Recent News

DEFCON LinkedIn Group DEFCON Facebook Page DEFCON Twitter DEFCON RSS Feed

Huge Speaker Update!

Posted 7.11.11 by DEF CON

Here are 46 more reasons to be at DEF CON 19!

When Space Elephants Attack: A DEFCON Challenge for Database Geeks
Abstrct

IP4 TRUTH: The IPocalypse is a LIE
Sterling Archer and Freaksworth

Security When Nano Seconds Count
James "Myrcurial" Arlen

Beat to 1337: Creating A Successful University Cyber Defense Organization
Mike Arpaia, Ted Reed and Nick Capalbo

Pillaging DVCS Repos For Fun And Profit
Adam Baldwin and EvilPacket

Chip & PIN is Definitely Broken
Andrea Barisani, Adam Laurie, Zac Franken and Daniele Bianco

Federation and Empire
Emmanuel Bouillon

Building The DEF CON Network, Making A Sandbox For 10,000 Hackers
David M. N. Bryan, Luiz Eduardo, Steve Kirk, Heather Guse, Chris MCeniry, Derek Anderson and Michael Moore

Physical Memory Forensics for Cache
Jamie Butler

Lives On The Line: Securing Crisis Maps In Libya, Sudan, And Pakistan
George Chamales

Kernel Exploitation Via Uninitialized Stack
Kees Cook

Taking Your Ball And Going Home; Building Your Own Secure Storage Space That Mirrors Dropbox's Functionality
Phil Cryer

PCI 2.0: Still Compromising Controls and Compromising Security
Jack Daniel, James Arlen, Joshua Corman, Alex Hutton, Martin McKeay and Dave Shackleford

Former Keynotes - The Future
Dark Tangent, Rod Beckstrom, Jerry Dixon, Tony Sager and Linton Wells

Bit-squatting: DNS Hijacking Without Exploitation
Artem Dinaburg

A Bridge Too Far: Defeating Wired 802.1x with a Transparent Bridge Using Linux
Alva 'Skip' Duckwall

Virtualization Under Attack: Breaking Out Of KVM
Nelson Elhage

Steganography and Cryptography 101
eskimo

Cellular Privacy: A Forensic Analysis of Android Network Traffic
Eric Fulton

UPnP Mapping
Daniel Garcia

Gone in 60 Minutes: Stealing Sensitive Data from Thousands of Systems Simultaneously with OpenDLP
Andrew Gavin

Bulletproofing The Cloud: Are We Any Closer To Security?
Ramon Gomez

An Insider's Look at International Cyber Security Threats and Trends
Rick Howard

The Art of Trolling
Matt 'openfly' Joyce

Tracking the Trackers: How Our Browsing History Is Leaking into the Cloud
Brian Kennish

And That's How I Lost My Eye: Exploring Emergency Data Destruction
Shane Lawson, Bruce Potter and Deviant Ollam

Don't Fix It In Software
Katy Levinson

Pervasive Cloaking
William Manning

We're (The Government) Here To Help: A Look At How FIPS 140 Helps (And Hurts) Security
Joey Maresca

DEF CON Comedy Jam IV, A New Hope For The Fail Whale
David Mortman, Rich Mogull, Chris Hoff, Dave Maynor, Larry Pesce, James Arlen, Rob Graham

Ask EFF: The Year in Digital Civil Liberties
Kurt Opsahl, Kevin Bankston, Marcia Hofmann, Hanni Fakhoury, Peter Eckersley and Rebecca Reagan

Hacking Google Chrome OS
Kyle 'Kos' Osborn and Matt Johanson

Malware Freak Show 3: They're pwning er'body out there!
Nicholas J. Percoco and Jibran Ilyas

Sneaky PDF
Mahmud Ab Rahman

Why Airport Security Can't Be Done FAST
Semon Rezchikov, Morgan Wang and Joshua Engelman

"Whoever Fights Monsters..." Confronting Aaron Barr, Anonymous, and Ourselves
Paul Roberts, Aaron Barr, Joshua Corman and Jericho

What Time Are You Anyway?
Michael Robinson

Build your own Synthetic Aperture Radar
Michael Scarito

Net Neutrality Panel
Michael "theprez98" Schearer, Abigail Phillips, Deborah Salons and Todd Kimball

Attacking and Defending the Smart Grid
Justin Searle

Are You In Yet? The CISO's View of Pentesting
Shrdlu

Hacking the Global Economy with GPUs or How I Learned to Stop Worrying and Love Bitcoin
Skunkworks

Steal Everything, Kill Everyone, Cause Total Financial Ruin! (Or How I Walked In And Misbehaved)
Jayson E. Street

Brute forcing Interactive Voice Response (IVR) Systems
Harish Skanda Sureddy

How To Get Your Message Out When Your Government Turns Off The Internet
Bruce Sutherland

Web Application Analysis With Owasp Hatkit
Martin Holst Swende and Patrik Karlsson

Wireless Aerial Surveillance Platform
Mike Tassey and Rich Perkins

The Future of Cybertravel: Legal Implications of the Evasion of Geolocation
Marketa Trimble

DEF CON Workshops are Live!

