Speaker Index

Speakers will be posted as they are selected.


HighWiz, The Dark Tangent, Russr, DJ Jackalope, Deviant Ollam, Thorn, ThePrez98, LosT, Noid, Siviak

What is DefCon 101?

With the ever expanding landscape of DefCon: the amount of Games and Contests, the Parties, the Villages, the vast array of Art and Music... All that is going on and to do can be quite daunting to New People beginning their first DefConian adventure. There are even many long time DefCon attendees who come for the talks but may feel overwhelmed or intimidated by many of the other activities happening at the Con. DefCon 101 hopes to change that by providing those people with the information they need to help take the first steps of their journey in the world of DefCon and the DefCon Community.

HighWiz lives in a pineapple under the sea and has a penchant for buggery. He enjoys pushing the bounds of decency to their break point and tries not to take himself too seriously. HighWiz also goes by Grindelwald the Dark Wizard - is the maintainer of the Unofficial DefCon FAQ as well as is busy constructing the world's largest Hard-on Collider.

The Dark Tangent Bio to Come

Russr has been involved since Defcon 6 and in his humble beginnings served as a cable junky and adhoc security. After a couple of years, he took responsibility for the vendors, helping to arrange their space and collect table fees. Somewhere around Defcon 12, Russ had an epiphany and took over the organization of the contests and events, ensuring that the POCs for these activities had the resources they needed to help the con go off without major mayhem ensuing. Want to know about all the delicious contests and events at Defcon? Russ is the man. That's why he is here to school you about these Defcon delights.

Karen Maeda aka Miss Jackalope holds a degree in Information Systems and has been heavily involved with the professional security community for over 9 years. A veteran of Defcon and other security conventions, Karen has co-taught multiple classes around the world in lockpicking, no-tech hacking, social engineering, and various other methods to expose risk. Her long-term assistance with the various incarnations of the "Lockpick Village" has helped accelerate the growth of the physical security community and taught 1000's of people the art of defeating lock mechanisms. Currently, she is a Security Engineer at Lares, where her daily tasks range from education to active engagements with clients.

Deviant Ollam While paying the bills as a network engineer and security consultant, Deviant Ollam's first and strongest love has always been teaching. A graduate of the New Jersey Institute of Technology's "Science, Technology, & Society" program, he is always fascinated by the interplay that connects human values and social trends to developments in the technical world. A member of the Board of Directors of the US division of TOOOL (The Open Organization of Lockpickers) Deviant runs the Lockpicking Village at DEF CON and ShmooCon. A fanatical supporter of First Amendment rights who believes that the best way to increase security is to publicly disclose vulnerabilities, Deviant has conducted lockpick training sessions at Black Hat, ToorCon, HOPE, HackCon, ShakaCon, HackInTheBox, SecTor, CanSecWest, and has even had the honor of lecturing the cadets at the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.

Frank Thornton ("Thorn") As a network security consultant, Frank likes to do bad things to bad networks. RFID and wireless networking are two things he finds especially interesting, and he tries to break those a lot. Frank has been a past contributor to two ANSI Standard workgroups, helping define transmission standards for law enforcement data.

When he's not actually breaking and fixing networks and wireless devices, Frank can usually be found writing about them. He has authored and co-authored nine books related to security, wireless networking, and RFID, and is always amazed and humbled when people tell him that they read and actually liked the books.

ThePrez98 Michael Schearer ("theprez98") spent nearly nine years in the United States Navy as an EA-6B Prowler Electronic Countermeasures Officer. His military experience includes aerial combat missions over both Afghanistan and Iraq and 9 months on the ground doing counter-IED work with the U.S. Army. He is a graduate of the Department of Defense's Survival, Evasion, Resistance and Escape (SERE) School as well as other survival and outdoor training. Michael is a licensed amateur radio operator, an active member of the Church of WiFi, and enjoys spending time outdoors. He lives in Maryland with his wife and four children.]

Ryan (LosT/1057) Clarke LostboY is the creator of the LosT @ Con Mystery Challenge (often referred to as "Mystery Box"), one of the most unique and challenging contests at Defcon. His ideas lead to the creation of the Hardware Hacking Village, which he co-created with Russr. Academically his research has been focused on: Computational Mathematics, Cryptography, Electrical Engineering, Robotics and Embedded Systems, East Asian Languages, Number Theory, Network Security, and others. Currently he is the Professor of Robotics and Embedded Systems for the University of Advancing Technology. When he has time he maintains LostboY.net and attempts to improve his contact juggling skills to the level of DA ;). BTW, he's got your number: Feel odd? Dead last, decoded...

Noid has been involved with computers for over 20 years. Noid began playing with computers at the age of 10, operating a BBS out of his parents house. Ever since then noid has taken an interest in how technology works and the security aspects relating to its use. noid is one of the organizers of DEF CON, LayerOne, and is a founding member of the Black Lodge, a hackerspace operating in Washington state. noid has spoken on security topics and privacy issues for the Association of Internet Professionals, Microsoft, the University of California at Irvine, and at Cisco. noid is fascinated by fire, dangerous with tools, and curious about this emotion you humans call love.

A 10+ year veteran of DefCon, Siviak has managed to talk himself past security, drink himself past door-guards and party himself well past the brink of exhaustion... And he never does it alone, he's always made sure that more than a few of us were along for the ride.

return to top

Unmasking You

Joshua "Jabra" Abraham Security Expert at Rapid7
Robert "RSnake" Hansen CEO, Founder of SecTheory

Many people and organizations depend upon proxies and numerous other privacy techniques to mask their true identity. The problem is there are often flaws within these technologies. This talk will demonstrate several of these flaws and as well as weaknesses in well known implementations. There will be several new anti-privacy 0days released.

Mr. Abraham joined Rapid7 in 2006 as a Security Consultant. Josh has extensive IT Security and Auditing experience and worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. In the past, he has spoken at ShmooCon, Infosec World, OWASP Boston, LinuxWorld, Comdex and BLUG. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, Nikto, Fierce, and PBNJ.

Mr. Hansen (CISSP) has worked for Digital Island, Exodus Communications and Cable & Wireless in varying roles from Sr. Security Architect and eventually product managing many of the managed security services product lines. He also worked at eBay as a Sr. Global Product Manager of Trust and Safety, focusing on anti-phishing, anti-DHTML malware and anti-virus strategies. Later he worked as a director of product management for Realtor.com. Robert sits on the advisory board for the Intrepidus Group, Just Thrive, previously sat on the technical advisory board of ClickForensics and currently contributes to the security strategy of several startup companies.

return to top

Wi-Fish Finder: Who Will Bite the Bait

MD Sohail Ahmad Senior Wireless Security Researcher, AirTight Networks
Prabhash Dhyani Wireless Security Researcher

Threat of Evil Twin and Honeypots lurking at office parking lots and public hotspots are well known yet awareness level among WiFi users about exposure to such threats remains quite low. Security conscious WiFi users and IT administrators too don't have any simple tools to assess security posture of WiFi clients active in their airspace.

Wi-Fish Finder is a tool for assessing whether WiFi devices active in the air are vulnerable to "phishing" attacks. Assessment is performed through a combination of passive traffic sniffing and active probing techniques. Most WiFi clients keep a memory of networks (SSIDs) they have connected to in the past. Wi-Fish Finder first builds a list of probed networks and then using a set of clever techniques also determines security setting of each probed network. A client is a fishing target if it is actively seeking to connect to an OPEN or a WEP network. Clients only willing to connect to WPA or WPA2 networks are not completely safe either! To find out why , come and attend this talk and witness some live action. There is >50% chance that your laptop will bite the bait!

MD Sohail Ahmad is a senior wireless security researcher at AirTight Networks. Mr Ahmad possesses strong background in secure driver development, protocol development, and open source tool development. His areas of interests include WiFi security, 802.11n, 802.11w protocol development, Network security assessment and vulnerability analysis etc.

Prior to this, he has also demonstrated the more potent form of Evil Twin Attack called "Multipot" in Defcon-15. He discovered "Caffe Latte" attack which was presented in ToorCon9, which was about retrieving WEP key from an isolated client in the absence of its authorized access point. In Defcon-16, he had presented "Autoimmunity disorder in Wireless LANs".

Prabhash Dhyani is a wireless security researcher working with Airtight Networks. His interest includes wireless and network security research and tool building. His recent work "New Avatars of Honeypot Attacks on WiFi Networks" was presented in Hack.In 2009 conference held at IIT Kanpur, India. He holds BTech in Information Technology (IT) from IIIT Allahabad.

return to top

Tactical Fingerprinting Using Metadata, Hidden Info and Lost Data

Chema Alonso MVP Enterprise Security, CTO Inform·tica64
Jose Palazon "Palako" Yahoo!

In 2003 Tony Blair was "bytten" by a word document which its metadata demonstrated had been edited. Since that days a lot of advisories warning about to keep free of undesired data all published document shown up around the whole Internet... but times went by and people don't worry so much about this BIG problem. In this session you will see how analyzing all published documents in a website is possible to fingerprint a lot of (if not almost all) information about the internal network. This session will show you how to use FOCA tool to collect the files, gathering the information from ODF, MS Office, PDF/EPS/PS files, cross the information found with artificial intelligence rules and fingerprint big amount of info about the network structure, matching IP address with internal server names, printers, shared folders, ACLs...and to show how it can effectively be used by security consultants who traditionally could only offer source code fixes.

Chema Alonso is a Computer Engineer by the Rey Juan Carlos University and System Engineer by the PolitÈcnica University of Madrid. He has been working as security consultant last six years and had been awarded as Microsoft Most Valuable Professional since 2005 to present time. He is a Microsoft frequent speaker in Security Conferences. He writes monthly in several Spanish Technical Magazines. He is currently working on his PhD thesis about Blind Techniques. Recently spoke in BH Europe 2008 about LDAP Injection & Blind LDAP Injection attacks, in Defcon 16 about Time-Based Blind SQL Injection using heavy Queries, in Toorcon X about RFD (Remote File Downloading), in DeepSec 2k8 in Austria. Recently has been selected to be presenting in HackCon#4 in Norway, in SchmooCon 2k9 in Washington DC and in Black Hat Europe 2009.

Jose Palazon (Palako) is responsible for Mobile security worldwide at Yahoo!. He is 8+ years experienced in security advisory and training, covering private companies, government and academics in both areas. His areas of expertise include mobile, web and unix systems security as well as digital forensics.

return to top

Preparing for Cyber War: Strategy and Force Posture in the Information-Centric World

Dmitri Alperovitch VP Threat Research, McAfee
Marcus Sachs Director, SANS Internet Storm Center
Phyllis Schneck VP Threat Intelligence, McAfee
Ed Skoudis Founder & Senior Security Consultant, InGuardians

Cyber warfare is the new hot topic of debate in political and military circles in Washington. This panel of cyber policy experts will explore the definition and reality of a cyber warfare threat, focusing on offensive capabilities and military doctrines of our potential nation-state adversaries, debate the deterrence strategies, and operational and legal frameworks guiding the use of defensive and offensive capabilities of the United States. Finally, the panel will discuss the range of options available to US policy makers for preparing for and responding to a cyber attack on this country.

Dmitri Alperovitch is VP of Threat Research at McAfee. He leads the company’s research in Internet threat intelligence analysis, focusing on mail, web, malware and other network threats. Mr. Alperovitch is a leading inventor of numerous patent-pending technologies, including company’s industry-leading in-the-cloud reputation service, TrustedSource. With more than 10 years of experience in the field of information security, he has accomplished extensive research in the areas of reputation systems, spam detection, public-key and identity-based cryptography, as well as network intrusion detection and prevention. Mr. Alperovitch has significant experience working as a subject-matter expert with all levels of U.S. and International law enforcement on analysis, investigations and profiling of transnational organized criminal activities. In addition, he is a recognized authority on online organized criminal activity and cyber security, and has been quoted in numerous articles, including those by Associated Press, Business Week, New York Times, Los Angeles Times, USA Today, and Washington Post. He has been a featured speaker and panelist at numerous law-enforcement, industry and academic security conferences. Mr. Alperovitch holds a Master of Science in Information Security and a Bachelor of Computer Science from Georgia Institute of Technology.

Since 2003, Marcus Sachs has served as the director of the SANS Internet Storm Center, an all-volunteer Internet early warning service sponsored by the SANS Institute in Bethesda, Maryland. The organization traces its roots back to the Y2K era, when a group of Internet security professionals began exchanging technical information via shared databases. Sachs retired from the U.S. Army in 2001 following a 20 year career as an engineer and systems automation officer, and was subsequently appointed by the President to serve in the White House Office of Cyberspace Security. Since leaving public service in 2003 he has continued to work closely with government and business stakeholders in task forces, working groups, committees, and trade associations as a cyber security expert supporting the National Security and Emergency Preparedness community in Washington, D.C. He is a member of the CSIS Commission on Cyber Security for the 44th Presidency and serves on the executive committees of both the Information Technology and the Communications Sector Coordinating Councils. He holds degrees in Civil Engineering, Science and Technology Commercialization, and Computer Science, and is currently pursuing a Ph.D. in Public Policy.

Dr. Phyllis Schneck is Vice President and Director of Threat Intelligence for the Americas for McAfee, Inc. In this role, she is responsible for design and applications of McAfee’s threat intelligence, strategic thought leadership around technology and policy in cyber security, and leading McAfee initiatives in critical infrastructure protection and cross-sector cyber security. For more than 14 years, Dr. Schneck has had a distinguished presence in the security and infrastructure protection community, most recently as a Commissioner and a working group Co-Chair on public/private partnership for the CSIS Commission to Advise the 44th President on Cyber Security. Dr. Schneck server for eight years as a chairman of the National Board of Directors of the FBI’s InfraGard program and founding president of InfraGard Atlanta, growing the InfraGard program from 2000 to over 30,000 members nationwide. Named one of Information Security Magazine’s Top 25 Women Leaders in Information Security, Dr. Schneck briefed the Japanese Government on information sharing and infrastructure protection, and was the moderator of the White House Town Hall Meeting in Atlanta for the National Strategy to Secure Cyberspace in June of 2002. She holds three patents in high-performance and adaptive information security, and has six research publications in the areas of information security, real-time systems, telecom and software engineering. Dr. Schneck received her PH.D. in Computer Science from Georgia Tech, and pioneered the field of information security and security-based high-performance computing at Georgia Tech. She maintains a seat on the Advisory Board of the Johns Hopkins University Department of Computer Science, served on the Steering Committee for the Sam Nunn Information Security Forum as well as a term on the Georgia Tech Advisory Board, and co-founded the Georgia Tech Information Security Center and the Georgia Electronic Commerce Association’s Working Group on Information Security.

Ed Skoudis is a co-founder and Senior Security Analyst with InGuardians, a Washington DC based information security consulting firm. Ed teaches SANS Security 504, "Hacker Techniques, Exploits and Incident Handling," and 517, "Cutting Edge Hacking Techniques," on a regular basis. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues. He has performed numerous security assessments, provided detailed expert witness services in cases involving major credit card theft, and responded to computer attacks for clients in the financial, high technology, healthcare, and other industries. Ed conducted a demonstration of hacker techniques against financial institutions for the United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has published several articles on these topics, as well as the books Counter Hack Reloaded and Malware: Fighting Malicious Code. Ed was also awarded 2004, 2005, and 2006 Microsoft MVP awards for Windows Server Security, and is an alumnus of the Honeynet Project. Previous to InGuardians, Ed served as a security consultant with International Network Services (INS), Predictive Systems, Global Integrity, SAIC, and Bell Communications Research (Bellcore).

return to top

Down the Rabbit Hole: Uncovering a Criminal Server

Iftach Ian Amit Director, Security Research, Aladdin

In this talk I'll cover the research efforts done when we managed to come across a criminally operated server running the latest Neosploit (and other goodies).

During the research there have been several crucial points of interest such as the discovery of compromised credentials, getting into the applications used by the criminals to manage the infections, and the infection channels, as well as a few hairy moments of being logged in to the server while "someone" else was also logged in (from a notorious location that has been brought down after an article at the Washington Post - McColo...).

With more than 10 years of experience in the information security industry, Ian (Iftach) Amit brings a mixture of software development, OS, network and Web security expertise as a Managing Partner of the top-tier security consulting and research firm Security-Art. Prior to Security-Art, Ian was the Director of Security Research for the Content Security Business Unit at Aladdin Knowledge Systems, where he created the AIRC (Attack Intelligence Research Center). Prior to joining Aladdin, Amit was Director of Security Research at a global Internet security company, leading its security research while positioning it as a leader in the Web security market. Amit has also held leadership roles as founder and CTO of a security startup in the IDS/IPS arena, developing new techniques for attack interception, and director at Datavantage responsible for software development and information security, as well as designing and building a financial datacenter. Prior to Datavantage, he managed the Internet application and UNIX worldwide. Amit holds a Bachelor's degree in Computer Science and Business Administration from the Interdisciplinary Center at Herzlya.

return to top

Pre-Con Introduction to Lock Picking

Alek Amrani Longhorn Lock Picking Club Officer

Make it out before DEF CON starts, and venture into lock sporting with the Longhorn Lock Picking Club. Learn to lock pick from one of the largest lock sporting organizations in the western hemisphere. This is a great opportunity for anyone trying to dodge the incredibly popular (read: crowded) Lock Picking Village but don't want to try learning on their own.

Alek Amrani is currently the Vice-President of the Longhorn Lock Picking Club (LLPC). The LLPC, based out of the University of Texas at Austin, is currently one of the largest, most active lock sporting organizations in the western hemisphere. He is currently the Information Security Programmer for the University of Texas at Austin's Information Security Office.

return to top

Session Donation

Alek Amrani

It's easier to give away than it is to take. Apply that theory to Session Hijacking, and enter Session Donation.

Session Donation is a computer session attack that attempts to gain information by taking session hijacking in an entirely new direction. Session Donation is an interesting new spin on an old attack that is much harder to prevent than it's predecessor, and equally as dangerous.

Alek Amrani is currently an Information Security Programmer for the Information Security Office at the University of Texas at Austin where he is also pursuing a degree in Computer Science. He's interested in all areas of security from physical to computational, and is also the vice-president of the Longhorn LockPicking Club. Generally described by his friends as 'paranoid', Alek enjoys introducing himself as people he's not, looking over his shoulder, taking different routes home, and creating new passwords in his spare time.

return to top

Your Mind: Legal Status, Rights and Securing Yourself

James "Myrcurial" Arlen Security Researcher
Tiffany Rad President of ELCnetworks, LLC. and Adjunct Professor at University of Southern Maine's Computer Science Department

As a participant in the information economy, you no longer exclusively own material originating from your organic brain; you leave a digital trail with your portable device's transmitted communications and when your image is captured by surveillance cameras. Likewise, if you Tweet or blog, you have outsourced a large portion of your memory and some of your active cognition to inorganic systems. U.S. and International laws relating to protection of intellectual property and criminal search and seizure procedures puts into question protections of these ephemeral communications and memoranda stored on your personal computing devices, in cloud computing networks, on off-shore "subpoena proof" server/jurisdiction-hopping platforms, or on social networking sites. Although once considered to be futuristic technologies, as we move our ideas and memories onto external devices or are subjected to public surveillance with technology (Future Attribute Screening Technology) that assesses pre-crime thoughts by remotely measuring biometric data such as heart rate, body temperature, pheromone responses, and respiration, where do our personal privacy rights to our thoughts end and, instead, become public expressions with lesser legal protections? Similarly, at what state does data in-transit or stored in implantable medical devices continuously connected to the Internet become searchable? In a society in which there is little differentiation remaining between self/computer, thoughts/stored memoranda, and international boundaries, a technology lawyer/computer science professor and a security professional will recommend propositions to protect your data and yourself.

James "Myrcurial" Arlen, CISA, is a security consultant most recently engaged as the CISO of a mid-market publicly traded financial institution. He has been involved with implementing a practical level of information security in Fortune 500, TSE 100, and major public-sector corporations for more than a decade. James has a recurring column on Liquidmatrix Security Digest. His areas of interest include organizational change, social engineering, blinky lights and shiny things.

Tiffany Rad Tiffany Strauchs Rad, MA, MBA, JD, is the president of ELCnetworks, LLC., a technology and business development consulting firm with offices in Portland, Maine and Cambridge, Massachusetts. Her consulting projects have included business and tech analysis for startups and security consulting for U.S. government agencies. She is also a part-time Adjunct Professor in the computer science department at the University of Southern Maine teaching computer law and ethics, information security, and is working to establish a computer crimes clinic at Maine School of Law. Her academic background includes study of international law and policy at Carnegie Mellon University, Oxford University, and Tsinghua University (Beijing, China). Tiffany is also the organizer of HackME, a hacker space in Portland, Maine, and contributor to OpenOtto, an open source/free software car computer hacking project.

return to top

CSRF: Yeah, It Still Works

Mike "mckt" Bailey ASS
Russ McRee ASS

Bad News: CSRF is nasty, it's everywhere, and you can't stop it on the client side.

