DEF CON 26 Homework Assignments Roll On!
We've given you a lot of reading so far, so here's an assignment that can be completed in under two hours - The 2006 Alfonso Cuarón film 'Children of Men'.
The movie fits the theme of 1983 by being a thoughtful and moving study of hope and resistance in the face of calamity and misrule. It also features a bunch of stellar performances and some crazy precision camera work (keep your eyes peeled for the long, unbroken takes).
'Children of Men' fits our theme in other ways, too - the set design could hardly be more in line with our DC26 style guide. Concrete skies, graffiti, neglected brutalist edifices everywhere - it's probably as close to a match as you're going to find so feel free to take inspiration from it.
Watch this space for more assignments!
DEF CON in the News!
The DEF CON Voting Village co-hosted an event with the University of Chicago's Harris School of Public Policy to highlight cyber vulnerabilities in our elections infrastructure. At the event, Noah Praetz, Director of Elections with the Cook County, IL Clerk's office issued "2020 Vision" a plan that details ways federal, state, and local government can work together to improve the security posture of U.S. voting infrastructure.
You can read the plan here: https://www.defcon.org/images/defcon-25/Election Security White Paper_Praetz_12062017.pdf
DEF CON in the News!
Here's the full video of a hearing of the House Subcommittee on Information Technology regarding the Cybersecurity of Voting Machines. One of the testifiers was Matt Blaze, security superhero and DEF CON Voting Village organizer. It's a good read for anyone who wants to be thoroughly grounded on the state of election security and the plan for moving forward.
"The results of the Voting Village were summarized in detail in a report. It is notable that participants, who did not have any previous special expertise in voting machines or access to any proprietary information or source code, were very quickly able to find ways to compromise every piece of equipment in the Village by the end of the weekend. Depending on the individual model of machine, participants found ways to load malicious software, gain access to administrator passwords, compromise recorded votes and audit logs, or cause equipment to fail. In most cases, these attacks could be carried out from the ordinary interfaces that are exposed to voters and precinct poll workers. The first machine was compromised by a participant within 90 minutes of the doors opening."
You can read the full report from the Voting Village.
And a transcript of Matt's remarks
DEF CON 26: The Homework Continues!
The heart of the DEF CON 26 theme is the concept of the counterfuture. The counterfuture is the open-source alternative to totalitarian dystopia; a world where we use tech and ingenuity for empowerment and connection rather than isolation and control.
In the spirit of the counterfuture, we offer book two in our pre-con homework series: ‘Cryptonomicon’ by Neal Stephenson. It’s a bit of an epic, so you’ll want to pencil in some real reading time. The story concerns two historical inflection points, WWlI and the eve of the 21st century. In both eras, Crypto and savvy are all that protect us from a spreading and despotic darkness. In both, hackers (of various kinds)are the carriers of the counterfuture.
Enjoy, and stay tuned for more assignments.
DEF CON 26 Call for CTF Organizers Reminder!
Friendly reminder to all of you Capture the Flag rock stars - there’s still time to put your stamp on the Super Bowl of CTFs at DEF CON 26!
We’re looking for a team with big ideas and the skills to execute under pressure. A team that wants to push the limits and create challenges that people talk about for years.
If that’s you, read the requirements at https://www.defcon.org/html/links/dc-ctf-cfo.html and get in touch. We look forward to seeing what you’ve got.
DEF CON 26: The Homework Begins!
In keeping with the DC tradition of releasing a list of books, movies and other cultural products to help you get into the headspace of our theme, we offer the first suggested reading assignment: 'Little Brother' by digital-age soothsayer and frequent DEF CON speaker Cory Doctorow.
Don't let the YA trappings trip you up - the book contains a toothsome examination and critique of the dangers of the police state and the role that hackers, makers and like-minded troublemakers can play in turning the tide.
It's also fun. Share your thoughts with us in the comments and stay tuned to this space for your next assignment.
