabled, we're interested.

IoT Device Management – Discuss best practices for deploying and building security into IoT devices.

Anything else awesome that involves IoT devices!

https://www.iotvillage.org/#cfp

Posted 5.1.15

This is the home stretch for getting your talk submitted for DEF CON 23. The submission deadline is May 10. If you still have unanswered questions about the process of submission or selection, Leah has created a pretty exhaustive and very useful FAQ on Speaker's Corner!

Posted 4.30.15

We know you have ideas. We know you’ve walked the floor at DEF CON and thought, “I know what kind of contest or event this place needs. One day I’m gonna get MY idea for Roomba Thunderdome to DEF CON and rule this place."

That one day is today (but not if your idea is Roomba Thunderdome - that’s mine). It’s time to take your great idea for a DEF CON contest or event and submit it to us. If it’s good enough, and you get it submitted by May 30, you may get to see your idea become a glittering Las Vegas reality.

The information you need to manifest your brilliance has a Forum thread. Go there and make us proud.

Posted 4.28.15

The DEF CON 23 Call for Vendors is now open, so if you have a product or merchandise you want to put in front of thousands of hackers you should check out defconvendors.com . It’s all there – all the info, the vendor area layout and even a surprisingly thorough FAQ. As always, we run out of vendor space pretty fast, so it’s a good idea to get yourself registered as soon as you can. The early bird catches the worm, and the late bird has pallets stacked with regret.

Posted 4.27.15

May 10 will be upon us in less than a fortnight - is your submission prepared? Tarry no longer, friends. Fortune favors the bold.

Submit to the DEF CON 23 CFP before glory slips from your grasp.

Posted 4.24.15

Our speaker selection elves have been hard at work, sifting through the proposals for DEF CON 23, and they have a Friday present for you. The first round of Speaker Selection is done!

Did you feel that? That’s DEF CON 23 getting REAL, people. August 6 is closer than it sounds.

The selections are available for your inspection on the Speaker Page. More will be posted in the coming days, so check back from time to time. Also, if you have a talk you want to see on this list, you only have until May 10 to submit it to us. That is hella soon, so get on it!

Posted 4.23.15

Reminder: The DEF CON Villages are up and rocking at the ‪#‎tribecafilmest‬ in NYC! Four Villages (Crypto/Privacy, Hardware Hacking, Tamper Evident and Lockpicking) full of hands-on activities and clever humans spreading hackish knowledge.

The Villages are live today through Saturday, and our founder Dark Tangent will be speaking Saturday at noon. LosT, our resident mad crypto scientist and creator of the Mystery Challenge will also be making an appearance.

It's all going down at Spring Studios at 50 Varick St. You can find out more at https://tribecafilm.com/…/tribeca-film-festival-2015-def-con .

Posted 4.21.15

If the DEF CON Shoot is part of your traditional DC festivities, it's time to get yourself signed up and get a lane rented. The event organizers are hoping that all lane rental requests will be in by July 1, so don't delay.

If you don't know about the DEF CON Shoot and you want to know more, the link below has a lot of good information to get you on your way.

http://deviating.net/firearms/defcon_shoot/registration.html

Flashback Friday: Airplane Security

Posted 4.17.15

In light of the story about Chris Roberts of One World Labs being pulled off a plane by the FBI after talking on air about some of the risks inherent in in-flight networking, for #defconflashbackfriday we give you two talks on the subject of security in the air.

The first is from DEF CON 22. The presenters are Dr. Philip Polstra and Captain Polly and it's entitled "Cyberhijacking Airplanes: Truth or Fiction?" 
http://youtu.be/Uy3nXXZgqmg

From way back at DEF CON 20, we also offer "Hacker + Planes = No Good Can Come of This" by Renderman.
http://youtu.be/mY2uiLfXmaI

The security research community does indispensible work in the public interest. Making that work inconvenient or impossible serves only the bad guys.

Posted 4.16.15

While the classic Film Noir period happened in the 40s and 50s, the style and preoccupations of Noir are alive and well. Sometimes referred to as Neo-Noir - here’s five notable takes on the genre that will get you up to speed:

Blade Runner: The undisputed champion of sci-fi flavored Film Noir. Hard-boiled private investigator, rain-slicked streets drowning in neon and depravity, a secret so dark we keep it from ourselves. Add to this the insanely detailed and haunting visual design - still maybe the most beautiful dystopia ever committed to celluloid - and you have a permanent chart-topper.

Blood Simple: The Coen Brothers' debut film about small-town jealousy and betrayal is both a love letter to Noir and a darkly comic blast of adrenaline that still stands up over 30 years later. The plot is an ever-tightening noose of bad faith and personal corruption.

The Killer: John Woo. Chow Yun-fat. Doves, the Hong Kong skyline and So.Many. Bullets. A grimly beautiful tale of underworld honor and devotion with operatically insane actions sequences that are still being copied around the world.

Brick: Underappreciated high-school noir starring Joseph Gordon-Levitt as the dogged investigator determined to find the truth, damn the consequences. The setting and the distinctive slang make it unique, the performances make it a first-ballot hall-of-famer.

The Yellow Sea: 2010 film by South Korea’s Na Hong-jin about an ethnic Korean (Joseonjok) taxi driver in Yanji, China. His twin obsessions with gambling and his estranged wife lead him into a murder plot that’s way out of his depth. You might watch some of this through your fingers, but it’s compelling cinema and steeped in Noir style.

Honorable mentions: To Live and Die in L.A, Shallow Grave, Oldboy, The Last Seduction.

Posted 4.14.15

Attention, Inkslingers: DEF CON 23 Press Reg is open. The details and requirements are available on the Press Registration Page.