Good News: It can do neat things.

CSRF is likely amongst the lamest security bugs available, as far as "cool" bugs go.

In essence, the attack forces another user's browser to do something on your behalf.

If that user is an authenticated user or an administrator on a website, the attack can be used to escalate privilege.

We’ve identified an endless stream of applications, platforms, critical infrastructure devices, and even wormable hybrid attacks, many of which require little or no Javascript (XSS).

The key takeaway is this: a vulnerability that is so easily prevented can lead to absolute mayhem, particularly when bundled with other attacks. Worse still, identifying the attacker is even more difficult as the attack occurs in the context of the authenticated user.

The presentation will discuss a variety of attack scenarios, as well as suggested mitigation.

Mike "mckt" Bailey ASS, is a security researcher. He leads a small team of web application auditors and is the CISO for a smallish-but-fast-growing web development firm. He thinks writing policy is nice, but prefers breaking things to fixing them. Mike irregularly posts on his blog at skeptikal.org. The fragility of the web scares him.

Russ McRee, ASS, is a security analyst / researcher. As an advocate for a holistic approach to the practice of information assurance, Russ maintains holisticinfosec.org, where he conducts constant vulnerability and malware research. A frequent speaker at industry events, including FIRST and RAID , Russ also writes toolsmith, a monthly column for the ISSA Journal, and has written for numerous other publications including Information Security, (IN)SECURE, SysAdmin, and OWASP. Russ is listed as the 8th ranked vulnerability discoverer of 2008 by IBM ISS and 11th over-all by OSVDB.

return to top

Sniff Keystrokes With Lasers/Voltmeters - Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage

Andrea Barisani Chief Security Engineer, Inverse Path Ltd. Founder & Project Coordinator, oCERT
Daniele Bianco Hardware Hacker, Inverse Path Ltd.

TEMPEST attacks, exploiting Electro Magnetic emissions in order to gather data, are often mentioned by the security community, movies and wanna-be spies (or NSA employees we guess...).

While some expensive attacks, especially the ones against CRT/LCD monitors, have been fully researched and described, some others remain relatively unknown and haven't been fully (publicly) researched.

Following the overwhelming success of the SatNav Traffic Channel hijacking talk continue with the tradition of presenting cool and cheap hardware hacking projects.

We will exploring two unconventional approaches for remotely sniffing keystrokes on laptops and desktop computers. The only thing you need for successful attacks are either the electrical grid or a distant line of sight...and no expensive piece of equipment is required.

We will show in detail the two attacks and all the necessary instructions for setting up the equipment. As usual cool gear and videos are going to be featured in order to maximize the presentation.

Andrea Barisani is a security researcher and consultant. His professional career began 8 years ago but all really started when a Commodore-64 first arrived in his home when he was 10. Now, 17 years later, Andrea is having fun with large-scale IDS/Firewalls deployment and administration, forensic analysis, vulnerability assessment, penetration testing, security training and his Open Source projects. He eventually found that system and security administration are the only effective way to express his need for paranoia. Being an active member of the international Open Source and security community he's maintainer/author of the tenshi, ftester projects as well as the founder and project coordinator of the oCERT effort, the Open Source Computer Emergency Reponse Team.

He has been involved in the Gentoo project, being a member of the Gentoo Security and Infrastructure Teams, and the Open Source Security Testing Methodology Manual, becoming an ISECOM Core Team member. Outside the community he has been a security consultant for Italian firms and he's now the co-founder and Chief Security Engineer of Inverse Path Ltd.

He has been a speaker and trainer at PacSec, CanSecWest, BlackHat and DefCon conferences among many others, speaking about SatNav hacking, 0-days, LDAP and other pretty things.

Daniele Bianco is a system administrator and IT consultant. He began his professional career as a system administrator during his early years at university. His interest for centralized management and software integration in Open Source environments has focused his work on design and development of suitable R&D infrastructure.

For the time being Daniele is working as a consultant for Italian astrophysics research institutes, involving support for the design, development and the administration of IT infrastructure.

One of his hobbies has always been playing with hardware and recently he has been pointing his attention on in-car wireless and navigation systems. He's the resident Hardware Hacker for international consultancy Inverse Path Ltd. Daniele holds a Bachelor's degree in physics from University of Trieste.

return to top

The Middler 2.0: It's Not Just for Web Apps Anymore

Jay Beale Co-Founder, InGuardians, Inc.
Justin Searle Sr. Security Analyst, InGuardians

The Middler is a next-generation man-in-the-middle tool that takes the focus beyond the raw mechanics of the protocol on to the application itself. New for Def Con, it now can man in the middle Voice over IP (VoIP), producing the opportunity to interactively redirect calls, join them, or take them over. All of these effects join The Middler's goal of putting the victim into a kind of matrix by implementing man in the middle attacks specific to each web application. We've also added a graphical interface, allowing for interactive target selection based on information that The Middler gathers about potential victims. We've added more applications and enhanced the set of non-application specific capabilities, including easy session cloning, IFRAME injection and a Java script exploit library that can force the user into the Browser Exploitation Framework (BeEF) or a Metasploit exploit. This demo-filled talk will enhance your man in the middle powers just in time for one of the most hostile networks ever seen.

Jay Beale has created a number of security tools, including Bastille UNIX and the CIS Unix Scoring Tool, both of which are widely used throughout industry and government. He has served as an invited speaker at many industry and government conferences, a columnist for Information Security Magazine, SecurityPortal and SecurityFocus, and a contributor to nine books, including those in his Open Source Security Series and the "Stealing the Network" series. Jay works as a security analyst at InGuardians.

Justin Searle a Senior Security Analyst with InGuardians, specializes in security architecture and penetration testing. Previously, Justin served as the IT Security Architect for JetBlue Airways and has provided top-tier support for some of the largest supercomputers in the world. Justin has taught courses in hacking techniques, intrusion detection, forensics, and networking and has presented at a number of security conferences including DEF CON, ToorCon, Shmoocon, and SANS. In his spare time, he helps lead and develop several open source projects such as The Middler, SamuraiWTF, Yokoso! and Laudanum. Justin has an MBA in International Technology and holds several industry certifications.

return to top

A Low Cost Spying Quadrotor for Global security Applications Using Hacked Commercial Digital Camera

Antoine Gademer
Corentin Chéron

Accessing centimetric georeferenced images is crucial for local military or civil intelligence, reconnaissance and surveillance applications. When classical satellite or aerial imagery is not available the Unmanned Aircraft Systems (UAS) are often a very interesting solution. But having an operational UAS for spying operations implies to solve the following practical problems:

  • design and realize a reliable flying micro-UAS
  • develop efficient tools for real-time navigation to ensure that the UAS will cover all target points
  • merging all trajectory data for real-time georeferencing of high resolution imagery
  • design appropriate software for optimal data exploitation

We present in this article our practical solutions to these different points.

The first section starts by presenting our Vertical Take Off and Landing quadrotor solution. This quadrotor is highly maneuverable; practically any flying movement is possible by controlling the different motors rotation speeds. Like every small UAS, the quadrotor is very instable by nature, so it is very important to have an efficient embedded real time control. Then we comment the general functional scheme and emphasize of operational security. In particular, we explain why we decide to split inboard computations in two levels : the critical and the nominal levels. Then, we present some new model aircraft technologies that permits to realize an efficient quadrotor. Finally, we discuss about practical limitations like the dependence on the weather conditions and the endurance of the aircraft.

The following section presents our Head-Up Display solution which displays on the real-time embedded video the piloting data and navigation instructions like the direction of the following target point and the already covered zones. It also present how the UAS locate itself by merging numerous captor as a GPS, an INS, a barometer and a ultrasound system, and thus is able to navigate safely in its environment. Precise localization is vital for navigation and for efficient data exploitation.

In the third part we explain why digital cameras are the best compromise between weight, self-sufficiency in energy and data storage, optical quality and adequacy to imagery mission. Indeed, even if already integrated systems induce limited choice in term of image compression, optical parameters, acquisition rates or communication protocols, there are also very attractive ready-to-use systems with reasonable weight/size, good optical quality and internal data storage capacity (thus avoiding the image processing and transmission problem).

The last technological lock with on-the-shelf retail cameras is the ability to control them in real-time with limited computational resources. To achieve the reactivity and flexibility needed for professional imagery we need to do some reverse engineering on our camera to take full control on the power on/off, on the trigger and most importantly on the dating of the pictures. We will present the reasoning and the result we obtain in our case.

At last we will present how, with the trajectory and the precise dating of the picture, we are able to construct very quickly the georeferenced footprint database of the pictures and thus allow the user to navigate in the data few minutes after the data retrieving. The whole visualization and navigation is made in Google Earth by using smart usage of the KML format.

Antoine Gademer is a last year PhD student in the ATIS (Data and Signals Acquisition and Processing) laboratory at ESIEA Paris. He is obtained is ESIEA engineer's degree in 2005 and a Paris-Est University Geographic Information System's degree in 2006. He is specialized in aerial and satellite image processing and more recently in sensor integration.

Corentin Chéron is a last year graduate student in ESIEA engineering school. Is currently working in long term intership in the ATIS laboratory. He is passionate with aerospatial and embedded electronics. He has his flying model licence and is working on his private pilot licence ! The last two year he worked with Sebastien Monat on the Faucon Noir micro-UAV project.

return to top

Beckstrom's Law - A Model for Valuing Networks and Security

Rod Beckstrom

Beckstrom's Law is a new model or theorem of economics formulated by Rod Beckstrom. It purports to answer 'the decades old question of "how valuable is a network." It is granular and transactions based and can be used to value any network. It applies to any network: social networks, electronic networks, support groups and even the Internet as a whole. To read a white paper explaining the law and mathematics in detail, please see Economics of Networks. This new model values the network by looking from the edge of the network at all of the transactions conducted and the value added to each. It states that one way to contemplate the value the network adds to each transaction is to imagine the network being shut off and what the additional transactions costs or loss would be.

Beckstrom's Law differs from Metcalfe's law, Reed's law and other concepts that proposed that the value of a network was based purely on the size of the network, and in Metcalfe's law, one other variable.

Rod Beckstrom is the former Director of the National Cyber Security Center (NCSC) in the U.S. Department of Homeland Security where he reported to Secretary Michael Chertoff and Secretary Janet Napolitano, respectively. Rod co-authored The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations that presents a new model for analyzing organizations, leadership style and competitive strategy. He has co-authored three other books including one on Value at Risk (VAR), a fundamental theory of financial risk management now used to regulate banking globally. He has recently developed a new economic model for valuing technical and social networks, referred to as Beckstrom's law.

As an entrepreneur Rod started his first company when he was 24 in a garage apartment and subsequently grew it into a global enterprise with offices in New York, London, Tokyo, Geneva, Sydney, Palo Alto, Los Angeles and Hong Kong. The company, CATïS Software Inc., went public under Rod's leadership and was later sold. Nobel Laureates Myron Scholes and William F. Sharpe served on the company's boards of advisors and directors, respectively. Rod also co-founded Mergent Systems with Dr. Amos Barzilay and Assistant Professor Michael Genesereth of the Stanford Graduate School of Computer Science. Mergent was a pioneer in inferential database engines and was sold to Commerce One for $200 million. He also co-founded TWIKI.NET, a company offering service and support for an open source wiki and collaboration software system. From 1999 to 2001 Rod served as the Chairman of Privada, Inc. Privada was a pioneer in technology to enable private, anonymous and secure credit card transaction processing over the Internet.

Rod has helped to start numerous non-profit groups and initiatives. In 2003 he co-founded a peace network of CEO's which initiated Track II diplomatic efforts between India and Pakistan. This group took symbolic actions which led to opening the borders to citizens, trade and contributed to ending the most recent Indo-Pak war. He serves on the boards of the Environmental Defense Fund and the Jamii Bora Trust (micro-lending) in Africa.

Rod graduated from Stanford University with an MBA and a BA with Honors and Distinction. He served as Chairman of the Council of Presidents of the combined Stanford student body (ASSU) and was a Fulbright Scholar at the University of St. Gallen in Switzerland.

return to top

Robot Shark Laser! What Hackerspaces Do

Beth FreeSide, dc404 and KaosTheory Security Research
Noid BlackLodge
Nick Farr HacDC
Leigh Honeywell HackLab
Steve Clement Syn2cat

Ever wonder what they mean by 'Fight Club for Nerds'? Do you daydream about what you could do if you had an underground lab and minions or a workshop and helpers? Have you considered all the ways to incorporate lasers into your life? Are you sure about that? Come see what the evil geniuses at HackerSpaces far and wide have built and how.

This panel of diverse hackerspace members, will show you step by step how they built their favorite projects, including video and live demos, and Q & A.

Beth Beth is a Co-Conspirator at KnowThreat, and is a founding member of dc404, kaosTheory security research, and FreeSide, Atlanta's HackerSpace. Beth has been doing security research, abuse and fraud prevention and analysis for years. She is very interested in privacy and security education and technology legislation. Beth has pieces of paper saying she is certifiable regarding certain bodies of knowledge, but swears she has no knowledge of where the bodies are.

Noid has been involved with computers for over 20 years. Noid began playing with computers at the age of 10, operating a BBS out of his parents house. Ever since then noid has taken an interest in how technology works and the security aspects relating to its use. noid is one of the organizers of DEF CON, LayerOne, and is a founding member of the Black Lodge, a hackerspace operating in Washington state. noid has spoken on security topics and privacy issues for the Association of Internet Professionals, Microsoft, the University of California at Irvine, and at Cisco. noid is fascinated by fire, dangerous with tools, and curious about this emotion you humans call love.

Nick Farr is a Financial Accountant based in Washington, DC. Over the past two years, he has worked for the US Treasury Department and the global consultancy McKinsey & Co. Currently, he's helping NGOs and local businesses apply open source and collaborative methods to their work in the hopes of building a more distributed, sustainable economy. He co-founded his local hackerspace, HacDC and plays an active role in the global hackerspace movement. He holds a degree in Social Science from the University of Michigan and a Master's Degree in Business Administration from Grand Valley State University.

Leigh Honeywell is a jane of many trades. By day she works at a major security vendor while finishing up a degree at the University of Toronto. By night (and sometimes over lunch) she is a co-founder and director of HackLab.TO, Toronto's hacker space. She also serves on the board of advisors of the SECtor security conference, is a Google Summer of Code mentor, as well as an avid cyclist, book nerd, and traveller.

Steve Clement started Hacking on a super fast C64 cassette deck computer at the age of 10, swiftly fell into the BBS hole, just to discover that Hacking is a Way of Life and a philosophy you ought to bring to others. In his spare time he experiments with all kinds of electronics, builds up HackerSpaces and tries to bring artists and hackers together to collaborate in a Graffiti Research Lab. Currently, Steve is working as a Security Consultant for the Luxembourgish government on an IT Security Awareness Program for kids and implements his technical knowledge with social trends to provide the best possible way to positively influence their cyber habits.

return to top

Hijacking Web 2.0 Sites with SSLstrip--Hands-on Training

Sam Bowne Instructor, City College San Francisco, Computer Networking and Information Technology Department

Many Websites mix secure and insecure content on the same page, like Facebook. This makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike's new SSLstrip tool. First I will give a brief explanation and demonstration of the technique, and then I will help audience members set up the attack themselves on their own laptops. Detailed instructions and all required software will be provided. Audience members should bring a laptop computer to participate in the hands-on training.

Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEF CON and Toorcon on Ethical Hacking, and taught classes and seminars at many other schools and teaching conferences.

He has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign. His Industry Certifications are: Certified Ethical Hacker, Microsoft: MCP, MCDST, MCTS: Vista; Network+, Security+, Certified Fiber Optic Technician.

return to top

Design and Implementation of a Quantum True Random Number Generator

Sean Boyce Security Researcher

The problem of generating "reasonable" approximations to random numbers has been solved quite some time ago... but this talk is not for reasonable people. Generating true random numbers with a deterministic system is impossible; and so we must drink deeply from the raw, godless chaos of quantum physics.

This talk will cover the various pitfalls of quantum true random number generator construction, including bias, statistical relatedness between bits, and unpleasant supply voltages. A working reference design that overcomes these hurdles will be described, and barring major disaster, demonstrated. Notably, this design contains a custom, fully solid-state particle detector that may be constructed for around USD 20$.

To benefit the most from this lecture, a very basic knowledge of statistics, particle physics, and/or analog electronics is ideal; however enough background will be provided that this will not be strictly necessary. If in doubt, the Wikipedia articles on quantum tunneling, alpha particle, normal distribution, operational amplifier, and hardware random number generator should provide more than sufficient background. Demo

Sean Boyce is a founding member of Foulab (www.foulab.org), the Montreal hackerspace, and holds a MSc in Renewable Resources. He studies tree diseases, and enjoys statistics. He has lived in a swamp for months, has genetically modified organisms twice, and has never taken a course in computers or engineering in his life. He only codes in assembly language, and to the best of his knowledge, is incapable of perceiving boredom. His next project is to start a custom flex-PCB printing business (Legion Heavy Industries) to cater to small orders from hobbyists and academia.

return to top

BitTorrent Hacks

Michael Brooks
David Aslanian

This is the journey of two pirates hacking BitTorrent. This talk will cover ways of abusing the BitTorrent protocol, finding vulnerabilities in BitTorrent clients and exploiting them. We will also cover counter measures to these attacks.

Michael Brooks is a hacker, Michael finds new vulnerabilities and writes exploit code: http://milw0rm.com/author/677

Michael hacks for the challenge. Michael loves that intimate battle between hacker and developer played on the field of logic. Michael likes mastering a new method of exploitation and finding his own. Michael believes that All software is vulnerable, you just have to look hard enough.

David Aslanian does QA and development for Software Development Alternatives, a small avionics software company. Some people dream of being test pilots, but he tests airplanes without ever getting in the cockpit! When he is not at work certifying software for flight, he loves to run Ubuntu and tinker with electronics. He also pursues interests in software testing methodology, p2p networks, sci-fi books and electronic music. He is a proud pirate who got a DMCA compliant earlier this year - but that doesn't stop him from continuing to use BitTorrent to get his fix (someone must have hacked my wifi and downloaded Fallout 3, I swear!)

return to top

Old Skool Brought Back: A 1964 Modem Demo

K.C. Budd "Phreakmonkey" Security Researcher
Taylor Banks "Dr Kaos" Security Researcher

Eighteen years ago I was given a curious device: An Acoustic Coupled modem in a wooden box. I've kept it over the years and recently rediscovered it. Thanks to the recent invention of the web, I am now able to discover something about its history; I may have the oldest working modem on the planet! At this talk I will not only show you the modem, but also demonstrate its operation. Come along for a journey 45 years back to the beginning of digital telecommunications!

K.C. Budd (phreakmonkey) is a computer hacker, security researcher, and general all around tinkerer. When he's not discovering archaic computer hardware in his basement he enjoys general aviation, urban exploration, and photography. As a child, K.C. was an avid BBS user and owned 300, 1200, and 2400 baud modems. K.C. has worked in the security industry since 1996 and attended DEF CON since DEF CON 6 at the Plaza.

Taylor Banks (aka dr.kaos) is a security evangelist and privacy pundit with over 15 years in the information technology industry, the last decade focused almost exclusively on information security and privacy. Since 1998, he has been designing, implementing, teaching and managing secure information systems for Federal Government, US Military, private universities and public companies, from start-ups to Fortune 100. Taylor, is also the PoC for the Atlanta DEF CON Group (DC404), and in 2005 founded "kaos theory security research," creators of the Anonym.OS LiveCD.

return to top

Hadoop: Apache's Open Source Implementation of Google's MapReduce Framework

Joey Calca Hacked Existence Team
Ryan Anguiano Hacked Existence Team

This presentation will begin with a brief overview of Google's Map/Reduce Framework. Map/Reduce is built to analyze extremely large datasets. We will first look at what a Mapper and Reducer are, the inputs they take and the outputs they generate. From there, we will look at the open source java based implementation of the Map/Reduce Framework by the Apache Team's Hadoop Project. Since Hadoop is Java based, we will then look at using the Hadoop framework in order to build Mappers and Reducers in Python, as well as running Mappers written in the AWK scripting language. A brief comparison of compile times and efficiencies between the three will be shown, as well as the results from running our code on ASU's Saguaro Cluster. After that, we will brush over HBase, the Hadoop equivalent to Google's BigTable, a non-relational database for Map/Reduce. Finally, we will look at some demo code, including a machine learning algorithm based on the Netflix Prize Dataset, a 2 gigabyte dataset of movie ratings from the Netflix Database.