Happy Thanksgiving from DEF CON!
DEF CON 26 Theme Announcement!
The time has come to announce the theme for DEF CON 26 - It's '1983'. Think of it as T Minus One in the countdown to 1984.
We can't wait to see how you use it.
More details here.
DEF CON in the News: Confessions of a First Time Speaker
For your Thursday enjoyment, we have a fun look into the experience of a first time speaker at DEF CON 25 this year. The take away? You won’t talk at DEF CON if you don’t pony up and submit! Spoiler Alert: Persist!
You can view the author, Jim Nitterauer’s talk regarding DNS Privacy on our YouTube channel:
DEF CON 25 - Jim Nitterauer - DNS: Devious Name Services Destroying Privacy & Anonymity w/o consent
As always, enjoy and pass it on!
Packet Hacking Village Videos Have Hit YouTube!
Our mission to monopolize your spare mind-cycles continues with 22 talks from this year’s very popular Packet Hacking Village. It’s a lot, we know, but we have faith in you. Enjoy, learn a lot of fun new network shenanigans and make sure to share what you learn.
Live now on YouTube, Main Speaking Track Talks from DEF CON 25!
Maybe don’t make a lot of weekend plans. For this Throwback Thursday is we have a playlist of 53 main track talks from DEF CON 25. No matter your interests, you’re definitely going to run out of weekend before you run out of talks to watch. (This math does make some assumptions about sleep and general life maintenance - be safe out there). Go ahead and bask in that monitor glow, get yourself some knowledge and don’t forget to pass it on.
More Assorted Talks from DEF CON 25!
Another set of talks in the AFK vein for your edification. Hacking wind farms, the DEF CON 101 panel, hacking the human genome - it’s a nice assortment of subjects. A bouquet, if you will.
HighWiz, Malware Unicorn, Niki7a, Roamer, Wiseacre, Shaggy - DEF CON 101 Panel
Inbar Raz, Eden Schochat - From One Country, One Floppy to Startup Nation
Jason Hernandez, Sam Richards, Jerod MacDonald-Evoy Tracking Spies in the Skies
John Sotos - Genetic Diseases to Guide Digital Hacks of the Human Genome
Matt Wixey - See no evil, hear no evil: Hacking invisibly & silently with light & sound
Octane - Untrustworthy Hardware and How to Fix It
Snide Owen - Phone system testing and other fun tricks
Whitney Merrill, Terrell McSweeny - Tick, Tick, Tick Boom You're Dead: Tech & the FTC
Jason Staggs - Breaking Wind: Adventures Hacking Wind Farm Control Networks
Enjoy, embiggen, and pass it on.
BioHacking Village Talks are Live on YouTube!
More videos for your edification and enlightenment from the DEF CON 25 BioHacking Village. If you’ve spent any time with the BHV, you know the kind of cutting edge information they bring to the conference. If you haven’t, there’s no better time than right now. Biotech is moving fast and the singularity waits for no one.
As ever, pass it on.
Caesars Room Block expanded for DEF CON 26!
Good news, everyone! We’ve managed to get a bunch more rooms at Caesars Palace into our special rate block. If you’re planning to attend DEF CON 26 and want some of those sweet, sweet onsite lodgings at a substantial discount, the time for action is upon you.
To register at Caesars with our room rate, use the link https://aws.passkey.com/gt/212381033?gtid=281c2a2f3267f177478f6cb65cf90b8b
This link will also get you the discount at several nearby affiliated hotels. While supplies last.
Recon Village Video from DEF CON 25!
Today’s video release is 15 presentations from a new village on the block - Recon Village. Something for anyone interested in any flavor of Open Source Intelligence, Threat Intelligence, Reconnaissance and Red Teaming.