New for Def Con 19, Workshops extends the experience of learning to the classroom. Take your time and get it right by getting some hands-on time with hardware, software, and picking the minds of some of the most interesting hackers in their fields. Bring your thinking cap and get ready to be schooled. Read On...

The DEF CON Awards!

New, for DEF CON 19 - the DEF CON Awards! DEF CON introduces the DEF CON Awards to recognize people/projects/companies for their competence (or lack thereof) in the hacking or security world. Nominations will be accepted for the categories below until July 6th, 2011. Voting will be conducted online for three of the categories from July 8th - July 29th, 2011 (voting link will be provided at a later time).

Do you have a favorite hacker oriented author that best represents the hacker lifestyle and scene? Do you have inside knowledge of the most interesting malware to hit the net this year? Or was there a media outlet that best represents the WORST in coverage of real news concerning hackers or security topics? Now's your chance to have a voice. Get your nominations in today, and give credit where credit is due. Be sure to provide supporting information, such as links to websites, news articles, or software.

Turn in your nominations here: http://www.surveymonkey.com/s/2JDHC23

So Many Speakers!

Posted 6.22.11 by DEF CON

Take a minute to peruse this fantastic set of additions to the DEF CON 19 line-up!

Fingerbank — Open DHCP Fingerprints Database
Olivier Bilodeau

PacketFence, The Open Source Nac: What We've Done In The Last Two Years
Olivier Bilodeau

Kinectasploit: Metasploit Meets Kinect
Jeff Bryner

Metasploit vSploit Modules
Marcus J. Carey and David Rude

Look At What My Car Can Do
Tyler Cohen

VDLDS — All Your Voice Are Belong To Us
Ganesh Devarajan and Don LeBert

Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Tom Eston, Josh Abraham, and Kevin Johnson

Handicapping the US Supreme Court: Can We Get Rich by Forceful Browsing?
Foofus

Strategic Cyber Security: An Evaluation of Nation-State Cyber Attack Mitigation Strategies
Kenneth Geers

Smartfuzzing the Web: Carpe Tuorum Foramina
Nathan Hamiel, Gregory Fleischer, Justin Engler, and Seth Law

Economics of Password Cracking in the GPU Era
Robert "Hackajar" Imhoff-Dousharm

Battery Firmware Hacking
Charlie Miller

Big Brother on the Big Screen: Fact/Fiction?
Nicole Ozer

Archive Team: A Distributed Preservation of Service Attack
Jason Scott

Insecurity: An Analysis Of Current Commercial And Government Security Lock Designs
Marc Weber Tobias, Matt Fiddler, and Tobias Bluzmanis

DIY Non-Destructive Entry
Schuyler Towne

Seven Ways to Hang Yourself with Google Android
Jacob West and Yekaterina Tsipenyuk ONeil

Key Impressioning
Jos Weyers

Phishing and Online Scam in China
Joey Zhu

Vanquishing Voyeurs: Secure Ways To Authenticate Insecurely
Zoz and Andrea Bianchi

New Talks

Posted 6.18.11 by DEF CON

Here's another bundle of talks to whet your appetite for DEF CON Madness! More to come in the next couple days!

Dust: Your Feed RSS Belongs To You! Avoid Censorship!
Chema Alonso and Juan Garrido "Silverhack"

I Am Not a Doctor but I Play One on Your Network
Tim Elrod and Stefan Morris

"Get Off of My Cloud": Cloud Credential Compromise and Exposure
Ben Feinstein and Jeff Jarmoc

From Printer To Pwnd: Leveraging Multifunction Printers During Penetration Testing
Deral Heiland

I'm Your MAC(b)Daddy
Grayson Lenik

SSL And The Future Of Authenticity
Moxie Marlinspike

Hacking MMORPGs for Fun and Mostly Profit
Josh Phillips

How Haunters Void Warranties
Reeves Smith

Network Nightmare: Ruling The Nightlife Between Shutdown And Boot With Pxesploit
Matt "scriptjunkie" Weeks

Traps of Gold
Andrew Wilson and Michael Brooks

Talks Keep on Coming!