Also, we will not present on, but will include source code from different team's projects, including Map/Reduce programs for image analysis and recognition, analyzing air traffic data, analyzing package delivery systems for use with swarm theory and a Map/Reduce program that analyzes patterns in large literature as a response to "The Bible Code", most of which use public datasets as inputs.

Joey Calca is a member of the Hacked Existence Team. He is a recent graduate from Arizona State University with a Business Degree in Computer Information Systems and a background in Computer Systems Engineering. He has done various consulting projects including the design and implementation of large scale multimedia delivery systems, and is currently pursuing Cloud Computing as the next big technology boom.

Ryan Anguiano is a member of the Hacked Existence team. He is also a web application developer employed by The Forum Agency (theforumagency.com), having over 7 years of experience in the industry. Ryan is currently an undergraduate student at ASU, and is leading the web development team for MH+L Magazine (mhlmag.com).

return to top

Computer and Internet Security Law - A Year in Review 2008 - 2009

Robert Clark Attorney

This presentation reviews the important prosecutions, precedents and legal opinions of the last year that affect internet and computer security. We will discuss the differences between legal decisions from criminal cases and civil lawsuits and what that means to the security professional. This presentation is strongly audience driven and it quickly becomes an open forum for questions and debate. This year the past key precedents have involved: the Fifth Amendment and passphrases to an encrypted hard drive (UPDATE- the case is in and Government wins appeal. The Defendant MUST produce an unencrypted hard drive to the grand jury!!!); Fourth Amendment searches; Pirate Bay prosecution in Sweden; use of CFAA in civil cases against departing employees and trade secrets; forensics and use of metadata; FTC injunction against CyberSpy software and its RemoteSpy; reverse engineering; Facebook and privacy rights; and, a case of forensics to support a default judgment (no actual trial) against a party that used several file deletion programs to hide and delete evidence.

Robert Clark is a cyber lawyer and is the previous counsel for the Army Computer Emergency Response Team, Navy CIO and some other CERT operations. In these positions he has advised on all aspect of computer operations and security. He consults regularly with DoJ Computer Crime and Intellectual Property Section and National Security Division; DoD, NSA, and other agencies involved in cybersecurity. He is a past lecturer at Defcon and lectures at Black Hat, the Army's Intelligence Law Conference and at the DoD's Cybercrimes Conference.

return to top

De Gustibus, or Hacking your Tastebuds

Sandy Clark "Mouse" University of Pennsylvania

Do you geek out over food? Do you rave over a particular vintage? Do you get into fights about relative merits of belgain vs. swiss chocolatiers? Know the difference between a Gourmet and a Gourmand? Ever done a real chocolate tasting? Wondered what's the big deal with food/wine parings? Ever tried Miracle Fruit? Like any other electrical/chemical machine the body can be hacked and that includes the tastebuds. Let's discuss taste, and then let's taste stuff! For a small fee ( < $2.00) you can choose to take part in a food/wine paring, A blind chocolate tasting (rating forms, will be provided, see how you compare to the experts) or experiment with Miracle Fruit (along with many things to try it out on), Real Vintage Balsamic Vinegar (like syrup) - Also feel free to bring something you've discovered and want others to try.

Sandy Clark (Mouse) has been taking things apart since the age of two, and still hasn't learned to put them back together. That includes playing with her food. She has been known to starve rather than eat bad food, and spends way too much time exploring new flavors. An active member of the Hacker community, her professional work includes an Air Force Flight Control Computer, a simulator for NASA and singing at Carnegie Hall. She is currently fulfilling a childhood dream, pursuing a Ph.D. in C.S. at the University of Pennsylvania. A founding member of Toool-USA, she also enjoys puzzles, toys, Mao (the card game), and anything that involves night vision goggles. Her research explores human scale security and the unexpected ways that systems interact.

return to top

Confidence Game Theater

Cough Security Researcher

This presentation will include a brief discussion of the history, nature, and basic principles behind Confidence Games. For the bulk of the presentation we will be acting out some Confidence Games in skit form.

Cough is an amateur historian with a strong interest in crimes of deception.

return to top

Lockpicking Forensics


Lockpicking is portrayed as the ultimate entry method. Undetectable and instantaneous as far as films are concerned. Nothing is further from the truth, but freely available information on the topic is nearly impossible to find. This talk will focus on the small but powerful fragments of evidence left by various forms of bypass, lockpicking, and impressioning. Attendees will learn how to distinguish tool marks from normal wear and tear, identify the specific techniques and tools used, and understand the process of forensic locksmithing in detail.

Datagram is a prime example of what the combination of cinnamon rolls, pizza, assembly, and lockpicking do to a person. When not eating, lockpicking, or programming, he is generally asleep, or otherwise unconscious. Despite constant hate mail and threatening voice mails, he continues to speak at conferences, yell at small children, and write bad biographies.

return to top

Death of Anonymous Travel

Sherri Davidoff Philosecurity

Worldwide, people who use cars, buses, trains, and carry cell phones are tracked in increasingly centralized corporate and government databases. This capability is still in its infancy, and has been facilitated by payment systems which are linked to identification and refer to centralized electronic databases.

Mass tracking and surveillance capabilities have arisen organically, often as side effects of new technologies, and are being increasingly leveraged by government and law enforcement in the name of national security. For security purposes, the public is generally not provided with detailed information about the management and use of mass surveillance systems.

As a result, relatively small groups are able to track and control the movements of average citizens around the world, every minute of every day. These systems are opaque, not well documented, publicized or regulated.

The purpose of this presentation is to:

  • Collate and disseminate information about current known travel monitoring practices;
  • Discuss technical and social solutions for maintaining personal privacy and the freedom to assemble;
  • Encourage greater transparency and public control over data collection and use.

The presentation will include a Touch-and-Feel Fare Collection table, where attendees can browse the speaker's historical collection of automobile, coach, subway, telephone, and airline fares/tokens/passes. Attendees are welcome to non-destructively analyze electronic devices with magstripe/RFID readers and other tools.

Sherri Davidoff is a professional security consultant, researcher and writer. She conducts penetration tests, network assessments and forensics for a wide variety of industries, including financial, health care, manufacturing, academic, and government institutions. She has conducted extensive research on privacy and the effects of technology on anonymous travel and communications, and she is the co-author of SANS 558: Network Forensics. Sherri publishes weekly articles on Philosecurity.org

return to top

Unfair Use - Speculations on the Future of Piracy

Dead Addict

Piracy has always been a sophisticated, if not chaotically organized effort - from acquisition, packaging, distribution, risk analysis and managing criminal volunteers.

Piracy has moved from software, to all mediums - books, comic books, knitting patterns, video medium of all kinds. Despite distinctions in types of piracy, there are evolutionary measures that need to take place to address a number of challenges. Between malware codecs, root-kitted software, attempts to flood distribution networks with bad information, and other attacks, there are problems to be solved.

The future will involve distributed architectures, data integrity measures, reputation management via digital signatures, and standardization of metadata.

I will discuss the state of piracy, and touch as need on its past, then discussing future technologies to address current and upcoming challenges.

This talk will not spend time discussing the law or ethics, although the distinction between piracy and bootlegging will be made.

Eye patches optional.

Dead Addict gave a talk at Defcon 2 about the future of piracy and predicted the obvious; music piracy was about to explode and become ubiquitous. When he gave his first speech his in-depth knowledge of piracy was fresh - he had been a senior member in a piracy group and understood the world intimately. It's been several years since Dead Addict's last copyright infringement, so his current insight is gleaned through meticulous study and review of public papers and interviews with admitted pirates.

return to top

DEF CON 1 - A Personal Account

Dead Addict

As time slips away, so do the memories of cons past.

In this talk I'm going to talk about DC1, its planning, execution, components, and challenges.

I'll give snippets of seemingly practical advise; don't design T-shirts with lots of dense text on the back, no matter how clever. I'll discuss of obvious misjudgments; don't invite both the prosecutor and the subject of an active prosecution without warning the parties. I'll also have some minor show and tell: first badge, first T-shirt copies of DC1 tapes, sketch of original DC1 logo.

With luck some old DC1 speakers will show up as well.

Dead Addict first started writing bio's 16 years ago. his first bio alluded to crimes he had recently committed, and not much else - he was but a teenager at the time. more recent bio's have confessed to many years serving multinational corporations. he has been attempting to write clever and witty bio's for almost two decades, unfortunately consistently falling short.

return to top

AAPL- Automated Analog Telephone Logging

Da Beave Security Researcher
JFalcon Security Researcher

Since 1983 when Hollywood introduced "Wardialing" to the public, there has been little change in the methods involved. While some pieces of hardware attempted to take it beyond what was essentially a telephonic "ping" scan, the methods and technology didn't maintain that momentum. However, thanks to modern computing and open source software tools, we are now able to cartograph an entire phone exchange in one pass while discerning voice, tones, faxes and modems. With some creative processing, it might be taken even farther into speech recognition

Da Beave (Champ Clark III) is one of the founding members of the VoIP hobbyist group "Telephreak." He also co-authored Asterisk Hacking and brought the OpenVMS Deathrow Cluster into existence. He is currently employed with Softwink, Inc., which specializes in security monitoring within the financial industry. Da Beave has authored various security utilities including iWar, tscan/dscan (X.25), and others.

JFalcon has been involved in the scene for almost two decades. He also has the claim to fame of being the first federally convicted computer hacker in the State of Alaska during Operation: Sundevil (1991-1995). Since his release in 1996, he has professionally consulted businesses and business executives in their own security needs along with being a senior system administrator to Fortune 500 companies and U.S. government agencies. Currently, JFalcon maintains his passion for finding unique solutions to today's problems by studying the past, from running his own hybrid BBS system to see how it could compete with social network websites to designing his own robotic antenna controls for his radio gear to studying people's real experiments into hydrogen fuels. He currently calls Seattle his home.

return to top

Macsploitation with Metasploit

Dino Dai Zovi

While Metasploit has had a number of Mac exploits for several years, the exploit payloads available have done little more than give a remote shell. These payloads are significantly simpler than the DLL-injection based payloads for Windows-based targets like the Meterpreter and VNC Inject payloads. This talk will cover the development and use of the fancier Metasploit Mac payloads developed by Dino Dai Zovi (the presenter) and Charlie Miller, including bundle injection, iSight photo capture, and Macterpreter.

Dino Dai Zovi is an information security professional, researcher, and author. Mr. Dai Zovi has been working in information security for over 8 years with experience in red teaming, penetration testing, and software security assessments at Sandia National Laboratories, @stake, Bloomberg, and Matasano Security. He is currently the Chief Scientist at a private information security firm.

As an independent researcher, he is a regular speaker at industry, academic, and hacker security conferences including presentations of his research on hardware virtualization assisted rootkits using Intel VT-x, the KARMA wireless client security assessment toolkit, and offensive security techniques at international IT security conferences including BlackHat USA, CanSecWest, and DEF CON. He is a co-author of both "The Mac Hacker's Handbook" and “The Art of Software Security Testing”. He is perhaps best known in the security and Mac communities for discovering the vulnerability and writing the exploit to win the first PWN2OWN contest at CanSecWest 2007.

return to top

Who Invented the Proximity Card?

Michael L. Davis

Who invented the first Proximity Card System? And what security company dismissed it as a mere magician's trick? And what does this have to do with goldfish? Stop by and take a trip down memory lane as we explore the history of a prolific inventor who was one of the founding fathers of the physical security industry. (Hint: This person was a musician with perfect pitch whose first patent was for an automatic garage door opener.)

Michael L. Davis is a veteran of the physical security industry since 1978 and has worked for a various companies including a company that built PDP 11-based access control systems to secure nuclear power plants, an access control card manufacturer that specializes in legacy card technologies including some of the first RFID credentials, and several other security industry manufacturers including panel and reader manufacturers.

His first computer was a Digi-Comp 1 toy computer made from plastic that was programmed with straws and had a 3-bit capacity (see http://en.wikipedia.org/wiki/Digi-Comp_I ) that he won on a kid's TV show called Wonderama with Sonny Fox. His second personal computer was a surplus IBM 1620 (see http://en.wikipedia.org/wiki/IBM_1620 ), a BCD-based computer that used punched cards and core memory which he was forced to scrap because he couldn't afford to pay its electric bills.

Nowadays, Michael works in the Intellectual Property Department of a major security product manufacturer playing in the patent world.

return to top

Con Kung-Fu: Defending Yourself @ DEF CON

Rob "Padre" DeGulielmo

After the authors laptop fell victim to a slick redirection technique and subsequent malicious .lzm injection and MBR Trojan infiltration during DEF CON 16 he thought it would be interesting to talk about the episode (besides, his psychotherapist recommended it), and give new con-goers some tips and tricks to help them avoid the same fate. We will see a demonstration of a typical wireless subversion, and will learn how to avoid it. This talk should give attendees some interesting tools to play with while they are at con, while allowing their laptops to go unhacked for 5 minutes.

Rob has been working in IT for 14 years and specifically network security for the past 7 years. He has worked at Cisco Systems, as a private consultant, and now directs security at a company in the NorthEast. Network exploration, beer, and long walks on the beach are his favorite. This is Rob's 5th DefCon.

return to top

Packing and the Friendly Skies (Why Transporting your Firearms may be the best way to Safeguard your Tech when you Fly)

Deviant Ollam Unicorn Phrenologist

Many of us attend cons and other events which involve the transportation of computers, photography equipment, or other expensive tech in our bags. If our destination if far-flung, often air travel is involved... this almost always means being separated from our luggage for extended periods of time and entrusting its care to a litany of individuals with questionable ethics and training.

After a particularly horrible episode of baggage pilferage and equipment theft, I made the decision to never again fly with an unlocked bag. However, all "TSA compliant" locks tend to be rather awful and provide little to no real security. It was for this reason that I now choose to fly with firearms at all times. Federal law allows me (in fact, it REQUIRES me) to lock my luggage with proper padlocks and does not permit any airport staffer to open my bags once they have left my possession.

In this talk, I will summarize the relevant laws and policies concerning travel with firearms. It's easier than you think, often adds little to no extra time to your schedule (indeed, it can EXPEDITE the check-in process sometimes), and is in my opinion the best way to prevent tampering and theft of bags during air travel.

Deviant Ollam While paying the bills as a network engineer and security consultant, Deviant Ollam's first and strongest love has always been teaching. A graduate of the New Jersey Institute of Technology's "Science, Technology, & Society" program, he is always fascinated by the interplay that connects human values and social trends to developments in the technical world. A member of the Board of Directors of the US division of TOOOL (The Open Organization of Lockpickers) Deviant runs the Lockpicking Village at DEF CON and ShmooCon. A fanatical supporter of First Amendment rights who believes that the best way to increase security is to publicly disclose vulnerabilities, Deviant has conducted lockpick training sessions at Black Hat, ToorCon, HOPE, HackCon, ShakaCon, HackInTheBox, SecTor, CanSecWest, and has even had the honor of lecturing the cadets at the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.

Sharepoint 2007 Knowledge Network Exposed


Microsoft released a free add on to Microsoft Sharepoint Server 2007 called the Knowledge Network. At the time it seemed like an entry in the Total Information Awareness initiative, though it was never called that in any official form. This talk will dissect the features offered by the Knowledge Network and offer speculations as to what Microsoft might have running already.

Digividual has 15 years experience developing software on a variety of platforms and frameworks. Lately he has been busy trying to build castles in clouds.

return to top

Socially Owned in the Cloud


This talk will present a survey of the most popular cloud/web applications and their responses to a questioner regarding their data retention, data ownership, their commercial use of the data they have harvested. Furthermore it will explore their data retention following a death. What happens if a provider company goes bankrupt?

Digividual has 15 years experience developing software on a variety of platforms and frameworks. Lately he has been busy trying to build castles in clouds.

return to top

Why Tor is Slow, and What We're Doing About It

Roger Dingledine

Many of you have probably tried Tor, and then stopped because you found it too slow. Now that Tor has several hundred thousand users, our original design decisions are showing their age. We need to figure out and deploy some major changes if we want the Tor network to scale up to the million-user mark.

Problem #1 is that Tor's congestion control does not work well. We need to come up with ways to let "quiet" streams like web browsing co-exist better with "loud" streams like bulk transfer. Problem #2 is that some Tor users simply put too much traffic onto the network relative to the amount they contribute, so we need to work on ways to limit the effects of those users and/or provide priority to the other users. Problem #3 is that the Tor network simply doesn't have enough capacity to handle all the users that want privacy on the Internet. We need to develop strategies for increasing the overall community of relays, and consider introducing incentives to make the network more self-sustaining.

In this talk I'll walk through these problems and more: why we think these are the right problems to solve, and how we're solving them.

Roger Dingledine is project leader for The Tor Project. The Tor network has grown to over 1500 relays handling traffic for hundreds of thousands of users daily. In the past few years The Tor Project has also gotten an increasingly diverse set of funders, become an official 501c3 nonprofit, and expanded its community of both volunteer and funded developers.

In addition to all the hats he wears for Tor, Roger organizes academic conferences on anonymity and security, speaks at industry and hacker cons, and does tutorials on anonymity for national and foreign law enforcement.

return to top

Attacking SMS. It's No Longer Your BFF

Brandon Dixon Information Systems Security Engineer at G2, Inc.

It's the year 2009 and spam mail is still taking up a huge percentage of all email sent everyday over the Internet. Could you imagine that same messaging spam making a detour through your favorite cellular provider gateway and right to your SMS inbox? Mobile spam has not reached the same popularity as email spam, but what if it was as easy as submitting a form to spam thousands of people?

Research was done on several messaging services and implementations to identify vulnerabilities to exploit. The end result to the research was that the idea of mobile spam was easily a reality using Jabber/XMPP and some techniques already put in place by multiple vendors. This talk will conclude with a proof-of-concept web application demo that demonstrates the techniques and issues mentioned as well as thoughts for solving the next generation of spam. Expect to walk away with a new look on mobile spam and the damage that could be done just by pressing submit.

Brandon Dixon is an Information Systems Security Engineer for G2, Inc. He has experience leading research into web services security, XML firewall configuration, and access control models in a service oriented architecture. Brandon has discovered numerous unpublished exploits based on vulnerabilities found in commercial products, web applications and messaging technologies. Additionally, Brandon actively participates in security research both on his own and with groups around the world, primarily with the focus of web application and core device vulnerability testing/discovery.

return to top

MSF Telephony


An important attack vector missing in many penetration testing and attack tools available today is the tried-and-true telephony dial-up. With the recent surge in popularity of VoIP connectivity, accessing such attack vectors has become both cheap and easy. Using the new Metasploit telephony components, users are now able to both scan for and dial up directly to telephony-accessible exploitation targets.

I)ruid: Over the years Dustin has been involved with many security community projects such as design and development of Sender Policy Framework (SPF) for e-mail (RFC 4408) and contributing as a core developer for the Metasploit Project. Dustin has also released numerous security tools such as the infamous PageIt! mass-paging application, the hcraft HTTP exploit-crafting framework, and the SteganRTP VoIP steganography tool. He regularly releases vulnerability and exploit advisories, speaks at security related events and conferences, and is on the Technical Advisory Board of the Voice over IP Security Alliance (VoIPSA).

Prior to joining BreakingPoint, Dustin performed VoIP security research for TippingPoint as well as founded the VIPER Lab vulnerability research group at Sipera Systems. Before Sipera, I)ruid was a Security Researcher for Citadel Security Software (acquired by McAfee) responsible for vulnerability analysis, research, and remediation within the scope of the Linux, Solaris, AIX, and HP/UX platforms.

You can find a list of his previous speaking engagements here:

return to top

Personal Survival Preparedness

Steve Dunker Associate Professor, Northeastern State University
Kristie Dunker The Swag Assistant

When the sewage hits the oscillating blades of death, will you be ready? A Las Vegas Survival Scenario will be presented to the audience at the start of the lecture. This talk will concentrate on disaster preparedness at the individual and/or family level. General overall preparedness will be covered as well as specific disasters such as terrorism, epidemic, nuclear, technical, and natural catastrophes. At the end of lecture the scenario answer will be given. Be ready to test yourself against your Defcon brethren and the denizens of Las Vegas--- will you survive the high mortality rate?