Tyler Rorabaugh - DFIR Automation Orchestration Tools For OSINT Recon
Tracy Maleeff - Into the Bird's Nest: A Comprehensive Look at Twitter
Winner Announcement Prize Distribution
Simon Roses - OSINT Tactics on Source Code and Developers
Shane MacDougal - Keynote: Seeing is Believing The Future of Recon
Mikhail Sasonkin - Up Close and Personal: Keeping an Eye On Mobile
Leah Figueroa - FERPA: Only Grades Are Safe; OSINT In Higher Education
Kunal Aggarwal - DataSploit Open Source Assistant for OSINT
Jason Haddix - Domain Discovery:Expanding Your Scope Like A Boss
Inbar Raz - Do Tinder Bots Dream of Electric Toys
Guillermo Buendia, Yael Esquivel - How To Obtain 100 Facebooks a Day
Dakota Nelson -Total Recoll
Anthony Russell - Building Google For Criminal Enterprises
Andrew Hay - An Introduction to Graph Theory for OSINT
Abhijeth Dugginapeddi - Recon and Bug Bounties What A Great Love Story
Take one down and pass ‘em around. Sharing is caring.
Live on YouTube, Car Hacking Village Video from DEF CON 25!
Let’s start the video release week off strong with ten talks from the DEF CON 25 Car Hacking Village! AUTOSAR, GPS Integrity, SDR Relay Attacks - there’s a lot to keep your brain occupied in here. Also, as a bonus, there’s also an auto-hacking related talk from the main track on low-budget auto hacking.
Mickey Shkatov, Jesse Michael, Oleksandr Bazhaniuk - Driving down the rabbit hole
Weston Hecker - Grand Theft Radio Stopping SDR Relay Attacks
Vlad Gostomelsky - GPS System Integrity
Tim b1tbane, Mitch Johnson, ehntoo - That's No Car Its a Network
Sheila Ayelen Berta, Claudio Caracciolo - The Bicho
Sameer Dixit, Vlad Gostomelsky - Abusing Smart Cars with QR Codes
Montalbano, Gillispie, Connett - Attacking Wireless Interfaces
Jeffrey Quesnelle - An Introduction to AUTOSAR Secure Onboard
Woodbury, Haltmeyer - Linux Stack Based V2X Framework
Badge Life: DEFCON Unofficial Badges Panel
Corey Theun - Heavy Truck and Electronic Logging Devices
Enjoy, and remember to pass ‘em on. More shortly.
Assorted Video Tales from DEF CON 25!
Today’s DEF CON 25 video releases are a variety of novel presentations that take us away from the keyboard and workstation and into the wider world.
Kevin Sacco - Tales of A Healthcare Hacker
Rhett Greenhagen - Skip Tracing For Fun and Profit
J0n J4rv1s - Surveillance Capitalism Will Continue til Morale Improves
Gus Fritschie, Evan Teitelman - Backdooring the Lottery and Other Security Tales
Svea Eckert, Andreas Dewes - Dark Data
Chris Sumner - Rage Against the Weaponized AI Propaganda Machine
Ryan Lackey - Cypherpunks History
Yan Shoshitaishvili - 25 Years of Program Analysis
Manfred - Twenty Years of MMORPG Hacking: Better Graphics, Same Exploits
Pass it on, and watch this space.
Wifi Village Talks are Live on YouTube!
The DEF CON 25 video release train rolls on today with 11 talks from the Wifi Village. From suitcase repeater builds to replace attacks on home security networks, there’s something there for everyone.
Woody, Tim Kuester - GODUMPiNG packet sniffing the Gotenna
Vivek Ramachandran, Nishant Sharma, Ashish Bhangale- Deceptacon
Robert Ghilduta - Designing An Automatic Gain Control
Nick Delewski - Failsafe: Yet Another SimpliSafe Attack Vector
Matt Blaze - Sigint for the rest of us
Eric Escobar - SecureWorks: SDR Replay Attacks On Home Security Systems
Balint Seeber - Hacking Some More of the Wireless World
Andrew Strutt - Suitcase Repeater Build for UHF 70cm
Andrew Strutt - POCSAG Amateur Pager Network
Alexander Zakarov - Large Scale Wireless Monitoring: KISMET Packet Sniffer
Aardvark, Darkmatter - WIGLE Like You Mean It Maximizing Your Wardriving
Enjoy, share and stay tuned!