–30–

Posted 4.13.15

Reminder to everyone in the vicinity of NYC, a sampling of DEF CON is making an appearance at the Tribeca Film Festival! Four Villages (Hardware, Crypto, Tamper-Evident and Lockpicking), and three Panels covering the way hacking gets portrayed on the silver screen. The festivities start Thursday, April 23, topped off with a talk by Dark Tangent at noon on Saturday, April 25.

The filmmakers at TFF have a voice in how hackers are seen by the world. Come by and make sure that we do,too.

https://tribecafilm.com/stories/tribeca-film-festival-2015-def-con

Posted 4.10.15

Announcing yet another cool way you can participate in DEF CON: the DEF CON Demo Lab!

New for DEF CON 23 we are adding an place for you to show off your tools, projects, and tech to attendees - much like a poster board session but with computers.

The DEF CON Demo Lab is a dedicated area for hackers to show off what they have been working on, to answer questions, and even convert attendees into trying of giving feedback on their projects.

Presenters will be given a dedicated time and location to present a tool or project of their creation; show what it does, how it works, and why we need it in our arsenal.

Got something you’re itching to share? Get involved!

Full details at: https://www.defcon.org/html/defcon-23/dc-23-demolab.html

Posted 4.9.15

On the 3rd floor of Ballys South tower, The Jubilee Tower, lay seven rooms [1], each one 1,400 sq feet. That's enough space for about 55 people in classroom format. What to do with all that space away from the main action of the convention? I've wanted to try workshops and trainings for years but we have never had the room once we filled up the Rio. Now we finally have some space at the new hotels so I am calling on the community to tell us what we should do with the rooms.

Check out the Call for Workshops for full details!

Posted 4.8.15

For the first time ever, DEF CON is teaming up with the Tribeca Film Festival to bring a few of its famous Villages to New York. The Villages – interactive spaces stocked with gear, projects and brilliant humans – immerse the visitor in particular nodes of hacker culture. Hands-on activities, eye-opening presentations and open-ended experimentation combine to bring out the hacker in everyone.

Join us April 23 - April 25th, 2015 in Studio X of Spring Studios and you will:

• Learn to pick a lock in the Lock Picking Village.

• Make your devices and identity more secure by seeing how the bad guys operate in the Privacy/Crypto Village.

• Study the noble art of voiding all your warranties in the Hardware Hacking Village.

• Get schooled in the hacker's most important skill in the Social Engineering Village.

• Discover what it takes to open that weird security envelope without leaving a trace in the Tamper-Evident Village.

https://tribecafilm.com/festival/springstudios

Posted 4.7.15

On the top floor of Ballys are four penthouse suites, and we are calling for people or groups who are interested in renting them and throwing something cool for the hacking community. Here is the deal:

Come up with a cool concept, event, or party that will be open to all attendees from Thursday to Sunday and if you are selected DEF CON will release to you or your group one of the suites at a cost of $500 per night - so $2,000 for the con. They usually go for $1,500 to $2,000 per night. You can read the whole announcement at:

https://www.defcon.org/html/defcon-23/dc-23-cfsuites.html

We’re looking for performers. If you’ve got a band, or some righteous DJ skills, or you are crazy good at Tuvan throat singing, we want to hear from you. DEF CON is a big event, and our rocking requirements are substantial. Even if you just want to spin some chilly beats for con-goers on a caffeine comedown - we want your application.

If you have the goods to rock the people, fill out this form. Get in the ring. Win DEF CON.

DEF CON 23 Call for Music

Posted 4.6.15

To get you in the mood for DEF CON’s Noir theme, we offer some Film Noir knowledge and recommendations.

Noir is a slippery category, but it’s generally taken to mean films with a cynical worldview, moody, stylized cinematography and stories that turn on darker human impulses: lust, greed, vengeance.  They are stories of the desperate and the doomed, the outsiders who will never really belong to polite society.

The golden age of film noir is the 1940s and 50s, but the genre left its mark all over popular culture and great noir (or neo-noir, if you’re not into the whole brevity thing) is still being made today.

Double Indemnity: Arguably the film that kicked off the genre. All the elements are present. The lighting is dramatic, the dialog is sharp and the plot turns on murder for easy money. Directed by the great Billy Wilder and written by detective fiction immortal Raymond Chandler. Double Indemnity is the heavyweight champ of golden age noir, with 7 Oscar Nominations.

Kiss Me Deadly: Adapted from the Mickey Spillane novel of the same name. Starts with a disreputable private eye picking up a terrified hitchhiker escaping from a mental hospital wearing only a trench coat, and then things get weird. A Cold War parable with a breakneck plot, a mysterious box and as pitch-black an opinion of the human condition as you could put on screen in 1955.

Out Of The Past: To create the mood of a good noir, you need actors with moodsetting skills - lurking, looming, smoking with intent. No one has ever been better at doing those things than Robert Mitchum. Pay close attention to his looming work in this film. 10/10 would cross the street to avoid. Bonus: You can check out Mitchum being extra foreboding in 'Night of the Hunter'.

D.O.A: Some of the plot tricks in this movie might seem familiar, but only because directors borrow from it all the time. D.O.A. was pretty avant-garde in its time.

Our protagonist is dying - soon. He uses the remainder of his rapidly expiring time to find out who murdered him and see justice done. Lots of newer movies use the forced clock, the backwards storytelling, the inside-out murder mystery but very few of them do it any better.

Touch of Evil: The opening shot - a long, unbroken meander through the scene of our intrigue - is a clinic on mood-setting. Questionable makeup choices aside, this is the platonic ideal of what a dark melodrama should look like.

Honorable mentions: The Killers. The Asphalt Jungle. The Big Sleep.