Steve Dunker is an Associate Professor of Criminal Justice and Homeland Security at Northeastern State University. He has had previous careers as a Police Detective, Park Ranger, and Emergency Medical Technician.

return to top

Advanced MySQL Exploitation

Muhaimin Dzulfakar Security Consultant, security-assessment.com

This talk focuses on how MySQL SQL injection vulnerabilities can be used to gain remote code execution on the LAMP and WAMP environments. Attackers performing SQL injection on a MySQL platform must deal with several limitations and constraints. For example, the lack of multiple statements in one query makes MySQL an unpopular platform for remote code execution compared to other platforms. This talk will show that arbitrary code execution is possible on the MySQL platform and explain the techniques. In this presentation, the author will release a new tool titled MySqloit. This tool can be integrated with metasploit and is able to upload and execute shellcodes using a SQL Injection vulnerability in LAMP or WAMP environments.

Muhaimin Dzulfakar is a Security Consultant for Security-Assessment.com, located in Wellington, New Zealand. His primary duties include network and application penetration testing. Muhaimin Dzulfakar has a bachelor degree in Software Engineering from Multimedia University, Kuala Lumpur where he developed his own Intrusion Detection System. His research interests include exploit development methods and post exploitation process.

return to top

30k Feet Look at WiFi

Luiz "effffn" Eduardo

Although inflight wee-fee service is really nothing new... (some airlines have had it for a while, some even already gave-up on the service), in the past year it's got some traction again with the release of the service by some airlines in the US and some other countries. The talk will cover things like wi-fi infrastructure, auth stuff, spectrum analysis, protection mechanisms (if any), general usage, user device types and uplink technology that actually makes the user hit the "tubes". Data collected a few years ago in flights using older technologies, as well as data collected in newer ones and the possible use of tools available will be discussed.

Luiz "effffn" Eduardo has been working with infosec for a while, mostly dedicated to wireless security, protocol fuzzing and computer incident response in the past few years. He is somewhat known in the scene for planning, implementing and supporting wireless networks in some of your favorite hacker conferences. He's one of DefCon networking team goons and has spoken previously at Shmoocon, DefCon, Toorcon, Hack in the Box Malaysia and other cons. Luiz currently holds the following certifications: CISSP, CWNE, CEH, GCIH and GISP, and has probably being able to get them due to long flights around the globe and flight delays in airports. LE is one of the organizers of the Brazilian infosec conference "you sh0t the sheriff".

return to top

Using Guided Missiles in Drive-Bys: Automatic browser fingerprinting and exploitation with Metasploit

Egypt Core Developer, Metasploit Project

The blackhat community has been using client-side exploits for several years now. Multiple commercial suites exist for turning webservers into malware distribution centers. Unfortunately for the pentester, acquiring these tools requires sending money to countries with no extradition treaties, taking deployed packs from compromised webservers, or other acts of questionable legality. To ease this burden the Metasploit Project will present an extensible browser exploitation platform integrated into the metasploit framework.

egypt has been a core developer for the Metasploit Project since April 2008 and a user of the framework since discovering its existence in 2004. He is also a member of Attack Research, a group of people dedicated to the in-depth understanding of computer based attacks.

Recently, egypt founded Teardrop Security, a consulting company specializing in penetration testing, vulnerability research, and reverse engineering.

return to top

Hello, My Name is /hostname/

Endgrain Student of computer science at the University of Southern Maine
Tiffany Rad Part-time Professor, Computer Science Department, University of Southern Maine
Dan Kaminsky Director of Pen Testing, IOActive

It is widely known that MAC addresses are spoofable, however many access control models rely on them to uniquely identify devices. When host names are set to be user's real names and are broadcast to the Internet and accessible with reverse DNS lookups, everybody on the Internet, with no work, knows exactly who you are. You can't do medical research without saying JANE PHILLIPS IS CURIOUS ABOUT PREGNANCY and you can't study the effects of marijuana without TOM STEVENS IS READING UP ON SMOKING OUT. We will discuss the technical, legal, and ethical implications of transparency of identity online versus the war on combating piracy and how it pressures IT departments to design and maintain systems with these fallacies.

Endgrain is a Computer Science student from the University of Southern Maine. He has been involved in information security for almost 10 years. Some of his areas of interest include reverse engineering of software, web application pen-testing, and access control design.

Tiffany Strauchs Rad, MA, MBA, JD, is the President of ELCnetworks, LLC., a technology, law, and business development consulting firm. She is a part-time Adjunct Professor in the computer science department at the University of Southern Maine teaching computer law and ethics, information security, and is working to establish a computer crimes clinic at Maine School of Law. Tiffany is also the co-founder of the OpenOtto car hacking project, organizer of HackME (hacker space in Portland, Maine), and has presented at Hackers on Planet Earth (HOPE) and Pumpcon.

Dan Kaminsky has been operating professionally in the security space since 1999. He is best known for his "Black Ops" series of talks at the well-respected Black Hat Briefings conferences. Dan is one of few individuals in the world to combine technical expertise with executive-level consulting skills and prowess. Dan focuses on design-level fault analysis, particularly against massive-scale network applications. Dan regularly collects detailed data on the health of the worldwide Internet, and recently used this data to detect the proliferation of a major rootkit.

return to top

Runtime Kernel Patching on Mac OS X

Bosse Eriksson Security Researcher, Bitsec

Runtime kernel patching has been around for almost ten years and is a technique frequently used by various rootkits to subvert the kernel's used in many modern operating systems.

This technique does not require any types of kernel modules or extensions and will allow you to hide various things like processes, files, folders and network connections by modifying the kernel's memory directly. It will also allow you to place various backdoors in the kernel for privilege escalation.

This talk will discuss runtime kernel patching on Apple's operating system Mac OS X and the XNU kernel. We will cover some rootkit basics as well as some Mac OS X specific 'features' which will facilitate our journey into the deepest parts of the darwin operating system and the XNU kernel.

As a bonus we will also show some basic methods for rootkit detection on Mac OS X that will aid you in the process of detecting rootkits that utilize runtime kernel patching to stay hidden.

Bosse Eriksson has been involved in various security related projects over the past years and has recently been published in Phrack Magazine. He enjoys finding vulnerabilities in various software as well as writing exploits for them, recently focusing on Mac OS X and it's related vulnerabilities. Bosse is currently employed as a security researcher at the Swedish based security company Bitsec where he performs penetration tests, exploit development and vulnerability research.

return to top

Hacking the Apple TV and Where your Forensic Data Lives

Kevin Estis Security Researcher
Randy Robbins Security Researcher

This is a primer for both newbie Apple TV hackers and digital forensics investigators. The intent of the presentation is to show how easy it is to modify an Apple TV to run 3rd-party applications and also point out where the Apple TV tracks your activities (including files played, applications installed, and connected networks).

Kevin Estis has over 17 years experience in finding bad people on good networks...and vice-versa. His Master's project in Digital Forensics was on Apple TV forensics so that he could convince he wife that an Apple TV would be put to good use. Since then he's broken and fixed the Apple TV more times than he can count.

Randy Robbins has many years of experience in IT Security and breaking stuff. Armed with a Master's Degree in Digital Forensics, he is working to spread the knowledge of secure computing to whomever will listen to his rantings.

return to top

Social Zombies: Your Friends Want to Eat Your Brains

Tom Eston Social Media Security Researcher
Kevin Johnson Senior Security Analyst, InGuardians

In Social Zombies: Your Friends want to eat Your Brains, Tom Eston and Kevin Johnson explore the various concerns related to malware delivery through social network sites. Ignoring the FUD and confusion being sowed today, this presentation will examine the risks and then present tools that can be used to exploit these issues.

This presentation begins by discussing how social networks work and the various privacy and security concerns that are caused by the trust mass that is social networks. We use this privacy confusion to exploit members and their companies during our penetration tests.

The presentation then discusses typical botnets and bot programs. Both the delivery of this malware through social networks and the use of these social networks as command and control channels will be examined.

Tom and Kevin next explore the use of browser-based bots and their delivery through custom social network applications and content. This research expands upon previous work by researchers such as Wade Alcorn and GNUCitizen and takes it into new C&C directions.

Finally, the information available through the social network APIs is explored using the bot delivery applications. This allows for complete coverage of the targets and their information.

Tom Eston is a penetration tester for a Fortune 500 financial services organization. Tom currently serves as the security assessment team lead. Tom began his career over twelve years ago as a systems and network administrator for several large and medium size businesses. He began his career in security by helping form an information security department for a real estate development company.

Tom is actively involved in the security community and focuses his research on the security of social media. He is a contributing author to a social media eBook and has written a Facebook Privacy & Security Guide which is used in several major universities as part of student security awareness programs. Tom is also a security blogger, co-host of the Security Justice podcast and is a frequent speaker at security user groups and conferences. Tom recently gave a talk at Notacon 6 titled "The Rise of the Autobots: Into the Underground of Social Network Bots".

Kevin Johnson is a Senior Security Analyst with InGuardians. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time contributes to a large number of open source security projects.

Kevin founded and leads the development on B.A.S.E. (the Basic Analysis and Security Engine) project. The BASE project is the most popular web interface for the Snort intrusion detection system.

Kevin is an instructor for SANS, teaching both the Incident Handling and Hacker Techniques class and the Web Application Penetration Testing and Ethical Hacking class, which he is the author. He has presented to many organizations, including Infragard, ISACA, ISSA, RSA and the University of Florida.

return to top

Dradis Framework - Sharing Information will get you Root

etd Senior Security Consultant, NGS Software

dradis is not a dream any more. It is a mature framework. Information sharing taken to a new level. If you are in the security industry is because you want to break stuff. Not because you like wasting your time. Not because you love to write reports. Not because you enjoy doing things twice, or doing them manually if they could be scripted up. dradis' aim is to let you focus on what you like by making all the overhead something not to worry about.

dradis is a framework that security testing teams use to combine the skillsets of their members to increase the likelihood of a successful breach. This is accomplished by gathering and sharing information using a flexible toolset that takes up the challenge of accommodating the creative and out-of-the-box thinking that is always associated with the security community.

dradis is not only a tool, it is a new way of enabling collaboration in security testing. Follow a testing methodology or create a new methodology that others will follow. Gather the evidence you need for a test or extend the framework to gather the evidence for you... and this is just the beginning, welcome to the dradis world.

etd started with pentesting in Spain after studying electrical engineering. He is now working as a security consultant in the UK. He is passionate about security and equally passionate about the open source world with various contributions over the years. etd blogs on new tools, advisories and hack-fu techniques as a way of contributing back to the security community. He is currently obsessed on finding out ways to enhance the security consultancy practice so we can focus on the the real deal: hack the target.

return to top

Cracking the Poor and the Rich: Discovering the Relationship Between Physical and Network Security

Damian Finol

Is there a relationship between physical and network security? this presentation tries to uncover some information about the possible relationship between physical and network security by looking at how the rich and the poor in Venezuela implement both physical tools (like electric fences, bulletproof windows, etc) and network wireless encryption techniques (WPA2, WPA, WEP, none). By using simple tools like Kismet, a laptop, and a really fast car the speaker sniffs the wireless networks of both the dangerous slums and the rich areas and uncovers an interesting relationship between them both.

Damian Finol is a systems engineer graduated from the Rafael Belloso Chacin University in Venezuela, currently living in Caracas, Venezuela works as a Information Security Specialist at one of the country's top 3 banks doing vulnerability assessment, risk management and other IT Security related processes. Currently doing a masters in computer science with the Simon Bolivar University in Caracas with a Major in Distributed Systems and parallelism, also teaches Databases, Information Security and Distributed Systems at the Nueva Esparta University in Caracas. Finally Damian Finol is a volunteer with the Wikimedia Foundation serving in the Chapter's Committee since 2006.

return to top

Attacking Tor at the Application Layer

Gregory Fleischer Security Researcher

Surfing the web using Tor makes you invincible, right?

Wrong! Between the technical deficiencies, web browser idiosyncrasies, Tor vulnerabilities, social engineering, and bone-headed user decisions, there is ample room for attack and exploitation.

This presentation covers past and present application layer attacks against Tor. From practical hacking and ControlPort madness, to the most up-to-date techniques and beyond, this is an in-depth, technical look at active client-side attacks, HTML content injection, browser fingerprinting, network leakage and other relevant anonymity set issues.

So, forget about the over-heated nodes, infinite circuits and magic packets. When anyone with some JavaScript knowledge, a server on the Internet and a little bit of cleverness can launch these attacks, now is the time to start paying attention to how you use Tor.

Gregory Fleischer has over ten years experience in application development and software security. As an independent security researcher, he has worked with The Tor Project to identify weaknesses in Tor application components such as Torbutton, Vidalia and Privoxy. He has reported vulnerabilities in widely used client-side technologies including Mozilla Firefox, Sun Java and Adobe Flash. Gregory is currently employed as application security engineer with an online brokerage firm.

return to top

Hacking the Smart Grid

Tony Flick

The city of Miami and several commercial partners plan to rollout a "smart grid" citywide electrical infrastructure by the year 2011. This rollout proceeds on the heels of news that foreign agents have infiltrated our existing electrical infrastructure and that recent penetration tests have uncovered numerous vulnerabilities in the proposed technologies. Simultaneously, the National Institute for Standards in Technology (NIST) has recently released a roadmap for producing Smart Grid standards. In this Turbo Talk, I will discuss the flaws with the current guidelines and map them to the criticisms of similar regulatory mandates, including the Payment Card Industry Data Security Standard (PCI DSS), that rely heavily on organizations policing themselves.

Tony Flick has been working in the Information Security field for more than 6 years. As a security consultant, Mr. Flick has assisted numerous organizations in achieving compliance with federal regulations and industry standards. His expertise includes risk management and compliance, assessments and audits, and research in emerging technologies. Mr. Flick has previously presented at the OWASP Tampa local chapter on application security concepts.

return to top

Router Exploitation

FX of Phenoelit, Head, Recurity Labs GmbH

Exploitation of active networking equipment has its own history and challenges. This session will take you through the full spectrum of possible attacks, what they yield and how the art of exploitation in that particular field evolved over the recent past to its present state. We will cover attacks on Cisco equipment and compare them to other specimen in the field, talk about the challenges you face to get a simple shell on such devices and what to actually do with them once you made it.

Felix "FX" Lindner runs Recurity Labs, a security consulting and research company in Berlin, Germany. FX has over 11 years experience in the computer industry, nine of them in consulting for large enterprise and telecommunication customers. He possesses a vast knowledge of computer sciences, telecommunications and software development. His background includes managing and participating in a variety of projects with a special emphasis on security planning, implementation, operation and testing using advanced methods in diverse technical environments. FX is well known in the computer security community and has presented his and Phenoelit's security research on Black Hat Briefings, CanSecWest, PacSec, DEF CON, Chaos Communication Congress, MEITSEC and numerous other events. His research topics included Cisco IOS, HP printers, SAP and RIM BlackBerry. Felix holds a title as State-Certified Technical Assistant for Informatics and Information Technology as well as Certified Information Systems Security Professional.

return to top

Breaking the "Unbreakable" Oracle with Metasploit

Chris Gates Member of the Metasploit Project
Mario Ceballos Developer for the Metasploit Project

Over the years there have been tons of Oracle exploits, SQL Injection vulnerabilities, and post exploitation tricks and tools that had no order, methodology, or standardization, mainly just random .sql files. Additionally, none of the publicly available Pentest Frameworks have the ability to leverage built-in package SQL Injection vulnerabilities for privilege escalation, data extraction, or getting operating system access. In this presentation we are going to present an Oracle Pentesting Methodology and give you all the tools to break the "unbreakable" Oracle as Metasploit auxiliary modules. We've created your version and SID enumeration modules, account bruteforcing modules, ported all the public (and not so public) Oracle SQL Injection vulnerabilities into SQLI modules (with IDS evasion examples for 10g/11g), modules for OS interaction, and modules for automating some of our post exploitation tasks.

Chris Gates (CG), member of the Metasploit project, Penetration Tester (but everyone is these days), and regular security blogger (carnal0wnage.blogspot.com).

Mario Ceballos (MC) is a computer security analyst. He has a number of years of experience in vulnerability research and exploit development. He is an active contributor to the Metasploit Framework primarily focusing on the auxiliary and exploit modules.

return to top

Asymmetric Defense: How to Fight Off the NSA Red Team with Five People or Less

Efstratios L. Gavas Assistant Professor, United States Merchant Marine Academy

The NSA sponsors an annual Cyber Defense Exercise (CDX) to raise awareness of and help develop cyber defense skills in our armed forces. This is the story of how the United Stated Merchant Marine Academy, the smallest of the five undergraduate service academies, has managed to hold its own, and even win one year, in head-to-head competition against other well-funded and well-organized federal academies from cyber attacks by the NSA Red Team with borrowed equipment, no funding, and no computer science program. The talk will cover thoughts on keeping your network manageable if you don't have an army of administrators and a DoD budget. We may also make fun of the Coast Guard Academy.

Efstratios L. Gavas is an Assistant Professor at the United Stated Merchant Marine Academy in Kings Point, NY where he has been building the cyber defense program for the last four years. He screens prospective students by dropping them off in Manhattan with an Eee PC, a BackTrack distro, and a swiss army knife to see who makes it back to campus alive. He is also concurrently working on his Ph.D at Polytechnic Institute of New York University where he has researched: hardware trojan detection, hardware control-flow obfuscation, RFID security, privacy and anonymity, computer forensics and is aggravating his advisor because he can't settle on a topic. He is a National Science Foundation Federal Cyber Scholarship Recipient. One day he hopes to sail around the world, or build a autonomous boat to do it for him

return to top

Locally Exploiting Wireless Sensors

Travis Goodspeed Engineer of Superior Buckles, Goodspeed and Gourneau

Wireless sensors are often built with a microcontroller and a radio chip, connected only by a SPI bus. The radio, not the MCU, is responsible for symmetrical cryptography of each packet. When the key is loaded, it is sent as cleartext over the SPI bus, and an attacker with local access can steal the key using a few syringe probes and readily available hardware. This attack and other local attacks against wireless sensor networks will be presented in detail, including a live demo of an AES128 key being extracted from an operational network. Following the conclusion of the lecture, audience members will be brought onstage to perform the attack themselves on various pieces of example hardware.

Travis Goodspeed is a neighborly reverse engineer from Southern Appalachia. He has been exploiting and reverse engineering wireless sensors since writing the first stack overflow exploit for them in 2007. His recent projects have included a timing attack on the MSP430 bootstrap loader and an extra-neighborly party-mode belt buckle in the shape of Tennessee.

return to top

return to top

Introduction to WiMAX Hacking


WiMAX is a new high speed, 802.16e, wide area broadband service that promises to replace 3G high speed networks. It is only being offered in a few cities across the country, but by 2012 it is estimated that it will be nation wide. Over the last decade, hackers have explored and demonstrated weaknesses in the security of WiFi, pushing the industry to come up with better security practices. In this talk, we intend to make it clear what WiMAX is, what is being done to protect the existing deployed WiMAX networks, and different ways to get anonymous Internet anywhere WiMAX is being served.

Goldy Co-author of JanusVM (Virtual Machine), JanusPA (Privacy Adapter), Tor VM, independent security researcher, Security Director of Xerobank, and long time wireless enthusiast...also from Portland, OR. Despite spending the last two years working on side-channel attacks against anonymity networks, he has returned to his roots to explore and exploit wireless yet again.
PierceA member of SophSec research, and a independent computer security researcher from Portland, OR. He has previously spoken at Defcon about wireless security.

return to top

An Open JTAG Debugger

Travis Goodspeed Engineer of Superior Buckles, Goodspeed & Gourneau

While it's simple enough to build a "Wiggler" JTAG adapter for the PC parallel port, there is very little open hardware for performing high-speed programming of JTAG devices by USB. This lecture introduces the GoodFET, an open source USB JTAG adapter which can be reflashed to support the programming and debugging of any number of chips. Both hardware and firmware are compared to that of a similar, commercial design.

This lecture will also cover the details of the JTAG standard and a few of its competitors, as well as the possibility of attacking these debugging modes when access has been denied or restricted.

Travis Goodspeed is a neighborly reverse engineer from Southern Appalachia. He has been exploiting and reverse engineering wireless sensors since writing the first stack overflow exploit for them in 2007. His recent projects have included a timing attack on the MSP430 bootstrap loader and an extra-neighborly party-mode belt buckle in the shape of Tennessee.

return to top

Welcome to Defcon 17 with Dark Tangent and the Making of & Hacking the DC17 Badge

Joe Grand (Kingpin) & The Dark Tangent

For the fourth year in a row, the DEF CON Badge makes its appearance as a full-fledged, active electronic system. Pushing fabrication techniques to the limit and using some components that are so new they barely exist, the design of this year's badge took some serious risks. Did they pay off? You be the judge! Every year, there are new problems and experiences to learn from and share. Join Kingpin as he guides you through the entire process of the badge, from initial concept drawings to prototype electronics to firmware design to manufacturing.