The Voting Machine Hacking village talks from DEF CON 25 are on YouTube!
Hackers owning all the machines at the DEF CON 25 Voting Machine Hacking Village has gotten a lot of press, but the Village also had a roster of talks on the subject from experts like Matt Blaze and Gen. Douglas Lute. The need to reconsider the security of election systems is one of the biggest ideas to come out of DC25, and this playlist is a good way to get yourself up to speed on the state of ballot security.
Jake Braun - Securing the Election Office: A Local Response
Joseph Hall, David Jefferson - Common Misconceptions and False Parallels
Matt Blaze - How did we get here? A history of Voting Technology
Mary Brady, Josh Franklin - The State of US Voting System Security
Joseph Hall - Election Hacking: Legal Considerations from the Civil Side
Harri Hursti - Brief history of election machine hacking
General Douglas Lute - National Security Implications of Voting Attacks
Barbara Simons, David Jefferson - Election Systems: More Than the Booth
As always, pass it on. Share the knowledge.
More on the way.
DEF CON 25 Social Engineer Village Talks on YouTube!
The wise hacker never underestimates the human factor - unlike machines and code humans are eager to be fooled and notoriously difficult to patch. To help expand your horizons in this crucial skillset we present a bunch of talks from the DEF CON 25 Social Engineering Village.
Yaiza Rubio, Félix Brezo - Heavy Diving For Credentials
Tyler Rosonke - Social Engineering With Web Analytics
Robert Wood - Thematic Social Engineering
Jayson E. Street - Strategies on Securing Your Banks and Enterprises
Helen Thackray - Hackers Gonna Hack , But Do They Know Why?
Fahey Owens - Beyond Phishing – Building & Sustaining a Corporate SE Program
Chris Hadnagy - SE vs Predator: Using SE In Ways I Never Thought
Brent White, Tim Roberts - Skills For A Red Teamer
Billy Boatright - Nor Lose The Common Touch
Michele Fincher - Are You Killing Your Security Program?
Keith Conway, Cameron Craig - Change Agents How to Effect Change in Corporate Culture
John Nye - The Human Factor Why Are We So Bad at Security
As always, take some knowledge, share some knowledge.
Many more videos on the way.
ICS Village Talks from DEF CON 25 on YouTube!
Today’s DEF CON 25 videos come from the Industrial Controls Systems (ICS) Village, where we learn about the security challenges confronting the nervous system of modern life.
For the low, low price of time and attention you get:
Thomas Brandsetter - InSecurity in Building Automation
Joe Weiss - Cyber Security Issues with Level 0 through 1 Devices
Chris Sistrunk - What's the DFIRence for ICS
Bryson Bort, Atlas - Grid Insecurity and How to Really Fix This Shit
Blake Johnson Dissecting Industrial Wireless Implementations
Arnaud Soullié - Fun with Modbus 0x5a Nothing New Still Relevant?
Settle yourself in and get hip to the ICS news. Be the hit of every cocktail party with all your new ideas about DFIR and Modbus!
Pass it on and stay tuned for more.
DEF CON 25 Privacy Talks on YouTube!
Another batch of DEF CON 25 talks for your weekend perusal, this time focused on Privacy and pulled from the main speaking track at DEF CON. For those you who can’t get enough presentations on this subject, rest assured that the presentations from the DEF CON 25 Crypto and Privacy Village will follow next week.