Posted 6.11.11 by DEF CON

Another batch of fine DEF CON content has been added to the mix! Check out newest additions to our line-up!

The Art and Science of Security Research
Greg Conti

Internet Kiosk Terminals : The Redux
Paul Craig

Introduction to Tamper Evident Devices
datagram

Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests
Rob Havelt and Wendel Guglielmetti Henrique

Sounds Like Botnet
Itzik Kotler and Iftach Ian Amit

Panel: Is it 0-day or 0-care?
Jake Kouns, Brian Martin, Steve Christey, Carsten Eiram, Art Manion, Dan Holden, Alex Hutton and Katie Moussouris

Vulnerabilities of Wireless Water Meter Networks
John McNabb

Blinkie Lights: Network Monitoring with Arduino
Steve Ocepek

My password is: #FullOfFail! — The Core Problem with Authentication and How We Can Overcome It
Jason M. Pittman

Mobile App Moolah: Profit taking with Mobile Malware
Jimmy Shah

Weaponizing Cyberpsychology and Subverting Cybervetting for Fun, Profit and Subterfuge
Chris "TheSuggmeister" Sumner and alien

Staring into the Abyss: The Dark Side of Crime-fighting, Security, and Professional Intelligence
Richard Thieme

DC19 CTF Quals Update!

Posted 6.7.11 by DEF CON

Another DEF CON CTF Qualification round has passed, and with it 12 teams will ascend to their slots in the DEF CON 19 Capture the Flag Competition. The qualifying teams have not been posted just yet, so keep an eye on ddtek.biz for the winners, and we'll announce them as well when we have the results. For now, we have collected as many write-ups as we could find from this year's Quals for your consumption!

Challenge repository at Shell-storm.org
http://repo.shell-storm.org/CTF/Defcon-19-quals/

Several write-ups at http://daxnitro.com/quals/

Binary 100
http://blog.securestate.com/post/2011/06/06/Defcon-19-CTF-Pre-Quals-Binary-100-Challenge.aspx
http://neobits.org/?p=825 (Espanol)

Forensics 100
http://blizz.se/f100.html
http://www.bryceboe.com/2011/06/05/defcon-19-quals-forensics-100-and-forensics-300-solution/
http://www.phx2600.org/archive/2011/06/05/forensics-100-defcon-ctf-quals/

Forensics 300
http://www.bryceboe.com/2011/06/05/defcon-19-quals-forensics-100-and-forensics-300-solution/
http://blog.securestate.com/post/2011/06/06/DEFCON-19-CTF-Quals-Forensics-300.aspx

Grab Bag 100
http://michele.spagnuolo.me/articles/web-security/defcon-ctf19-quals-grab-bag-100-writeup.html

Grab Bag 200
http://securityblackswan.blogspot.com/2011/06/defcon-19-ctf-qualifiers-gb200.html
http://nonroot.blogspot.com/2011/06/writeup-gb200-ctf-quals-defcon.html (Espanol)

Retro Revisited 300
http://blizz.se/rr300.html
http://files.skyshadows.net/ctf/retro300.txt

Retro Revisited 500
http://dpaste.com/hold/551499/

Potent Pwnables 300
http://securityblackswan.blogspot.com/2011/06/defcon-19-ctf-qualifiers-pp300.html

More Speakers Posted!

Posted 6.3.11 by DEF CON

Another poppin' fresh batch of speakers is now live on the speaker page. Here's a handy list of the new offerings!

Bosses love Excel, Hackers too.
Chema Alonso and Juan Garrido "Silverhack"

Three Generations of DoS Attacks (with Audience Participation, as Victims)
Sam Bowne

Familiarity Breeds Contempt
Sandy "Mouse" Clark and Brad "RenderMan" Haines

Cipherspaces/Darknets: An Overview Of Attack Strategies
Adrian Crenshaw "Irongeek"

Speaking with Cryptographic Oracles
Daniel Crowley

Smile for the Grenade! "Camera Go Bang!"
Vlad Gostom and Joshua Marpet

Assessing Civilian Willingness to Participate in On-Line Political and Social Conflict
Thomas J. Holt and Max Kilger

Hacking and Securing DB2 LUW Databases
Alexander Kornbrust

PIG: Finding Truffles Without Leaving A Trace
Ryan Linn

Hacking .Net Applications: The Black Arts
Jon McCoy

Safe to Armed in Seconds: A Study of Epic Fails of Popular Gun Safes
Deviant Ollam

Port Scanning Without Sending Packets
Gregory David Pickett

CTF Quals Begin Tomorrow!