At last year's Closing Ceremonies, The Dark Tangent deemed the DEF CON Badge Hacking Contest a "black badge" event. Now, hacking the badge can earn you the ultimate in bragging rights. Kingpin will go into detail of the hackable aspects of the DEF CON 17 Badge, including setting up the development environment and using the bootloader to load your own firmware. The goal is to get people up and running faster, so they have more time over the weekend to make the badge do crazy and mischievous things. Not all the secrets of the badge will be revealed, but armed with the knowledge from this talk, you'll have a step up on the competition.

Joe Grand, also known as Kingpin, is an electrical engineer and hardware hacker. He invents things for his company, Grand Idea Studio (www.grandideastudio.com) and has had the honor of designing the DEF CON badge for the past four years. Back in the day, he was a member of L0pht Heavy Industries and, more recently, a co-host of Prototype This!, an engineering entertainment program on Discovery Channel. He's also the sole proprietor of Kingpin Empire (www.kingpinempire.com), a hacker-inspired project that gives back to the computer underground, technology, and health communities through charitable donations.

return to top

The Projects of "Prototype This!"

Joe Grand (Kingpin)

Designing and building projects is hard. Designing and building projects of things that have never been done before is harder. Designing and building projects of things that have never been done before with the financial and time constraints of TV is ridiculous.

For 18 months, Joe Grand and Zoz were co-hosts of Prototype This! on Discovery Channel, an engineering entertainment program that followed the real-life design process of a unique prototype every episode. Comprised of an electrical engineer (Joe), a roboticist (Zoz), a material scientist, and special effects guy, we had the major bases covered. A total of thirteen episodes were produced, each with their share of challenges and drama. Sometimes the prototypes worked, sometimes they didn't.

In this mostly visual presentation, we'll go through design details and show never-before-seen pictures and videos related to some of our favorite episodes, including the Traffic Busting Truck, Fire Fighter PyroPack, Virtual Sea Adventure, Waterslide Simulator, and Flying Lifeguard, each of which had to be designed and built in a matter of weeks.

Joe Grand, also known as Kingpin, is an electrical engineer and hardware hacker. He invents things for his company, Grand Idea Studio (www.grandideastudio.com) and has had the honor of designing the DEF CON badge for the past four years. Back in the day, he was a member of L0pht Heavy Industries and, more recently, a co-host of Prototype This!, an engineering entertainment program on Discovery Channel. He's also the sole proprietor of Kingpin Empire (www.kingpinempire.com), a hacker-inspired project that gives back to the computer underground, technology, and health communities through charitable donations.

Zoz is a robotics engineer, software hacker, pyrochemist and inveterate tinkerer. He got his PhD from the Robotic Life group at the MIT Media Lab primarily so he could say "Trust me, I'm a doctor" to other robots. He is a co-founder of Cannytrophic Design (www.cannytrophic.com) which operates a hacking and art space in Boston, and invents industrial art pieces with designations like Funkenschnorkel, Luftwerfer and Schallfaust. One of his biggest goals is to restore science and engineering education to pride of place as a top global priority, so when he discovered that this aim could be combined with his love of media whoring he co-hosted Prototype This! for the Discovery Channel. He continues to work in science education television in order to nurture the next generation of hackers.

return to top

"Smart" Parking Meter Implementations, Globalism, and You
(aka Meter Maids Eat Their Young)

Joe "Kingpin" Grand
Jake Appelbaum
Chris Tarnovsky

Throughout the United States, cities are deploying "smart" electronic fare collection infrastructures that have been commonplace in European countries for many years. In 2003, San Francisco launched a $35 million pilot program to replace approximately 23,000 mechanical parking meters with electronic units that boasted tamper resistance, payment via smart card, auditing capabilities, and an estimated $30 million annually in fare collection revenue. Other major cities, including Atlanta, Boston, Chicago, Los Angeles, New York, Philadelphia, Portland, and San Diego, have made similar moves.

In this session, we will present our evaluation of electronic parking meters, including smart card protocol analysis and emulation, silicon die analysis, and firmware reverse engineering, all of which aided in successful breaches.

Joe "Kingpin" Grand, also known as Kingpin, is an electrical engineer, hardware hacker, and longtime participant in the security community. He invents things for his company, Grand Idea Studio (www.grandideastudio.com) and has had the honor of designing the DEF CON badge for the past four years. Back in the day, he was a member of L0pht Heavy Industries and, more recently, a co-host of Prototype This, an engineering entertainment program on Discovery Channel. He's also the sole proprietor of Kingpin Empire (www.kingpinempire.com), a hacker-inspired project that gives back to the computer underground, technology, and health communities through charitable donations.

Jake Appelbaum, also known as ioerror, hacks for pleasure and leisure across the globe. He currently has an interest in parking meters, magnetics and GSM telephones. Previously he's been interested in disk cryptography, memory forensics and MD5 as it applies to digital signatures. He's an ethics enthusiast, a former pornographer and proudly Vegan.

Chris Tarnovsky runs Flylogic Engineering, LLC and specializes in analysis of semiconductors from a security "how strong is it really" standpoint. Flylogic offers detailed reports on substrate attacks which define if a problem exists. If a problem is identified, we explain in a detailed report all aspects of how the attack was done, level of complexity and so on. This is something we believe is unique and allows the customer to then go back to the chip vendor armed with the knowledge to make them make it better (or possibly use a different part).

return to top

The Year In Computer Crime Cases

Jennifer Granick Civil Liberties Director, EFF

Its been a booming year for computer crime cases as cops and civil litigants have pushed the envelope to go after people using fake names on social networking sites (the MySpace suicide case), researchers giving talks at DEF CON (MBTA v. Anderson), and students sending email to other students (the Calixte/Boston College case). The Electronic Frontier Foundation has been front and center in these cases, either filing amicus briefs or directly representing the coders and speakers under attack. At this presentation, Jennifer Granick and other EFF lawyers fresh from the courtroom will share war stories about these cases, thereby informing attendees about the latest developments in computer security law and giving pointers about how to protect yourselves from overbroad legal challenges.

Jennifer Granick is the Civil Liberties Director at the Electronic Frontier Foundation. Before EFF, Granick was a Lecturer in Law and Executive Director of the Center for Internet and Society at Stanford Law School where she taught Cyberlaw and Computer Crime Law. She practices in the full spectrum of Internet law issues including computer crime and security, national security, constitutional rights, and electronic surveillance, areas in which her expertise is recognized nationally. Before teaching at Stanford, Jennifer spent almost a decade practicing criminal defense law in California. She was selected by Information Security magazine in 2003 as one of 20 "Women of Vision" in the computer security field. She earned her law degree from University of California, Hastings College of the Law and her undergraduate degree from the New College of the University of South Florida.

return to top

The Psychology of Security Unusability

Peter Gutmann University of Auckland, New Zealand

Most humans have a great deal of difficulty dealing with security issues. This problem is well-known and the standard response is to blame the user, but the real problem is the fact that millennia of evolutionary conditioning has caused humans to act, and react, in predictable ways to certain stimuli and situations, to the extent that in some cases no (normal) human would respond to a security system in the way that its designers intended. This talk looks at what the field of cognitive psychology can tell us about the (often surprising) ways in which the human mind deals with computer security issues, providing insight both for defenders who need to design systems for the way that real people think rather than for an abstract ideal, and for attackers who want to exploit the weaknesses of security interfaces at the human level.

Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption, and is the author of the open source cryptlib security toolkit. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about the lack of consideration of human factors in designing security systems.

return to top

Win at Reversing: Tracing and Sandboxing through Inline Hooking

Nick Harbour Principal Consultant, Mandiant

This presentation will discuss a new free tool for Reverse Engineering called API Thief, the "I Win" button for malware analysis. The unique way the tool operates will be explored as well as how it is able to provide better quality data than other tracing tools currently available. Advanced usage of the tool for malware analysis will be demonstrated such as Sandboxing functionality and a new technique for automated unpacking.

Nick Harbour is a Principal Consultant with Mandiant. He specializes in Malware Analysis and Incident Response as well as both offensive and defensive research and development. He also teaches malware analysis and reverse engineering. Nick's ten year history in the security industry began as a researcher and forensic examiner at the DoD Computer Forensics Lab (DCFL) where he helped pioneer the field of computer forensics. Nick is a developer of both free software including most notably dcfldd, the popular forensic disk imaging tool, tcpxtract, a tool for carving files out of network traffic and Mandiant Red Curtain and FindEvil, tools for identifying malicious binaries. He is also an expert in anti-reverse engineering technologies and has developed binary hardening tools such as PE-Scrambler. Nick is also a trained chef!

return to top

FOE -- Feeding Controversial News to Censored Countries (Without Using Proxy Servers)

Sho Ho Software Engineer, Broadcasting Board of Governors

Certain countries are banning their Internet users from accessing websites that are deemed inappropriate by their officials. News organizations' websites are commonly blocked by these countries, and there are little these organizations can do to reach their audience inside those countries. FOE is a new anti-censorship tool developed in-house by the Broadcasting Board of Governors (which oversees Voice of America, Radio Free Europe, Radio Farda, Radio Free Asia, etc.), which main goal is to create a multi-platform (including mobile) architecture that allow Internet users in censored countries to receive unbiased news.

Sho Ho had been a freelance software developer for about 10 years and recently joined the Broadcasting Board of Governors, the Federal Government agency that oversees and supports broadcasters such as Voice of America, Radio Free Asia, Radio Free Europe, etc. Sho is a member of the Internet anti-censorship team at BBG whose duties include developing and managing anti-censorship technologies to help Internet users in censored countries to bypass Government censorships.

return to top

Identifying, Exploring, and Predicting Threats in the Russian Hacker Community

Dr. Thomas J. Holt Assistant Professor, School of Criminal Justice, Michigan State University
Dr. Max Kilger The Honeynet Project
Dr. Debora Strumsky The University of North Carolina at Charlotte
Dr. Olga Smirnova The University of North Carolina at Charlotte

A great deal of research has focused on the malicious software and attack tools generated by Eastern European and Russian hacker groups. Though technical explorations provide insight into how to defend against these threats, there is still a great deal that is unknown about the social world of hackers in this part of the globe. Thus, this presentation will explore the social networks, demographic characteristics, and skills of the members of eight groups from the Eastern European and Russian hacker community using open source data, including social networking sites where they detail their personal lives, interests, and activities. The findings give significant insight into the nature of this community, including technical and university training, physical locations, and social relationships between hackers and malware writers. The network ties between skilled and unskilled hackers are explored in depth, along with ways to proactively identify the most skilled hackers using simple blog content. This presentation will benefit computer security professionals, law enforcement, and the intelligence community by identifying the social dynamics that shape the Russian hacker community.

Dr. Thomas J. Holt is an Assistant Professor in the School of Criminal Justice at Michigan State University specializing in computer crime, cybercrime, and technology. His research focuses on computer hacking, malware, and the role that technology and the Internet play in facilitating all manner of crime and deviance. He works with computer and information systems scientists, law enforcement, businesses, and technologists to understand and link the technological and social elements of computer crime. Dr. Holt has been published in academic journals, and has presented his work at various computer security and criminology conferences. He is the project lead for the Spartan Devils Chapter of the Honeynet Project, and is also a member of the editorial board of the International Journal of Cyber Criminology.

return to top

Hardware Trojans: Infiltrating the Faraday Cage

Stephen 'afterburn' Janansky CVORG, University of Delaware
Nick Waite CVORG, University of Delaware

Last year we presented some hardware trojans as a proof of concept for side-channel data exfiltration attack. Pretty blinking lights are sweet, but this time we wanted to give the hungry crowd something more crunchy to bite into. Namely, that age-old problem of how to get data in and out of a device on a secured network, no network all, or even in a SCIF, perhaps... With some hardware voodoo, let's see what manner of electronic telekinesis we can accomplish!

p.s. Our friends who wish to remain nameless say that this is considered trivial "on the other side of the wall". Is it really? Let's see if any show up! That's right, we're laying the bait, let's play spot the fed.

Stephen 'afterburn' Janansky is a Senior CPEG at UD. He can usually be found in the lab flirting on the edge between hardware and software, killing routers and other electronics by the dozens (and then asking Nick to resurrect them), and taking blinky lights to a new level. He is a member of CVORG, dreams of hardware security, and is one of the most ADD engineers you will ever meet.

Nick Waite has been flitting about the edges of academia for years while managing to avoid graduation. During his tenure he has done analog IC design, microcontroller system design, and pcb design projects in support of military, solar, agricultural, and other Important Projects. His interests and hobbies include DIY and low-tech engineering, organic chemistry, genetic algorithms, linguistics, finance, biofeedback, outdoor survival, peace, love, and freedom. He hopes to someday find harmony between machines and nature. Make sure to ask him about Korea!

return to top

Catching DNS Tunnels with AI - A Talk About Artificial Intelligence, Geometry and Malicious Network Traffic

jhind Security Researcher

The in-depth explanation, demonstration and release of a working adaptive solution for data mining DNS tunnels from network traffic.

jhind has shared a passion for security inside government, academia and industry for well over a decade. He has countless hours of sleep-deprived research and teaching in reverse engineering, cryptography, exploitation and general Internet deviancy. Completely frustrated with IDS in its current state, jhind's latest research attempts to advance the conversation of competent intrusion detection.

return to top

Attacks Against 2wire Residential Gateways

Pedro "hkm" Joaquin

Some time ago there was a vulnerability in 2wire residential routers that allowed DNS Poisoning via Cross Site Request Forgery, this was widely exploited in Mexico where this router is most commonly used.

The patch actually contained an Authentication Bypass vulnerability that made things worse, and now, after the patch got patched, there are still many public unpatched vulnerabilities that plague this device.

Pedro "hkm" Joaquin was born in Cozumel island in the Caribbean, currently he is an independent security researcher living in Mexico City. Pedro used to be a forensic investigator, malware analyst and antimalware software vendor for banks in Mexico.

8 years ago Pedro created a community called "Mexican Underground Community" (underground.org.mx) which focuses on hacking and phreaking, They are the largest hacking community in Mexico and have done many public and private meetings all over Mexico including some 2600 ones.

Over the past years Pedro has been researching residential routers and has found several critical bugs in many of them, primarily focusing on the most popular and commonly used routers in Mexico, the 2wire residential gateway.

return to top

Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers

Kevin Johnson Senior Security Analyst, InGuardians
Justin Searle Senior Security Analyst, InGuardians
Frank DiMaggio Security Researcher

Injectable exploits focus on the exploitation of major web flaws during penetration tests. Two new tools will be released that expand the foothold penetration testers can obtain through SQL injection and XSS flaws. These tools provide greater insight into the network hosting the web application and the networks in which the users are located. We will also discuss the live CD environment that includes both tools.

Yokoso! is an infrastructure fingerprinting system delivered via XSS attack. This project contains two different parts; the fingerprints and modules for the various browser exploit frameworks. The fingerprints identify web applications deployed in the user's network, applications such as web administration interfaces to different IT manage systems. The modules portion contains code to perform two basic attacks. The first is history browsing which determines if the user has visited the sites of interest. This reveals if the user is an administrator or power user. The second attack module within Yokoso! Initiates requests to map the infrastructure of the user's network.

Laudanum is a collection of injectable files that are prebuilt to perform various attacks within a network. These files are injected via SQL injection attacks. The individual files are placed into scheduled jobs or the web root of database servers.

This is accomplished by exploiting SQL injection flaws within the web application. Laudanum includes various attacks such as shells, proxy capabilities and data collection tools.

A major feature of both tools is their scope limiting capabilities. Many similar tools lack the capability to identify target hosts before performing exploits. Both of these tools allow a penetration tester to specify target restrictions based on external IP, internal IP, and hostname.

The final portion of the talk will cover SamuraiWTF. SamuraiWTF is a live CD environment focused on web penetration tests. It was released during DEF CON 16 and has had four new releases since that time. Both Yokoso! and Laudanum will be included on a new version of SamuraiWTF released at DEF CON this year.

Kevin Johnson is a Senior Security Analyst with InGuardians. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time contributes to a large number of open source security projects. Kevin founded and leads the development on B.A.S.E. (the Basic Analysis and Security Engine) project. The BASE project is the most popular web interface for the Snort intrusion detection system. Kevin is an instructor for SANS, teaching both the Incident Handling and Hacker Techniques class and the Web Application Penetration Testing and Ethical Hacking class, which he is the author. He has presented to many organizations, including Infragard, ISACA, ISSA, RSA and the University of Florida.

Justin Searle, a Senior Security Analyst with InGuardians, specializes in security architecture and penetration testing. Previously, Justin served as the IT Security Architect for JetBlue Airways and has provided top-tier support for some of the largest supercomputers in the world. Justin has taught courses in hacking techniques, intrusion detection, forensics, and networking and has presented at a number of security conferences including DEF CON, ToorCon, Shmoocon, and SANS. In his spare time, he helps lead and develop several open source projects such as The Middler, SamuraiWTF, Yokoso! and Laudanum. Justin has an MBA in International Technology and holds several industry certifications.

Frank DiMaggio is a manager of the Intel server team with a large insurance company in the South East. He has been in a systems administration role for over 18 years, working with small and medium sized businesses in North Florida. His experience is with Microsoft, Novell and Linux Operating Systems. In his spare time he contributes to open source security projects such as BASE, SamuraiWTF and Yokoso!

return to top

Stealing Profits from Stock Market Spammers or: How I learned to Stop Worrying and Love the Spam

Grant Jordan WiseCrack Tools

Every time you look at your inbox, there it is... SPAM! Your penis needs enlargement, a horny single girl from Russia "accidentally" emailed you, and a former Nigerian prince knows that you're just the man to safeguard his millions. But in 2007, while still a student at MIT, one particular kind caught my eye: stock spam. Those bizarre stock market "tips" that claim you should buy a particular stock because it's "about to go through the roof!!!!" Like most people, I initially thought nothing of these ridiculous emails. That was until Kyle Vogt (now of Justin.tv) proposed the stupidest idea I had ever heard: "There has to be some way we can make money off these spammers". After trying, and failing, to prove Kyle wrong, the two of us embarked on a 4-month study into the dark depths of stock spam. In this talk, I'll explain how we went from hand-sorting tens of thousands of spam emails to developing a trading strategy able to take a piece of the spammers' profits. And how, in the process, our work produced data that disproved the results of nearly all the existing stock spam research.

Grant Jordan: Mild-mannered electrical engineer by day, electronic safe-cracking tool designer by night. He's been known to spend his spare time reading spam, looking for obscure loopholes in sweepstakes rules, and pretending to be a professional photographer.

return to top

Something about Network Security

Dan Kaminsky IOActive

Abstract to come.

Dan Kaminsky is the Director of Penetration Testing for Seattle-based IOActive, where he is greatly enjoying having minions. Formerly of Cisco and Avaya, Dan was most recently one of the "Blue Hat Hackers" tasked with auditing Microsoft's Vista client and Windows Server 2008 operating systems. He specializes in absurdly large scale network sweeps, strange packet tricks, and design bugs.

return to top



Abstract and Bio to Come

return to top

MSF Wifi

Mike Kershaw

Airpwn-style TCP stream hijacking on wifi networks inside the MSF Framework. "You want urchin.js? Sure, we can do that. Here it is. Trust me." Demo client attacks against popular websites by poisoning the TCP stream, feeding MSF payloads to clients, and tail-modification of already transmitted tcp streams.

Mike Kershaw is the author of Kismet and several articles on wireless security. Mike also works for Aruba Networks, where his full-time job is to break things and pick up the pieces.

return to top

Hardware Black Magic - Building devices with FPGAs

Dr. Fouad Kiamilev Professor, Electrical and Computer Engineering Department, University of Delaware
Rodney McGee Researcher, Electrical and Computer Engineering Department, University of Delaware

Last year at the HHV we rolled into town full of goodies in our bags. To excite people about hardware we demoed and gave away some FPGA boards to those in attendance. We realized quickly that people didn't understand what we were talking about or giving away...but seemed to really what we call the blinky light factor. It was then that we realized that something needed to be done about this, to educate the DEFcon attendees on how easy hardware really is. Too many people treat hardware like it is black magic which only few can wield. While it may be black magic, we feel it should be available to all to use. People need to learn that this black magic can be fun, exciting and easy. So we thought up a crazy idea to help some of you out. What if we just showed you how easy it was and went through, step by step, in actually building a device?