Cooper Quintin and Kashmir Hill - The Internet Already Knows I’m Pregnant
Jim Nitterauer - DNS: Devious Name Services Destroying Privacy & Anonymity w/o consent
Peyton Engel - Learning about Government Surveillance Software
Roger Dingledine - Next Generation Tor Onion Services
Richard Thieme - When Privacy Goes Poof! Why It's Gone and Never Coming Back
Tess Schrodinger - Total Recall Implanting Passwords in Cognitive Memory
Weston Hecker - Opt Out or Deauth Trying! AntiTracking Bots & Keystroke Injection
Block out some time, get yourself some hot cocoa and enjoy. As always, spread the love and share the content.
More to come. Stay tuned.
IoT Talk Videos from DEF CON 25!
Hacktober begins. The unleashing of the videos from DEF CON 25 has been initiated.
Today, we have a themed playlist of 15 IoT-centered videos, from the main tracks and the IoT Village alike. Prepare to have your commitment to workplace productivity tested. Enjoy them, be mentally embiggened by them, and share them widely before the DVR botnets swamp us all.
Watch this space for more playlists. It’s all happening.
Happy Hacktober to all.
C-SPAN coverage of Voting Machine Security Forum
Here's the C-SPAN coverage from the aformentioned Atlantic Council event, enjoy!
DEF CON 25 Voting Machine Hacking Village Report Released!
Today at a Washington DC event hosted by the Atlantic Council, the long-awaited DEF CON 25 Voting Village Report was released. You can even watch the presentation live on CSPAN 2 - The Dark Tangent is headlining the event!
During the weekend of DEF CON 25, every single device in the Voting Village was compromised. The report we’re releasing today gives a glimpse into how much we were able to discover in only a few days. Any committed threat actor would devote vastly more time and resources, and we believe that democratic governments must treat the security of election systems with the same rigor and investment as they do their borders.
We entered into this experiment as a non-partisan public service, believing that discussion about solutions has to start with a realistic assessment of what needs fixing. The DEF CON community has a lot of talent in that kind of work, and we saw a way we could contribute.
We would like to thank everyone who joined us in the Voting Village to test the machines, everyone who collaborated on the report, the Atlantic Council for helping us share the results and the Library of Congress for granting an easement of the DMCA provisions that would have blocked this research. This project is a great example of government making room for independent researchers to bring their talents to an issue that matters to all of us. Here’s hoping there will be more success stories like this one.
LegitBS Blog on Running CTF for DEF CON!
Vito from the Legitimate Business Syndicate has started blogging about the experience of running the past five (stellar) DEF CON CTF Contests.
Recommended read for anyone interested in CTF, especially anyone considering responding to our call for CTF Organizers. LBS is top-shelf, and if you’re going to learn, they’re the kind of teachers you want.
DEF CON Capture the Flag Call for Organizers!
After five years of exemplary stewardship of the DEF CON CTF, the shadowy masterminds of the Legitimate Business Syndicate are ready to retire to the shore house. However, whenever life closes a door, hackers jimmy open a window. LegitBS will be missed, but for someone out there a giant opportunity has just opened up.
We know some of you have genius ideas for making your own mark on the world’s premiere CTF competition, we want your proposal. In return for your fresh blood and fanatical devotion, we offer eternal geek glory and a place in the pantheon next to LegitBS, DDTEK, Kenshoto and the all theheroes who have made this contest their own.
There’s a lot you’ll need to know to submit, and you can read all about it on our CTFCFO page.
For inspiration, check out this Mega-panel of previous CTF organizers from DEF CONs past, courtesy of DEF CON 25.
If you’re ready to graduate from the combat arena to the control room, get your ideas together and let’s make some magic. Valhalla awaits.
DEF CON in the news: High Sierra edition
Frequent DEF CON speaker and OSX security guru Patrick Wardle drops some 0day on the eve of Apple’s macOS rollout. 0day with plaintext password exfiltration.
A little more of Patrick’s excellent work from DEF CON 25 - his presentation on OSX Fruitfly.
DEF CON 25 News Roundup: Voting Machines Edition
The #votingvillage we introduced at DEF CON 25 is still in the News - mainly because it’s being cited as one of the driving forces behind a growing shift in attitudes about the security of ballot machines.