Posted 6.2.11 by DEF CON

You only have a few scant hours left (00:00:00 UTC) to register for the DEF CON 19 CTF Qualifcation Round, which begin tomorrow at 19:00:00 UTC. This is the event that separates the hackers from the kiddies, to send the top 12 teams to battle for the glory that comes with winning a DEF CON Capture the Flag Competition.

Register and get all the info at http://ddtek.biz!

New Contests and Events!

Check out a few of the new contests and events coming to DEF CON 19!

DEF CON Beard & Moustache Championships
Due to the growing number of awesome beards at DEFCON and the (popularity?) of the shitshow that is beardsmanship, it's time that folks were recognized for letting their unix beards fly.

DEF CON Radio
Defcon Radio will be streaming live radio action 24/7 during the con. Speaker interviews, news, party coverage...correspondants will crawl the trenches of con to bring you entertainment. Are you not entertained?

DEF CON Bike
Rent bicycles, hire a guide, and endure a 2 Hour bike ride in the Las Vegas heat! Got Water?

Forensics Contest
The Network Forensics Puzzle Contest is a challenging mystery requiring contestants to forensically analyze packet captures (and more!) to uncover an evil plot.

Artwork and Short Story Contests Open!

The DEF CON Artwork Contest is again underway! This year's theme is reminiscent of those 60's and 70's spy movies and TV shows like "The Man from U.N.C.L.E", "Our Man Flint", and "James Bond", with a hacker angle and a little grit. We have dubbed this theme "Haxploitation". (Read on...)

For the wordsmiths out there, the DEF CON 19 Short Story contest is also open, and similar themed. Find out about it at https://forum.defcon.org/showthread.php?t=12156

Good Luck!

Time Grows Short.

Hola friends! This is just a reminder that deadlines are looming. The Call for Papers ends May 27th, so if you're planning to submit a talk you have just over a week to put that proposal together! Find the CFP Announcement at https://www.defcon.org/html/defcon-19/dc-19-cfp.html, and the Call for Papers form at https://www.defcon.org/html/defcon-19/dc-19-cfp-form.html.

Also looming is the deadline for the DEF CON 19 Contest/Event RFI. June 1st is when you need to have your proposal for the latest great or time tested contest or event submitted to Pyr0. You can find the RFI at https://forum.defcon.org/showthread.php?t=12113.

Good luck and remember: DEF CON is what you make it.

New Site, Speakers Up.

DEF CON 19 Pool

Posted 5.6.11 by DEF CON

Welcome to the spankin new site for DEF CON 19! Have a look around, see what's new, and while you're at it, check out the first batch of Speakers!

Deceptive Hacking: How Misdirection Can Be Used Steal Information Without Being Detected
Bruce "Grymoire" Barnett

Abusing HTML5
Ming Chow

Mamma Don't Let Your Babies Grow Up to be Pen Testers - (a.k.a. Everything Your Guidance Counselor Forgot to Tell You About Pen Testing)
Dr. Patrick Engebretson and Dr. Josh Pauli

Getting F*cked On the River
Gus Fritschie and Mike Wright

Jugaad – Linux Thread Injection Kit
Aseem "@" Jakhar

Black Ops of TCP/IP 2011
Dan Kaminsky

Hacking Your Victims Over Power Lines
Dave Kennedy (ReL1K)

DCFluX in: License to Transmit
Matt Krick "DCFluX"

Balancing The Pwn Trade Deficit – APT Secrets in Asia
Anthony Lai, Jeremy Chiu and PK

Covert Post-Exploitation Forensics With Metasploit
Wesley McGrew

VoIP Hopping the Hotel: Attacking the Crown Jewels through VoIP
Jason Ostrom

Getting SSLizzard
Nicholas J. Percoco and Paul Kehrer

This is REALLY not the droid you're looking for...
Nicholas J. Percoco and Sean Schulte

WTF Happened to the Constitution?! The Right to Privacy in the Digital Age
Michael "theprez98" Schearer

Runtime Process Insemination
Shawn Webb

Staying Connected during a Revolution or Disaster
Thomas Wilhelm

Network Application Firewalls vs. Contemporary Threats
Brad Woodberg

As always, stay tuned to our Twitter, RSS Feed, or Facebook page for all the news as it happens!