This tutorial/demo will go through the process of showing and teaching people how easy it is to rapidly design a hardware device using an FPGA. An FPGA is basically a programmable digital circuit. It can be programmed to be almost any digital circuit you like, replacing all your 7400-series chips with one small package. Starting with nothing more than an FPGA demo-board (and little to no knowledge of hardware) the audience will see how easy it is to make a device of their own. Through the use of free software and open source code, a device can quickly be assembled and programmed in a language such as C to do exactly what the user wants. The demonstration will also show the audience how to use free IP Blocks such as those provided by the OpenCores project to build their own cool devices equipped with all the peripherals they want. We will also demonstrate how to easily use Microblaze, a microprocessor written in Verilog/VHDL. Very recently the Microblaze architecture was added into the Linux Kernel (doesn't that sound like fun?!). This tutorial will overall show people how a $100 demonstration board can be used to design things like a logic analyzer (Retail: $20,000), your own 1980's style arcade game, a simple serial UART, that Ethernet sniffer you've always been dreaming, and whatever else your mind desires. By the end, people should be armed with the knowledge they need to design their own hardware devices and have no fear about doing so.

Fouad Kiamilev is a professor in the Department Electrical and Computer Engineering at the University of Delaware where he directs a group of pirates who call themselves CVORG (which stands for CMOS VLSI Optimization Research Group). Fouad's main mission is to train students to become successful participants in the 21st century global economy. Since 1997, he has advised 12 Ph.D. students and 16 M.S. students. His graduates are employed by leading academic and industrial organizations in the United States. Fouad's research group, CVORG, specializes in custom hardware design for special applications. As a hobby the group likes to tackle the security problems of today from a hardware perspective.

Rodney McGee is currently a graduate student in professor Kiamilev's research group (CVORG) at the University of Delaware. He is involved with numerous research projects that involve custom top to bottom system design. This often means creating analog/digital integrated circuits (VLSI), printed circuits boards (PCBs), software for hardware (VHDL, firmware, embedded code), custom hardware packaging (some that require cryogenic cooling systems), and other odd projects. All of this is made possible with the great support, knowledge, and experience from the rest of the group and his professor.

return to top

Hack The Textbook

Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc.
Mike Cooper Senior Security Engineer, IPC Systems

Hack the Textbook: Introducing The Textbook Security Project

Why do we have so many software security problems? Clearly, a large proportion are caused by poorly written code. Why is our code so badly written? There are many reasons, not the least of which is that writing secure code can be a difficult task. However, the problem is compounded by most programmers having been taught insecure coding practices.

The majority of the most popular and widely used college textbooks for programming never cover any security concepts. Worse, they actually teach practices that result in insecure code. For some time now, companies trying to produce secure software have been complaining that college courses and course materials fail to prepare students to write secure code, and they are tired of having to retrain recent graduates in secure programming practices.

The insecure code problem is compounded by the fact that many of the professors and instructors who teach programming are not security experts. Even if they could identify and correct the "security bugs" in textbooks, it is difficult for them to teach what is not in the textbooks or to try to teach differently from the textbooks.

Attempts by some in the academic community to get authors and publishers to include security content in textbooks has actually been met with resistance. Many in academia believe that if there were a true need for secure software development to be taught, it would be a "self-correcting problem that would be addressed by textbook authors."

The objective of The Textbook Security Project is to publicly expose the security flaws in popular textbooks, and to encourage authors to revise their books to use secure software development practices. The immediate goal of the project is to provide lists of textbooks to be critiqued and to allow security professionals to post reviews exposing a textbook's security flaws. The project also plans to provide resources to help authors identify and correct problems in their books, and to help new authors get security right the first time. The long term goal of the project is to change security from being a subject that is taught as a senior level course, to security becoming an integral part of the entire computer science curriculum.

Mr. Jon Kibler is a Systems Architect for Advanced Systems Engineering Technology in Charleston, SC, where he also serves as the Chief Technical Officer. He has over 37 years experience in information technology and has worked in a variety of industries including: aerospace, defense, systems engineering, manufacturing, communications, utilities, transportation, information services, general business, banking, financial services, wholesale and distribution, retail and point of sales, health care, security, technical training, and consulting. His emphasis for the last 10 years has been systems and network security consulting, design of high security high availability networks, software security, and security research.

Mr. Kibler's background in security extends back to the mid-1970s when he first learned penetration testing skills while working on a defense department contract. He is a Certified Ethical Hacker and teaches several different ethical hacking and penetration testing courses. He also teaches a variety of other security courses, and presents seminars on security to professional groups and the general public.

Mr. Kibler regularly works with several different academic institutions on developing security curricula that better prepare students to address real world security issues when they reach the work place. He is also the founder of The Textbook Security Project whose goal is to have security become an integral part of every aspect of a computer science student's education.

Mr. Michael Cooper is the Senior Security Engineer at IPC Systems, Inc. where works on the product development side of security. Previously, he worked at the Center for Software Engineer Research at Florida Tech under Dr. James Whittaker for three years researching security and executing penetration testing contracts for commercial and DOD cleared projects. When the lab was spun off into the startup company Security Innovation, with James as the founder and Chief Scientist, Mike joined SI for over 5 years as a Security Engineer Lead, including a stint at its sister company SI Government Solutions working exclusively on DOD contracts. At SI, Mike was responsible for executing and leading pentests, code reviews, PCI audits, and even some eLearning development. Mike has a B.S. in Computer Engineering and a M.S. in Computer Science from Florida Tech.

return to top

The Day of the Updates

Itzik Kotler Security Operation Center Team Leader, Radware
Tomer Bitton Security Researcher, Radware

Software updates apply patches or introduce new features to an application. In most cases, the update procedure is conducted in an insecure manner, exposing the updater to execution of malicious code or to manipulation of application data such as anti-virus signatures.

This presentation will describe in detail different application-update procedures. It will then demonstrate several techniques of update-exploitation attacks, and introduce a new tool, which leverages a man-in-the-middle technique, to build and inject a fake update reply or hijack an on-going update session.

Itzik Kotler is Radware's Security Operation Center Team's Leader. He manages a team of researchers that follows him into exciting adventures in the dark world of networking, where every standard and rule can be bent and vulnerabilities are lurking on every bit and byte. Radware SOC is a vulnerability research center that develops updated signatures and new techniques to defend known and undisclosed application vulnerabilities. Prior to joining Radware, Itzik held a number of security research positions

Tomer Bitton is a Security Researcher at Radware, Inc. He is obsessed with rootkits and malwares and does exploits development and vulnerabilities analysis for a living. Prior to joining Radware, Tomer was a Trojan Specialist in RSA Anti-Malware Team

return to top

DCFluX in: The Man with the Soldering Gun

Matt Krick "DCFluX" Chief Engineer, New West Broadcasting Systems, Inc.

Is this $3.99 soldering iron any good? What about RF induction soldering irons? These questions and more will be answered when you attend this talk. Less than 1 hour will teach you soldering techniques to last a life time. For everyone from the complete novice to the advanced at home prototype engineer.

Matt Krick is Chief Engineer of New West Broadcasting Systems, Inc.,Operators of broadcast stations KGMN-FM, KZKE-FM, KYET-AM and KKAX-LP. He has worked in the field of broadcasting since 1998, specializing in all aspects of broadcast engineering and video editing

return to top

Air Traffic Control: Insecurity and ADS-B

Righter Kunkel Security Researcher

This presentation will take a look at the Air Traffic Control (ATC) system from a pilot's view. I have found some interesting security problems with the ATC system. We will start the talk by explaining how the current ATC system works. Talk about an interesting attack vector that starts with going to a doctor to get a class 3 physical. We will talk about the future ATC system and how security may go from bad to worse. I want to open peoples eyes to the insecurity of the ATC system.

Righter Kunkel (CISA, CISSP, CISM) is a security researcher. He is a private pilot with about 200 hours of flight time. Righter's background includes positions as global education manager and senior network security consultant at CyberGuard Corporation.

return to top

Effective Information Security Career Planning

Lee Kushner President, LJ Kushner and Associates, Founder InfoSecLeaders.com
Mike Murray President, Michael Murray and Associates, Founder InfoSecLeaders.com

Even with the downturn in the economy, Information Security is becoming an increasingly popular profession. It is evident that the number of talented Information Security professionals greatly outnumbers Information Security leadership opportunities. The future will only bring fiercer competition. It is important, that you, the Information Security professional prepare yourself to compete in this employment marketplace. This interactive, half-day seminar will enable the attendee to effectively plan for future success.

Through the use of real-life experiences and guided exercises, Lee Kushner and Mike Murray, will provide a platform for the attendees to objectively evaluate their current skills and develop a long-term career strategy. Each attendee should leave with an outline for a functional career plan and recommendations on how to choose and evaluate career investments that best suit their personal objectives. At the course's conclusion, the audience will become more effective career managers and be better prepared to achieve their long term career goals.

Lee Kushner is the President of LJ Kushner and Associates, LLC, an Executive Search firm dedicated exclusively to the Information Security industry and its professionals. For the past thirteen years, he has successfully represented Fortune 2000 companies, information security software companies, information security services organizations and large technology firms in enabling them to locate, attract, hire, and retain top level information security talent. Throughout his career, he has provided career management and career coaching to information security professionals at various stages of their professional development. He is a regular speaker and industry contributor on topics that include career planning, interview preparation, and employee recruitment and retention. His thoughts on Information Security career management can be found at www.infosecleaders.com

Mike Murray is currently the managing partner of Michael Murray and Associates, as well as the CISO and lead trainer at Foreground Security and The Hacker Academy. He has spent his entire career in information security, from his work in the late 90's as a penetration tester and vulnerability researcher to leadership positions at nCircle, Neohapsis and Liberty Mutual Insurance Group. Mike's interests and aptitudes are broad - he and his team at Michael Murray and Associates, LLC focus on assisting information security organizations with their human systems, from their information security awareness to their organizational design and efficiency and the career paths of the individuals within the industry.

Mike is a highly regarded presenter, and his talks on a wide variety of topics have been seen at major conferences like RSA, DefCon, SOURCE, and InfoSecurity Canada. Mike's thoughts on security career development can be found at www.infosecleaders.com.

return to top

eXercise in Messaging and Presence Pwnage

Ava Latrope Security Consultant, iSEC Partners

eXtensible Messaging and Presence Protocol, or XMPP, is a is a set of specialized XML-based protocols that are an increasingly popular choice for a variety of middleware applications. It's a sprawling project implemented differently by many popular projects and services, and is used for purposes ranging from chat rooms and video conferencing to control channels for mobile devices. It combines a myriad of confusing buffet-style design options with all of the traditional weaknesses of XML security. XML parsing is a fragile art and many (if not most) implementations are vulnerable to DOS attacks, such as knocking the other users of a chatroom offline. I take a look at how those issues play out in IM clients and open source servers.

Ava Latrope is a security consultant for iSEC Partners, with a focus on web application penetration testing. Her areas of interest include source code auditing, embedded device security and network penetration testing. Prior to joining iSEC, Ava worked for several years creating test automation frameworks for web 2.0 companies in the real estate and media industries. Research interests include instant messaging implementation and protocols.

return to top

Picking Electronic Locks Using TCP Sequence Prediction

Ricky Lawshae Network Technician, Texas State University

As networked building access systems become more and more popular, the security of using RFID, magstripe, and biometrics as authentication mediums is constantly under scrutiny. But what about the security of the access system itself? Is it possible to unlock a door by sending a spoofed command to it over the network, bypassing the need for an authentication medium entirely? (SPOILER ALERT: Yeah, it is.)

Ricky Lawshae works as a network technician for Texas State University in beautiful San Marcos, Texas. He has been the technical lead on their electronic building access system for more than three years. Coupled with his life-long passion for hobby-hacking, he has managed to gain a unique perspective on the building access industry as a whole. He is a relative newcomer to the scene, but has no shortage of enthusiasm, and is always willing to talk to anyone about hacking, door access, comic books, or whatever else the beer makes him say. Ricky currently holds both an OSCP and a GPEN certification.

return to top

Perspective of the DoD Chief Security Officer

Robert F. Lentz

The last year has been a tipping point for cyber security! Safeguarding the internet and the underlying critical information infrastructures has taken center stage as a National imperative. We share threats & vulnerabilities to these fragile underpinnings critical to our ability to sustain economic growth, foster international stability and achieve national security. Do we adequately collaborate across public and private sector for protection and defense? Is our risk appetite sufficient to manage the polarity between information sharing, access, and security? And what is the Military's role in defense of our cyber national security?

Mr. Lentz, as a Deputy Assistant Secretary of Defense in both the Bush and Obama administrations and the first Senior Information Assurance Official for the Department of Defense serving since Nov 2000 will provide his perspective and lessons learned over several decades working in the cyber security field. Mr. Lentz will outline his future vision and goals and those critical policy, technical and operational challenges facing us in this race to leverage the power of the internet.

Robert F. Lentz is the Deputy Assistant Secretary of Defense for Cyber, Identity and Information Assurance (CI&IA) in the Office of the Assistant Secretary of Defense, Networks and Information Integration/Chief Information Officer. Since November 2000, he has been the Chief Information Assurance Officer (CIAO) for the Department of Defense (DoD) and, in this capacity, oversees the Defense-wide IA Cyber Program, which plans, monitors, coordinates, and integrates IA Cyber activities across DoD.

Mr. Lentz is the Chairman of the National Space INFOSEC Steering Council (NSISC), DoD member of the Presidential Sub-Committee on National Security Systems (CNSS), the leader of the DoD IA Steering Council, and the IA Domain Owner of the Global Information Grid Enterprise Information Management Mission Area. In his capacity as the CIAO, Mr. Lentz is a member of the DoD CIO Executive Council. He is also the DoD liaison to several private sector boards, including the Center for Internet Security (CIS) Strategic Advisory Council, the Common Vulnerabilities & Exposures (CVE) Senior Advisory Council, the International Cyber Center Advisory Board and SAFEcode.

Mr. Lentz has over 26 years of experience with the National Security Agency (NSA) in the areas of financial management and technical program management. He has served as Chief of the Space and Networks IA Office, Chief Financial Officer of the NSA IA Directorate, Executive Assistant to the NSA SIGINT Collections and Operations Group and Field Chief of the Finksburg National Public Key Infrastructure/Key Management Infrastructure Operations Center.

Mr. Lentz has received the NSA Resource Manager of the Year Award, the Defense Meritorious Service Award, 2006 “Top 20” Excellence.gov Award, the 2003 Presidential Rank Award and the 2004 “Federal 100” award. In 2004, Mr. Lentz also received the highest-level honorary award the Department can bestow on a civilian employee, the prestigious Secretary of Defense Distinguished Civilian Service Award. In 2008, he was named Information Security government Executive of the year for the Middle Atlantic region, culminating in his award as the North American Executive of the year. In 2009, he was the recipient of the RSA award for Excellence in the Field of Security Practices.

Mr. Lentz is a graduate of the National Senior Cryptologic Course at the National Cryptologic School, Federal Executive Institute (FEI) and the Resource Management Course at the Naval Postgraduate School. He earned a Bachelor’s Degree with a double major in History and Social Science from Saint Mary's College of Maryland and a Masters Degree in National Security Strategy from the National War College.

return to top

Making Fun of Your Malware

Michael Ligh Malicious Code Analyst, iDefense
Matthew Richard Malicious Code Operations Lead, Raytheon Corporation

Would you laugh if you saw a bank robber accidentally put his mask on backwards and fall into a man hole during the getaway, because he couldn't tell where he was going? Criminals do ridiculous things so often, its impossible to capture them all on video. Rest assured, when the criminals are malware authors, we can still make fun of them through evidence found in pictures, binary disassemblies, packet captures, and log files. This talk evenly distributes technical knowledge and humor to present the funniest discoveries related to malware authors and the fight against their code.

Michael Hale Ligh is a malicious code analyst at Verisign iDefense. He specializes in designing tools for malware detection, decryption, and investigation. Michael obtained his masters in forensic computer investigation in 2004 and began providing Internet security services to financial institutions. He then gained interest in vulnerability research and has been credited with locating critical flaws in products such as Tumbleweed MailGate, Novell iMonitor/eDirectory, Symark PowerBroker, and F5 FirePass SSL VPN. Michael is a member of ZERT and has submitted winning entries in malware related contests/challenges run by SANS, Honeynet, and Hacker Challenge.

Matt Richard is Malicious Code Operations Lead at Raytheon Corporation. At Raytheon he is responsible for analyzing and reporting on samples of unknown malicious code and other suspicious activity. Matt was previously Director of Rapid Response at iDefense. For 7 years before that, Matt created and ran a managed security service used by 130 banks and credit unions. In addition he has done independent forensic and security consulting for a number of national and global companies. Matt has written a number of tools including a web application testing tool, log management and intrusion detection application and an automated Windows forensics package. Matt currently holds the CISSP, GCIA, GCFA and GREM certifications.

return to top

Abusing Firefox Addons

Roberto Suggi Liverani Senior Security Consultant, Security-Assessment.com
Nick Freeman Security Consultant, Security-Assessment.com

Hundreds of Firefox addons are created every week. Millions of users download them. Some addons are even recommended by the Mozilla community, and users implicitly trust them. We don't trust a single one, and we will show you why.

This talk details how we have abused some of the most popular and recommended Firefox addons, with previously unreleased vulnerabilities. From the Mozilla download statistics, over 15 million users are potentially affected. Demos will cover remote code execution, local file disclosure and other tailored Firefox Addon exploits.

Don't panic - the Addons manager can be found under the 'Tools' tab in your Firefox menu. We expect to see a lot of people clicking the "Uninstall" button after this presentation.

Roberto Suggi Liverani is a senior security consultant for Security-Assessment.com. He is the founder and leader of the OWASP (Open Web Application Security Project) in New Zealand. Roberto has worked with companies such as Google, Oracle and Opera by reporting and helping to fix security vulnerabilities in their products. Roberto is the co-author of the most recent OWASP Testing Guide and has spoken at various security conferences around the globe.

Nick Freeman is a security consultant at Security-Assessment.com, based in Auckland, New Zealand. After a couple of years of building systems for companies he has turned to breaking them instead, and spends his spare time searching for shells and the ultimate combination of whisky and bacon.

return to top

DC Network Session

Lockheed Sr. Goon, DefCon Network Operations Group

For years, the inner-workings of the DefCon NOC were kept under wraps. Last year Wired was allowed a sneak-peak inside. This year at DefCon17 we are opening the kimono. In true open-source style, we are holding a peer-review discussion session. We will be showing you how the DefCon NOC operates, how the network is laid out, designed, what it is we do. This is not a typical lecture-style talk, but instead intended to be an interactive session, which is why we've arranged to hold it in the more intimate setting. We often get people interested in participating as part of the team - this is our way of opening up and allowing you to have a chance to review the network, make suggestions, tell us where you think we could improve upon things, and make your own contribution to DefCon!

Steve Kirk (Lockheed) is the Sr. Goon in charge of the DefCon Network Operations Group. Kirk also runs the Sony PlayStation Product Development IT group in the US. He has 25 years of experience in the technology field, ranging from tech writer, mainframe operator (yes, punchcards!), engineer, product marketing manager, and IT director. He has worked for companies such as Bank of America and Dell, and now for Sony.

return to top

Jailbreaking and the Law of Reversing

Fred Von Lohmann Senior Staff Attorney, EFF
Jennifer Granick Civil Liberties Director, EFF

Using jailbreaking of the iPhone as a primary example, the presentation will be an overview of the laws relating to reverse engineering of hardware and software.

Developers who rely on reverse engineering face a thicket of potential legal obstacles, including license agreements, copyright, the Digital Millennium Copyright Act (DMCA), and the Computer Fraud and Abuse Act (CFAA). Taking iPhone jailbreaking as real-world example, we will review the legal theories Apple has asserted, shedding light on the major legal pitfalls that developers face, and what they can do to avoid them and minimize risks. We will also examine the additional legal issues raised by reverse engineering networked code, such as online video games.

The presentation stems from the presenters' experience as attorneys with EFF's "Coder's Rights Project," as well as their efforts to persuade the U.S. Copyright Office to grant a DMCA exemption for removing application locks on smartphones (including the iPhone and Android G1).