In Virginia, the State Board of Elections voted to decertify it’s touchscreen voting machines in time for the November gubernatorial election, and one of the reasons given was the discoveries at DEF CON. We’re hoping for increased focus on security and accountability in our voting systems, and we are pleased to see the subject getting broader attention.
There’s also a very informative episode about DEF CON by the fine people who do all the ‘How Stuff Works’ podcasts. The first half is devoted to a thorough explanation of DC history and the second half is an interview with the wonderful Shannon Morse (@Snubs) about her experiences there as a human and in her professional capacities as a vendor and journalist. It’s from their TechStuff series and it’s worth a listen, especially if you’re new to the community.
The DEF CON 25 Soundtrack Raises Funds for the EFF!
In case you didn't know, the DEF CON 25 Soundtrack is available on Bandcamp as a 'pay-what-you-want' item. All proceeds go directly to keep the exemplary humans at the EFF fighting for the users. So for a modest donation you get dope music from DC25 performers and that warm feeling that only comes from selfless do-goodery.
The DEF CON A&E Team also auctioned off an artist badge for $321. Add that to the current Bandcamp sales of $423.37 and our donation match and you get a current payout to EFF of $1506.
"But the EFF does so much!" you say. "Surely I can still contribute to push that number higher?"
To which we respond, "Yes. Yes you can."
Click that link. Get some tunes. Relive the sounds of DEF CON 25 and toss a little change in the bucket to help the EFF keep cyberspace free.
Do it today, and then make sure to pass it on.
Early Release Video: Patrick Wardle's "Offensive Malware Analysis"
Ease into your weekend with another DEF CON 25 early release video! This time it's Patrick Wardle's presentation "Offensive Malware Analysis: Dissecting OSX FruitFly via a Custom C&C Server". It's a quick talk, but there's lots to chew on here.
As always, enjoy and pass it on.
Cyber Grand Challenge Analysis from DEF CON 24
Take a deep dive into the DEF CON 24 Cyber Grand Challenge with this video from DARPAtv, because what's cooler than autonomous supercomputers battling for supremacy? Clear a little time (it's a bit over 2 hours of analysis) and get yourself educated.
Early Release Video - DC to DEF CON
Now we take you way back to July 2017 for a leisurely Q&A with two impressively clued-in congresspeople; Rep. James Langevin from Rhode Island and Rep. Will Hurd from Texas.
Ever wondered if there was such thing as a “hacker-friendly” member of Congress? We found some and convinced them to come to DEF CON so you can meet them too! In this first-of-its-kind DEF CON session, two of the most hacker-friendly Congress critters will join DEF CON for an engaging and interactive session with the security research community.
Join the Atlantic Council’s Cyber Statecraft Initiative for a candid discussion with Representatives Will Hurd (R-TX) and James Langevin (D-RI). The two Congressmen share their thoughts on the latest developments in cybersecurity policymaking on the Hill, exchange ideas, and maybe even answer some of the Congressmen’s questions.
As always, enjoy and pass it on.
DEF CON 25 Link Roundup!
Check out a few of the wrap ups and reviews From DEF CON 25!
DEF CON 25 Social engineer Village Wrap Up
Packet hacking Village Presentation Slides
Hacker Warehouse coverage of the DEF CON 25 Voting machine hacking Village
Early Release Videos: Plore - Popping a Smart Gun, & Max Bazaliy - Jailbreaking Apple Watch
Another couple of DEF CON 25 early release videos to brighten up your midweek, in which Plore shows you how 15 bucks and some hacker ingenuity can turn a fancy smart gun back into a regular old dumb gun.
We also have Max Bazaliy's brief but info-dense presentation about the Apple Watch. Max walks through the Watch's vulnerabilities and methods of exploitation and closes with a demo of a jailbreak.
As always, enjoy and pass it on.