DEF CON 19 Contest/Event RFI is Live!

PyrØ Has posted the DEF CON 19 Contest & Event Request for Information on the DEF CON Forums. If you have, or are currently thinking about running a contest or an event at DEF CON, this is the info you need to be considered for space, power and network connectivity! Submit your contest data by filling out the form at the bottom.

Here's a big shout out to Deviant Ollam for being on top of things and being the first to submit an RFI for the Beverage Cooling Contraption Contest!

More DEF CON 19 News!

Things are starting to heat up for DEF CON 19! Here are a few of the recent developments:

DEF CON Scavenger Hunt has SPONSORS!!

ThinkGeek.com and evilmadscientist.com are confirmed sponsors of the scavenger hunt, they will be offering up prizes and special offers. They won't announce specific prizes until at Def con but good news is we know that Think Geek will be offering a discount code, usable for ordering off their website during the convention, limited time offer! The coupon code for ThinkGeek DEF CON attendees will be made available at the Scavenger Hunt table in the contest area and will be announced via our twitter feeds @_Defcon_ and @defconscavhunt.

Here is a throwback to the past! Check out this Scavenger hunt list from 14yrs ago! We hope you enjoy a little nostalgia from DEF CON 5 courtesy of Mike Schrenk!

Skytalks CFP is Open!

From the DEF CON Forums:

TLDR:
Who: You
What: Skytalks IV CFP
When: Now - CFP Closes 23:59:59 MDT (UTC-06) 31 May 2011
Why: Because you've got the warez to share
Where: dcskytalks@gmail.com - WE RESERVE THE RIGHT TO POINT AND LAUGH
IF WE CAN'T READ YOUR SHIT IN A TEXT EDITOR. THIS MEANS YOU, MICROSOFT WORD USERS.
Updates: http://is.gd/5Y8eyM

Back by popular demand, Skytalks returns for its fourth year of technical prowess, side-track talks, and semi-coherent rants by some of the legends of the community. Never mind that we aren't actually IN a skybox this year, we'll still fill it to capacity, have lines running down the hallways for three talks in advance, and we'll recapture that original Defcon spirit and party like it's 1992. (Read on…)

You can track the movements of Skytalks on Facebook and Twitter as well:
Facebook: http://is.gd/0d8skZ
Twitter: @dcskytalks

DC101 Site

You can keep up on what's happening with DEF CON 101 by checking out the the new site at http://defcon.stotan.org/dc101/

DEF CON 19 Vendor Area!

The vendor area at DEF CON 19 is growing by 1000 sq. ft. this year, so all of your favorite vendors will be back and maybe a few new ones!

If you are interested in becoming a Vendor at DEF CON, Roamer has posted the updated Vendor FAQ at: http://defcon.hackingyour.net/vendor-FAQ.html


As always, you can keep up on all of the latest DEF CON 19 news at https://www.defcon.org, the DEF CON RSS Feed, The DEF CON Twitter, or on the DEF CON Facebook Page!

DEF CON 19 Call for Music!

Are you a Band or a DJ who wants to perform at DEF CON 19? Then answer the Call for Music freshly posted by DJ Great Scott! You can check out the write-up at https://forum.defcon.org/showthread.php?p=119223 as well as download the application!

Hurry up and apply, as the Deadline is Sunday May 15! Good luck!

DEF CON 19 Call for Workshops!

Are you a leader, 'leet hacker, a ninja in your field? Do you have a passion to teach and share your knowledge? Got something interesting you are dying to talk about? We're looking for workshops from people like you. If you are interested in being part of the very first ever DEF CON Workshop team, submit now! (Read on...)

DEF CON 19 News!

DEF CON 19 Pool

Posted 4.1.11 by DEF CON

Here's what's going on in the world of DEF CON:

The Pool Is Open!

Bring your suits and stow your tech, because poolside shenanigans in the wee hours are coming back to DEF CON! This year we will have 24hr pool access to Pool 4 (pictured) at the Rio! We're not even April foolin!

DDTek Announces CTF Quals!

It's that time again, and your first step to joining the ranks of leetness that can only come from a win in the DEF CON Capture The Flag. That's right, DDTek has announced the qualification round for the 2011 DEF CON CTF!

Tamper Evident Returns!

DT's Tamper Evident Contest is coming back this year with some new surprises. It might be time to brush up on your super sneaky methods for opening things you aren't supposed to, and keep your eye on the Tamper Evident Forum for details as they surface.

Stay tuned to our Twitter, RSS Feed, or Facebook page for all the news as it happens!