Fred Von Lohmann is a senior staff attorney with the Electronic Frontier Foundation, specializing in intellectual property matters. In that role, he has represented programmers, technology innovators, and individuals in a variety of copyright and trademark litigation, including MGM v. Grokster, decided by the Supreme Court in 2005. In 2008, Fred was named one of the 50 leading intellectual property lawyers in California by the Daily Journal, a leading legal newspaper, which also honored him as among the 100 most influential lawyers in California from 2004-08. Before joining EFF, Fred was a visiting researcher with the Berkeley Center for Law and Technology and an associate with the international law firm of Morrison & Foerster LLP. He has appeared on CNN, CNBC, ABC's Good Morning America, and Fox News O'Reilly Factor and has been widely quoted in a variety of national publications. Fred has an A.B. from Stanford University and a J.D. from Stanford Law School.

Jennifer Granick is the Civil Liberties Director at the Electronic Frontier Foundation. Before EFF, Granick was a Lecturer in Law and Executive Director of the Center for Internet and Society at Stanford Law School where she taught Cyberlaw and Computer Crime Law. She practices in the full spectrum of Internet law issues including computer crime and security, national security, constitutional rights, and electronic surveillance, areas in which her expertise is recognized nationally. Before teaching at Stanford, Jennifer spent almost a decade practicing criminal defense law in California. She was selected by Information Security magazine in 2003 as one of 20 "Women of Vision" in the computer security field. She earned her law degree from University of California, Hastings College of the Law and her undergraduate degree from the New College of the University of South Florida.

return to top

three point Oh.

Johnny Long Co-Pilot, Hackers For Charity, Inc

From scrubby C64 pirate to professional hacker to reluctant "Internet rockstar", the past five years of Johnny's journey have been interesting. The last few months, however, have been straight-up bizarre.

While many strain to maintain and others scrape and scratch at the ladder, Johnny's jumped off the top rung.

This is a story of what it takes to make it in this industry, and what the view's like from the top.

This is a story about how utterly teh suck the view from the top really is and why you might want to just jump off now before it's too late.

This is the story of a rise and fall and the crossover cable those terms require.

This is a story that’s relevant if you’re in for the long haul.

This is Johnny’s story, as only Johnny can tell it.

Which means it might be funny.

Johnny Long Christian. Hacker. Pirate. Ninja. Ladder Jumper. http://www.hackersforcharity.org.

return to top

Hack like the Movie Stars: A Big-Screen Multi-Touch Network Monitor

George Louthan Research Assistant, University of Tulsa
Cody Pollet Research Assistant, University of Tulsa

You know all those movies where exaggerated nerd-types accomplish impossible hacking feats using a ridiculous, big-screen friendly, animated graphical interface where they appear to fly through the network, performing complicated tasks with the flick of their finger? You thought to yourself, "Wow, that's impractical and useless". But somewhere, deep down, some part of you thought it was pretty sweet. That's why we built one. We call it DVNE.

We'll be presenting a prototype rear-projection multi-touch interface for exploring and interacting with networks backed by a signature-based network monitor. We'll talk about the technology behind multi-touch, our network monitor, and some of the shiny but totally impractical features we're incorporating. And, assuming the airlines cooperate, we'll be running a live demo as well.

Cody Pollet is a Ph.D. student at the University of Tulsa whose research interests focus on information visualization and human-computer interaction. He received his B.S. and M.S. degrees in computer science also from the University of Tulsa. As part of his thesis work he created MoDL, a middleware system designed to simplify synthesis and visualization of data in arbitrary formats.

George Louthan is a Masters student at the University of Tulsa. His research interests include network security and monitoring, enterprise security management, and lately security engineering. He has spoken recently about the role of signature-based network protocol identification in modern networks and contributed to the development of a protocol identification system nicknamed SAND.

return to top

Is your Iphone Pwned? Auditing, Attacking and Defending Mobile Devices

Kevin Mahaffey co-founder and CTO of Flexilis
John Hering co-founder of Flexilis Mobile Security
Anthony Lineberry Security Researcher

The world has never been more connected. Over a billion mobile devices ship every year, five times the number of PCs in the same period. The iPhone and Android have accelerated the mass adoption of smart devices, mobile applications, and high speed mobile networks. Meanwhile, mobile devices are now a material target: they contain sensitive personal and corporate data, access privileged networks, and routinely perform financial transactions. The question remains, how do we keep these devices safe?

Learn about how to detect vulnerabilities on mobile devices, exploitation techniques, how the security architecture of major mobile platforms work, and how to protect your mobile device(s) in the threat landscape of a constantly evolving mobile world. We'll be demonstrating a new mobile device vulnerability (we're also providing a hotfix tool) and analyzing other vulnerabilities that affect major mobile platforms, one of which is already being actively exploited in the wild. To top it off, we will be releasing our 'Sniper' mobile fuzzing framework, a tool specifically designed to fuzz mobile platforms that includes support for major file formats and protocols typically present on mobile devices.

Kevin Mahaffey Kevin Mahaffey is a co-founder and the Chief Technology Officer of Flexilis. He has previously spoken at Blackhat, DefCon, and Microsoft's BlueHat conference on security topics including RFID security, commercial surveillance, and mobile security. Kevin studied Electrical Engineering at the University of Southern California and enjoys photography, snowboarding, unit tests, clean code, and building things that make people happy.

John Hering John Hering, co-founder of Flexilis mobile security, specializes in mobile security research and development with a focus on intelligence and emerging threats. Past projects include the "BlueSniper" project, which resulted in a world-record-setting attack of a Bluetooth-enabled mobile device from a distance of over 1.12 miles. John has studied Policy, Planning, and Development at the University of Southern California and has extensive experience with information security, policy, and wireless communications technologies.

Anthony Lineberry Anthony Lineberry is a security researcher from Los Angeles who has been active in the security community for many years, specializing in reverse engineering code, researching vulnerabilities, and advanced exploitation development. He has written an open source kernel from scratch, helped with the first iPhone jailbreak, and feels uncomfortable speaking in the 3rd person. Professionally his experience includes working as a security researcher for McAfee, NeuralIQ, and currently with Flexilis. He has spoken previously at SCaLE and BlackHat.

return to top

Hacking the Wiimote and Wii Fit to Help the Disabled

Josh Marks
Rob Rehrig
Larry Aiello

People like Johnny Chung Lee have shown us that the Wiimote can be used as a bluetooth IR camera that tracks the spatial location of up to four IR LEDs. Applying this work to a new application, we have adapted the Wiimote and the Wii Fit into a low cost system to help disabled individuals to interface with a computer. By combining the movement of head mounted LEDs and measurement of weight distribution of the lower body (ie "butt-movement"), users are able to provide input gestures. The system uses the gesture recognition engine originally designed by makers of the iPhone.

Our setup can also be used by normal individuals for a heightened gaming experience. This talk will feature a live demonstration of the interface and uses of the hardware. The only question that remains is "Would you like to play a game?".

Grungy or Josh Marks, for official purposes, is a Junior Electrical Engineer at the University of Delaware. He has had experience doing research and has recently presented at Schmoocon V about low cost systems engineering. However, he is a rather confused Electrical Engineer who can be found breaking various electronics around the lab while trying to hack them together or creating flashy new light displays, but secretly dreaming about steam boilers, reactors, and biology at night. Someday he wishes to combine Electrical Engineering and power generation methods to develop efficient and interesting applications for current and future technological energy needs.

Rob 'roB3AR' Rehrig is an electrical engineering student at the University of Delaware. He wants to go to grad school after he graduates from UD and take more of a focus on acoustical engineering so that one day he will be able to start his own sound equipment company. Rob has been interested in acoustics ever since he got his first tape player when he was little. Other interests of his are drawing, graphic design, running, and messing around on his computer. Rob has had previous experience working with infrared communication last winter when he helped develop a low cost personal security system with his classmates. Rob and his classmates presented their results at Shmoocon V.

is a computer engineering student at the University of Delaware. He became interested in computers when he built his own during high school to save money and still uses and upgrades it to this day. He plans to go to graduate school to earn his Masters. Other hobbies of his include weight training, skiing, and playing lots of video games. Like Josh and Rob, Larry was also on the team creating a low cost security system last winter, where he designed an algorithm that uses an infrared lighting trip system to detect if people were moving into or out of an area.

return to top

More Tricks For Defeating SSL

Moxie Marlinspike

This talk aims to pick up where SSL stripping left off. While sslstrip ultimately remains quite deadly in practice, this talk will demonstrate some new tricks for defeating SSL/TLS in places where sslstrip does not reach. Cautious users, for example, have been advised to explicitly visit https URLs or to use bookmarks in order to protect themselves from sslstrip, while other SSL/TLS based protocols such as imaps, pop3s, smtps, ssl/irc, and SSL-based VPNs never present an opportunity for stripping. This talk will outline some new tools and tricks aimed at these points of communication, ultimately providing highly effective attacks on SSL/TLS connections themselves.

Moxie Marlinspike is from the Institute For Disruptive Studies, a radical think tank for hackers and co-conspirators who seek to operate outside of both the professional sphere as well as academia. For money, he is a licensed USCG Master Mariner, and delivers yachts worldwide.

return to top

App Assessment the Metasploit Way

David Maynor

Metasploit has made life easy for penetration testers the world over but what most people don’t know is how useful it is for application assessments. If you think of Metasploit as a large collection of APIs waiting to be put to work then Metasploit becomes a powerful tool for reverse engineering, blackbox and fuzzer development, and creation of the PoC. This talk wil highlight real examples of how Metasploit doesn’t just help you to exploit vulnerabilities, it helps to find them. Examples of Metasploit in action will include creating a web proxy that can do rewriting of content on the fly, testing a DCE/RPC service, and reverse engineering a new file format. All of these examples will be done using nothing more than Metasploit and a basic knowledge of Ruby.

David Maynor is a Senior Researcher, SecureWorks. He was formerly a research engineer with the ISS Xforce R&D team where his primary responsibilities include reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread.

return to top

Advanced SQL Injection

Joseph McCray Founder of Learn Security Online

SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited.

Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible.

The key areas are:

  • IDS Evasion, Web Application Firewall Bypass
  • Privilege Escalation
  • Re-Enabling stored procedures
  • Obtaining an interactive command-shell
  • Data Exfiltration via DNS

Joseph McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.

return to top

Clobbering the Cloud

Haroon Meer Technical Director, SensePost
Marco Slaviero Cyber Fighter, SensePost
Nicholas Arvanitis Senior Security Analyst, SensePost

Cloud Computing dominates the headlines these days but like most paradigm changes this introduces new risks and new opportunities for us to consider. Some deep technical research has gone into the underlying technologies (like Virtualization) but to some extent this serves only to muddy the waters when considering the overall threat landscape. During this talk SensePost will attempt to separate fact from fiction while walking through several real-world attacks on "the cloud". The talk will focus both on attacks against the cloud and on using these platforms as attack tools for general Internet mayhem. For purposes of demonstration we will focus most of our demos and attacks against the big players...

Haroon Meer is the Technical Director of SensePost. He joined SensePost in 2001 and has not slept since his early childhood. He has co-authored several technical books on Information Security and has spoken and trained at conferences around the world (BlackHat, Defcon, DeepSec, MS-Tech-Ed, Recon, etc). He has played in most aspects of IT Security from development to deployment and currently gets his kicks from reverse engineering, application assessments and similar forms of pain.

Marco Slaviero is a SensePost Associate and finds long bios amusing.

Nicholas Arvanitis is a senior security analyst. He has spoken and trained throughout South Africa, Europe and the United States, including at prestigious events such as the Black Hat Briefings in the United States and Europe. His area of expertise is in Web application assessment, threat modelling, network security assessments and vulnerability management.

return to top

Is That You, Baby, or Just a Bridge in the Sky?

Douglas C. Merrill

Abstract to come

Douglas C. Merrill was Chief Operating Officer of New Music for EMI Records and President of EMI’s Digital Business from 2008 to 2009. In those roles, he was responsible for the operation of the new music creation business, and led all of EMI’s digital strategy, innovation, business development, supply chain and global technology activities.

Dr. Merrill served as Chief Information Officer and Vice President of Engineering of Google Inc. from 2004 to 2008 and was responsible for all billing and revenue technology and processes for Google worldwide, together with internal engineering and support worldwide. During his tenure at Google, he was involved in its groundbreaking IPO in 2004, the creation of Google Checkout, now a multi-billion dollar business, and Google’s compliance efforts. He also helped develop and implement Google's strategy and business development activity in the Middle East and sub-Saharan Africa, the two fastest growing broadband populations in the world.

Before joining Google, Merrill served as Senior Vice President of Charles Schwab and Co., Inc. At Schwab, Mr. Merrill was responsible for such functions as information security, common infrastructure, and human resources strategy and operations. He served at Price Waterhouse as a Senior Manager in the information security practice. Mr. Merrill was an Information Scientist at the RAND Corporation, where he studied information security, and technology policy topics for several US government and military clients. He has been a Director of several private companies worldwide.

Dr. Merrill holds a BA from the University of Tulsa in Social and Political Organization and both an MA and a Ph.D. in Psychology from Princeton University.

return to top

Managed Code Rootkits - Hooking into Runtime Environments

Erez Metula Application Security Department manager, 2BSecure

This presentation introduces a new concept of application level rootkit attacks on managed code environments, enabling an attacker to change the language runtime implementation, and to hide malicious code inside its core. Taking the ".NET Rootkits" concepts a step further, while covering generic methods of malware development (rootkits,backdoors,logic manipulation, etc.) for the .NET framework and Java's JVM, by changing its behavior. It includes demos of information logging, reverse shells, backdoors, encryption keys fixation, and other nasty things.

This presentation will introduce the new version of ".Net-Sploit" - a generic language modification tool, used to implement the rootkit concepts. Information about .NET modification - The Whitepaper, .NET-Sploit, and source code can be found here:


Erez is an application security researcher, specializing in secure development practices, penetration testing, code reviews, and security training for developers. He has extensive hands-on experience performing security assessments and training for worldwide organizations. He works as the manager of the application security department at 2BSecure, Israel. Erez is also a leading instructor for many information security trainings. He is a constant speaker at security conferences, and had previously talked at BlackHat, CanSecWest, OWASP and more. He holds a CISSP certification and is toward graduation of Msc in computer science.

return to top

Subverting the World Of Warcraft API

Christopher Mooney Software Engineer, Project DoD Inc.
James Luedke Software Engineer, Project DoD Inc.

The authors will demonstrate how to work within the World of Warcraft API framework to re-enable the features of protected and disabled functions. They will explain their library and how to use it to get around the restrictions on programmatically casting spells, targeting, moving, and performing those actions in response to UI events. What's more, they will use this library to do a live demonstration of this code autonomously playing battlegrounds. This talk will include a description of how their library works with example source, how you can download and use the code, and how to get involved with the community developing this code. All tools will be released the day of the talk, and source will be release under the GPL3 license. In true DEF CON fashion the authors will talk about the problem they were trying to solve, demonstrate the break on the security system, demonstrate the code in action, and release the tools. If you're a hacker, you're going to love this talk. If you're a developer, you're going to love this talk. If you're a gamer, your going to love this talk. If you're a hacker, a developer, and a gamer, you cannot afford to miss this.

Christopher Mooney is a software engineer that works in the high performance and high availability problem space. He has a B.S. in Computer Science and a minor in Mathematics at the University of Southern Maine. He is a key contributor on Project DoD Inc., a 501(c)(3) charitable technology nonprofit, where he works on systems engineering. He has always been interested in computer security problems, and has focused a good deal of time on cryptology and computer security research. To find out more information about Christopher Mooney you can visit his web page at: https://chris.dod.net/.

In 2005 Chris picked up a copy of World of Warcraft as a way to blow off some steam and keep in touch with long distance friends. He was instantly mesmerized by the rich API Blizzard provided, and went on to write some small addons that would later snowball into tens of thousands of lines of code. He played the game on and off for years in his spare time, all the while working with James Luedke to create some interesting autonomous agent code, and some heuristic spell casting functions for various classes. When a great deal of this code was disabled by the 2.0 patch back in November of 2007, Chris and James started working on a library that would restore the games original functionality. That library is the feature of his 2009 DEF CON talk.

James Luedke is a professional software developer that has contributed to several open source projects including Gearman and Drizzle. He has also been a key contributor to Project DoD. A software engineer for 10+ years, his professional interests and expertise include distributed computing, high-volume messaging, and clustering. In his spare time, James has hacked on Blizzard's WoW API and co-authored the BTP library, which can be used to automate tasks and actions in the game.

return to top

Metasploit Evolved

H.D. Moore

Metasploit has continuously evolved since its inception in 2003, switching focuses, development teams, licenses, and languages as the demands of the security community changed. This talk focuses on the organizational and development changes that have taken place over the last year and where things are headed in the future. This briefly touches on the dozens of new features and technologies that have been or are currently being integrated, paving the way for more in-depth talks by the developers focused on these areas.

return to top

Meterpreter Advances

H.D. Moore

The Meteterpreter payload system is one of the most powerful features of the Metasploit Framework and the basis for many post-exploitation activities. This talk dives into the latest features of the Meterpreter as well as some advanced techniques for the creative penetration tester. Examples include keyboard, video, and audio monitoring, in-memory application backdoors, Meterpreter as a trojan, anti-goodware features, and a whole lot more.

return to top

Hacking the Next Internet

H.D. Moore

IPv6 is slowly but surely being deployed on a global scale, but most local networks already have IPv6 enabled hosts. This talk covers the basics of IPv6 host discovery, port scanning, and penetration testing, using the Metasploit Framework as the primary tool.

H.D. Moore is director of security research at BreakingPoint Systems where he leads exploit and protocol development for BreakingPoint's network test products. HD is the founder of the Metasploit Project and one of the core developers of the Metasploit Framework, the leading open-source exploit development platform. In his spare time, HD searches for new vulnerabilities, develops security tools, and contributes to open-source security projects.

return to top

Defcon Security Jam 2: The Fails Keep on Coming

David Mortman CSO in Residence, Echelon One
Rich Mogull Securosis
Dave Maynor Founder & CTO Errata Security
Larry Pesce Paul.com
Robert "RSnake" Hansen ha.ckers.org

We're baaaack. Yup that's right, some of the biggest mouths in Information Security and once again, we will show you all new of security FAIL. Our panelists will demonstrate innovative hacking techniques in naked wireless networking, GPS, intranet routing, web based applications and goats.

As CSO-in-Residence, David Mortman is responsible for Echelon One's research and analysis program. Formerly the Chief Information Security Officer for Siebel Systems, Inc., David and his team were responsible for Siebel's worldwide IT security infrastructure, both internal and external. He also worked closely with Siebel's product groups and the company's physical security team and is leading up Siebel's product security and privacy efforts. Previously, Mr. Mortman was Manager of IT Security at Network Associates, where, in addition to managing data security, he deployed and tested all of NAI's security products before they were released to customers. Before that, Mortman was a Security Engineer for Swiss Bank. A CISSP, member of USENIX/SAGE and ISSA, and an invited speaker at RSA 2002 and 2005 security conferences, Mr. Mortman has also been a panelist and speaker at RSA 2007, InfoSecurity 2003, Blackhat 2004, 2005, 2006 and 2007, Defcon 2005, 2006 and 2007 and Information Security Decisions 2007 as well. David Mortman sits on a variety of advisory boards including Qualys, Applied Identity and Reflective amongst others. He holds a BS in Chemistry from the University of Chicago.

Rich Mogull Rich is a recovering Gartner analyst that founded Securosis, an independent research firm that has a bad habit of giving everything away for free. He specializes in data security, application security, emerging security technologies, and security management. Prior to his seven years at Gartner, Rich worked as an independent consultant and web application developer, software development manager at the University of Colorado, and a systems and network administrator. He is a frequent industry speaker at events including the RSA Security Conference and DefCon, and has spoken on every continent except Antarctica (where he's happy to speak for free- assuming travel is covered). He writes about Apple as the Security Editor for TidBITS, occasionally contributes to Macworld, and frequently contributes to security publications like Dark Reading and Information Security magazine.

Prior to his technology career, Rich also worked as a security director for major events such as football games and concerts. He was once a bouncer at the age of 19, weighing about 135 lbs (wet). He's worked or volunteered as a paramedic, firefighter, ski patroller at a major resort (on a snowboard), and spent over a decade with Rocky Mountain Rescue. He currently serves as a responder on a federal disaster medicine and terrorism response team, where he mostly drives a truck and lifts heavy objects. He has a black belt, but does not play golf.

David Maynor is a founder of Errata Security and serves as the Chief Technical Officer. Mr. Maynor is responsible for day-to-day technical decisions of Errata Security and also employs a strong background in reverse engineering and exploit development to produce Hacker Eye View reports. Mr. Maynor has previously been the Senior Researcher for Secureworks and a research engineer with the ISS Xforce R&D team where his primary responsibilities included reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread. Before ISS Maynor spent the 3 years at Georgia Institute of Technology (GaTech), with the last two years as a part of the information security group as an application developer to help make the sheer size and magnitude of security incidents on campus manageable. Before that Maynor contracted with a variety of different companies in a widespread of industries ranging from digital TV development to protection of top 25 websites to security consulting and penetration testing to online banking and ISPs.

Larry Pesce (Chief Research Officer, PaulDotCom Enterprises) - In the last 13 years in the computer industry, Larry has become a jack of all trades, most recently focused on the computer security field. In addition to his industry experience, Larry is also a Security Evangelist and co-host for the PaulDotCom Security Weekly podcast at www.pauldotcom.com. Larry is also Co-Author of "Linksys WRT54G Ultimate Hacking" and Contributing author of "Using Wireshark and Ethereal" and "How to Cheat at Configuring Open Source Security Tools", all from Syngress publishing.

Mr. Hansen (CISSP) has worked for Digital Island, Exodus Communications and Cable & Wireless in varying roles from Sr. Security Architect and eventually product managing many of the managed security services product lines. He also worked at eBay as a Sr. Global Product Manager of Trust and Safety, focusing on anti-phishing, anti-DHTML malware and anti-virus strategies. Later he worked as a director of product management for Realtor.com. Robert sits on the advisory board for the Intrepidus Group, Just Thrive, previously sat on the technical advisory board of ClickForensics and currently contributes to the security strategy of several startup companies.

return to top

RAID Recovery: Recover your PORN by Sight and Sound

Scott Moulton Forensic Strategy Services, LLC. / System Specialist

This talk will focus on RAID reassembly. In both Forensics and Data Recovery it is common for there to be PORN not only in Pictures but also in Sound Files and Video Files. The goal is $100 or less, figure out how to reconstruct RAID 0 and RAID 5 arrays using the PORN on the array to help identify the correct order of the drives and the variations in the slice size. This is a demo of how to use those files to figure out the layout for the RAID and how to find the right configuration when it is unknown using PORN.

Scott Moulton is a data recovery specialist and forensic expert out of Atlanta at My Hard Drive Died where he uses his forensics experience to recover hard drives. Currently Scott Moulton is teaching classes on physically rebuilding damaged hard drives for SANS in a course titled SEC606 Forensic Data Recovery.

return to top

Weaponizing the Web: New Attacks on User-generated Content

Shawn Moyer
Nathan Hamiel

Ultimately, basing the value proposition of your site on user-generated and external content is a kind of variant on Russian Roulette, where in every turn the gun is pointed at your head, regardless of the number of players. You may win most of the time, but eventually a bullet is going to find its way into the chamber with your name on it.

We spent some time last year looking at this problem as it related specifically to Social Networks, but that left a lot of the territory unexplored. This time around we'll be talking about a previously unnoticed attack vector for lots and lots of web applications with user-generated content, and releasing a handy tool to exploit it. Bundled in are some thoughts on Web 2.0 attack surface, a few new exploitation techniques, and as in last year, a hefty helping of lulz, ridicule, and demos-of-shame at the expense of a few of your and (our) favorite sites.

Dr. Shawn Moyer's best work remains, by definition, undocumented. Some claim he is one of the unseen architects of both Iraq Wars, while others pay no credence to this rumor, based on reports that he has been heading a covert Psychological Warfare operation in Cyprus at the behest of the Greek government for much of the past 15 years.

His involvement in the poisoning of Victor Yushenko is largely conjecture, but records do show that he was at the same restaurant on the night in question and sent his Borscht back, untouched. He unquestionably is the owner of a Spetznaz-issue Vostok watch, and a handlebar mustache that fits several witness descriptions.

Still, the larger questions remain... Why did Dr. Moyer abruptly change his travel plans for Flight 93? Why was he spotted near the Book Depository, carrying what appeared to be a box of 6.5mm shells? Why is his testimony conspicuously absent from all records of the Warren Commission? And most of all, why is he currently listed as a Principal Security Consultant with FishNet Security's Assessment Practice?

"Nathan Hamiel" (not his real name) dropped out of High School to work as a deckhand on an oil tanker in the Sargasso Sea. On its maiden voyage, the tanker "The Lady Nikita" was caught in a freak So'Wester that swamped its engines and damaged the electrical systems. Hopelessly lost and without radio or navigation, the crew ran aground somewhere near the coast of French Guyana.

Relying on natural language and negotiation skills, "Nathan" bartered several of his crew members into slavery for safe passage overland to Caracas. Once, there he found work as a night janitor in the Miraflores palace during the Perez regime. When the junta came, he was forced to flee by night as a suspected American spy. To this day people are still unsure just how deep his ties are with the CIA.

From there, "Nathan" fled overland through Panama, where he secured passage to Florida on a forged diplomatic passport. He still resides there today, posing as a Senior Consultant of impeccable credentials with Idea Information Security and an Associate Professor for University of Advancing Technology.

return to top

Slight of Mind: Magic and Social Engineering

Mike Murray Foreground Security, VP- Security Services
Tyler Reguly nCircle Network Security, Sr. Security Research Engineer

Magicians are the ultimate social engineers; they take something completely untrue and make it believable to an audience sometimes numbering in the millions. In a presentation befitting the Vegas audience, three security professionals who study magic and social engineering will present a combination of entertainment and lecture that will teach the audience some of the themes of stage magic that can be applied to social engineering engagements.

Mike Murray has spent more than a decade helping companies large and small to protect their information by understanding their vulnerability posture from the perspective of an attacker. From his work in the late 90's as a penetration tester and vulnerability researcher to leadership positions at nCircle, Neohapsis and Liberty Mutual Insurance Group, his focus has always been on using vulnerability assessment through penetration testing and social engineering to proactively defend organizations. Mike is currently in charge of penetration testing and training at Foreground Security, where he leads engagements to help corporate and government customers understand their security organization . He is also in charge of the advanced curriculum of The Hacker Academy, where he trains security professionals on the newest methods of computer penetration testing and social engineering to help them better protect their organizations. Mike has a variety of other diverse interests: he leads Michael Murray and Associates, where he and his team work with organizations to assist them with their human systems, from their organizational design and efficiency to the career paths and development of their individuals. Mike's thoughts on security can be found on his blog at Episteme.ca, and his work on helping build careers can be found at InfoSecLeaders.com and ConnectedCareer.com.

Tyler Reguly is a Sr. Security Research Engineer with nCircle, the leading provider of automated security and compliance auditing solutions. At nCircle, Tyler is a key member of nCircle VERT (Vulnerability and Exposure Research Team) where he focuses on web application security and vulnerability detection and has lent his expertise on various projects that include reverse engineering and OS X vulnerability detection. Tyler is involved in industry initiatives such as CVSS-SIG and WASSEC and has spoken at security events including Toronto Area Security Klatch (TASK) and OWASP Toronto. Additionally, he has contributed to the Computer Systems Technology curriculum at Fanshawe College in London, Ontario by developing a security course entitled "Hacker Techniques & Exploits - Advanced". Tyler is frequently quoted in industry trade press and is a prolific blogger.

return to top

Hacking Sleep: How to Build Your Very Own Sleep Lab

Ne0nRa1n Researcher
Keith Biddulph Researcher

What is sleep? What happens when we don't get enough of it? Can it be hacked? Now that electronics are cheaper and more portable than ever before, a new generation of hackers have found themselves with the ability to build their own machines to measure and analyze the human body in ways only available to universities and hospitals in the past. This presentation will cover some current theories on the science of sleep and sleep disorders, as well as explain how to build your own home-brew sleep lab and read the data that you'll collect from it.

Ne0nRa1n is nothing more than a girl of dubious credentials who has a flare for presenting pseudo-scientific evidence with hopes of trying to redefine our current concept of reality, one brain at a time.

Keith Biddulph has been a tinkerer at heart from a very early age. Whether dealing with software or hardware, he has a passion for understanding how any gadget, program, or complicated system works from the ground up. Keith received his Bachelors degree in Computer Engineering at Oregon State University and works for a software company in Waterloo, Ontario.

return to top

Advancing Video Application Attacks with Video Interception, Recording, and Replay

Jason Ostrom Director, VIPER Lab Sipera Systems, Inc.
Arjun Sambamoorthy Research Engineer, Sipera Systems, Inc.

New video applications promise many exciting cost-saving benefits, but they also bring with them a host of security challenges and vulnerabilities. This session applies existing techniques for VoIP eavesdropping towards next generation attacks against Unified Communication technologies, such as intercepting and recording private video conferences, IP video surveillance systems, and other video collaboration technology. This presentation will focus primarily on informative and insightful live demos that show targeted video attacks and issues that put video application traffic at risk. We will focus on the following:

  • First public demonstration of a new version of UCSniff - 3.0, a Windows port of the code, with enhanced video eavesdropping features. UCSniff 3.0 will be publicly released as a free assessment tool that will enable security professionals to more rapidly remediate video based vulnerabilities.
  • A new version of a second free assessment too, "VideoJak," with two new video exploits. We will demonstrate the ability to target a video session display with a user-selected video clip that is played against a targeted video phone. Next, a previously captured, "safe" video stream will be played against a targeted phone in a loop. This has exciting ramifications for IP video surveillance and security systems that monitor a room for activity and display to the user as a video application.
  • A new free assessment tool, videosnarf, which takes an offline pcap as input, and outputs any detected video streams into separate avi video files. This is useful for capturing video sessions with other tools (ettercap, wireshark) and being able to play them at an attacker's leisure.
  • A surprise tip that we have learned through VoIP pentesting of production enterprise networks. This trick enhances one's ability to target specific VoIP users clandestinely. Other VoIP goodness may follow this.

Note that all the tools to be demonstrated are open source, available to the security community at large and that we do not distribute them in any commercial way.

Jason Ostrom, CCIE #15239, is Director of Sipera VIPER (Voice over IP Exploit Research) Lab. He is a graduate of the University of Michigan, Ann Arbor and author of the "VoIP Hopper" assessment tool. Ostrom has over 12 years experience in technology fields such as network infrastructure, programming, and penetration testing.

Arjun Sambamoorthy is a Vulnerability Research Engineer in the Sipera VIPER Lab. He is a graduate of University of Texas, Dallas, and a key developer and co-author of the UCSniff tool.

return to top

RFID MythBusting

Chris Paget Founder, H4RDW4RE LLC

This presentation is about challenging many of the popular preconceptions about RFID technology. "Short-range" will be shot down first (I'm aiming to set a half-mile world record in the Nevada desert just before Defcon), "secure" will be busted second (don't bring _any_ RFID tags unless you want them cloned), "immune to electromagnetic pulse weaponry" will fall last (and hopefully most spectacularly). I'll be covering a wide range of different RFID technologies from 125KHz to 900MHz, and releasing a whole pile of source code, schematics, and (with luck) a little magic smoke.

Undeterred by his previous legal skirmishes, Chris Paget is still having fun playing with magnetic fields and RFID. If you see a tall guy wandering around the con with long hair, high heels, and a pile of home-made RF hardware, there's a good chance that a) it's him, and b) your RFID cards have just been cloned.

return to top

Malware Freak Show

Nicholas J. Percoco Vice President of SpiderLabs, Trustwave
Jibran Ilyas Senior Forensic Investigator, SpiderLabs, Trustwave

We see a lot of compromised environments every year. In 2008 alone, we performed full forensic investigations on over 150 different environments ranging from financial institutions, hotels, restaurants and even some casinos not too far from DEF CON. This presentation will show the inner workings of three very interesting pieces of malware, ranging from somewhat simple to very complex. Each sample was actually used to steal confidential data that resulted in significant fraud and business loss for the organizations we found them at. Many of the pieces of malware we have been running across are very advanced pieces of software written by very skilled developers. The complexity in their propagation, control channels, and data exporting properties will be very interesting to anyone interested in this topic.

Nicholas J. Percoco is the head of SpiderLabs -- the advanced security team at Trustwave that has performed more than 500 cyber forensic investigations globally, thousands of ethical hacking and application security tests. He has more than 14 years of information security experience. Nicholas acts as the lead security advisor to many of Trustwave's premier clients by assisting them in making strategic decisions around various security and compliance regimes. As a speaker, he has provided unique insight around security breaches and trends to public and private audiences throughout North America, South America, Europe, and Asia. Prior to Trustwave, Nicholas ran security consulting practices at both VeriSign and Internet Security Systems.

Jibran Ilyas is a Senior Forensic Investigator at Trustwave's SpiderLabs. He has investigated some of nations largest data breaches and is a regular contributor for Visa's published security alerts through his white papers. In his past roles, he has been involved in Intrusion Detection Systems and Firewall deployments and setting up Security Operations Centers for Fortune 500 companies. His research interests include reverse engineering and anti-forensics. Jibran recently earned his degree from the Graduate MIS program at Northwestern University.

return to top

Search And Seizure Explained - They Took My Laptop!

Tyler Pitchford, Esq. C.T.O. - Digome, LLC.

An overview of recent developments surrounding the Fourth and Fifth Amendments of the United States Constitution and their impact upon privacy conscious computer professionals. The presentation includes discussions on the United States Constitution, Federal Statutes, Administrative decisions, and, most importantly, the case laws that interpret and define the Fourth Amendment and Fifth Amendments. Special attention is given to topics affecting computer professionals, including border crossings, foreign nationals, encryption, forced disclosures, the Crist decision, and the Boucher decisions.

Tyler Pitchford, Esq. holds degrees in Software Architecture from New College of Florida and a Juris Doctor from the Stetson University College of Law. He co-founded the Azureus Bittorrent client in 2003 and currently works as CTO for Digome, LLC in Nashville, TN. His work experience includes the Florida State Attorney's office, the United States District Court for the Middle District of Florida, and the Florida Supreme Court. Tyler has previously presented at PhreakNic, Outerz0ne, and Shmoocon. Additionally, he has taught several courses on computer programming and security throughout the years.

return to top

Fragging Game Servers

Bruce Potter Founder - The Shmoo Group
Logan Lodge TFT Ninja

Every day, security professionals do battle the trenches; good vs. evil, whitehats vs. blackhats, our network vs their l337 tools. And what do we do to unwind after work? For many of us, it's doing battle in the trenches with terrorists, Nazi's, and that pesky Blue team that keeps stealing our intelligence.

Video games are a multi-billion dollar industry that rivals the movie industry in size. And recently, many games have taken a decidedly online tone. People from all over the world meet up on servers every day to meet, frag, and respawn into the wee hours of the morning. But what about the security of these servers? How secure are they, and how does the underlying integrity of these servers effect you and your ability to blow up other players?

From hardware interaction to network protocols, this talk will present the inner workings of the Source Dedicated Server (used for games such as Left4Dead and Team Fortress 2). This talk will discuss some of the weaknesses in these game engines and ways they are exploited in the wild. A tool designed to dissect and analyze client/server communications will be released during the talk. We'll also provide some pragmatic advice for deploying game servers and release a white paper describing a secure configuration guidelines for the Source Dedicated Server.

Bruce Potter is the founder of the Shmoo Group of security, crypto, and privacy professionals. He is also the co-founder and CTO of Ponte Technologies, a company focused on developing and deploying advanced IT defensive technologies. His areas of expertise include wireless security, network analysis, trusted computing, pirate songs, reusing bios, and restoring hopeless vehicles. Mr. Potter has co-authored several books and writes monthly articles for "Network Security".

Logan Lodge is a TF2 ninja. His rocket jumping skills help him reign death from above on unsuspecting noobs. When he's not busy fragging, Logan is a software developer with an overwhelming love of python and all things AMD. Logan has mad traffic analysis foo and prefers Postgres to MySQL.

return to top

Smashing the Stack with Hydra: The Many Heads of Advanced Polymorphic Shellcode

Pratap Prabhu Research Assistant, Columbia University
Yingbo Song Research Assistant, Columbia University
Salvatore. J. Stolfo Professor of Computer Science, Columbia University

Recent work on the analysis of polymorphic shellcode engines suggests that modern obfuscation methods would soon eliminate the usefulness of signature-based network intrusion detection methods and supports growing views that the new generation of shellcode cannot be accurately and efficiently represented by the string signatures which current IDS and AV scanners rely upon. In this presentation, we expand on this area of study by demonstrating never before seen concepts in advanced shellcode polymorphism with a proof-of-concept engine which we call Hydra. Hydra distinguishes itself by integrating an array of obfuscation techniques, such as recursive NOP sleds and multi-layer ciphering into one system while offering multiple improvements upon existing strategies. We also introduce never before seen attack methods such as byte-splicing statistical mimicry, safe-returns with forking shellcode and syscall-time-locking. Multi-tasking shellcode with safe-returns ensures that we bypass sensors that monitor application crashes. Also, we bypass online emulators by deriving an encryption key from the OS environment -- something that is not easy to implement in an emulator. In total, Hydra simultaneously attacks signature, statistical, disassembly, behavioral and emulation-based sensors, as well as frustrates offline forensics. This engine was developed to present an updated view of the frontier of modern polymorphic shellcode and provide an effective tool for evaluation of IDS systems, Cyber test ranges and other related security technologies.

Pratap Prabhu is a Masters student at Columbia where he is working in the Intrusion Detection Systems lab. At Columbia, he has contributed to several projects including developing an advanced polymorphic engine. Prior to joining Columbia, he has had previous experience working as a technical researcher in an upcoming IDS company.

Yingbo Song is currently a PhD student at Columbia University where he works with the Intrusion Detection Systems group and the Machine Learning group. Previously, he has worked on shellcode polymorphism and machine-learning-based sensors for web-layer code injection detection.

Salvatore J. Stolfo is Professor of Computer Science at Columbia University. He received his Ph.D. from NYU Courant Institute in 1979 and has been on the faculty of Columbia ever since. He has published extensively in the areas of parallel computing, AI knowledge-based systems, data mining and most recently computer security and intrusion detection systems (see www.cs.columbia.edu/ids). His research has been supported by DARPA, NSF,ONR, NSA, CIA, IARPA, DHS and numerous companies and state agencies over the years while at Columbia.

return to top

Maximum CTF: Getting the Most Out of Capture the Flag


Among all the amazing Defcon competitions, the Capture the Flag contest reigns supreme. Psifertex will examine some of the history of CTF, focusing on the reign of terror pwnage that was the Kenshoto CTF from 2005-2008. The talk will both be technical (including rapid-fire discussions of technical challenges and solutions), and entertaining (expect guest appearances from ninjas and pirates alike). Come hear not only what skills are necessary to succeed at CTF, but how to have the most fun while doing it.

Psifertex's professional security career includes stints as a senior security engineer for a major public university, a security researcher, and he even managed to slip in a few years writing for technical magazines. Through those roles, he has taught reverse engineering, vulnerability research, and web security at multiple universities, government organizations, and conferences. After dark, he likes participating in CTF games, winning the '07 RSA "Interactive Testing Challenge", and is very grateful to be a member of the '07-'08 Defcon CTF winning team, 1@stplace.

return to top

Reverse Engineering By Crayon: Game Changing Hypervisor Based Malware Analysis and Visualization

Danny Quist CEO, Offensive Computing
Lorie M. Liebrock New Mexico Tech Computer Science Department

Recent advances in hypervisor based application profilers have changed the game of reverse engineering. These powerful tools have made it orders of magnitude easier to reverse engineer and enabled the next generation of analysis techniques. We will also present and release our tool VERA, which is an advanced code visualization and profiling tool that integrates with the Ether Xen extensions. VERA allows for high-level program monitoring, as well as low-level code analysis. Using VERA, we'll show how easy the process of unpacking armored code is, as well as identifying relevant and interesting portions of executables. VERA integrates with IDA Pro easily and helps you to annotate the executable before looking at a single assembly instruction. Initial testing with inexperienced reversers has shown that this tool provides an order of magnitude speedup compared to traditional techniques.

Danny is currently CEO and co-founder of Offensive Computing, LLC, a security vulnerability consulting company. He is a Ph.D. candidate at New Mexico Tech working on automated analysis methods for malware using software and hardware assisted techniques. He holds a patent for a network quarantine system. His research interests include reverse engineering and exploitation methods.

Lorie M. Liebrock Bio to come

return to top

Automated Malware Similarity Analysis

Daniel Raygoza DC3 / General Dynamics

While it is fairly straightforward for a malware analyst to compare two pieces of malware for code reuse, it is not a simple task to scale to thousands of pieces of code. Many existing automated approaches focus on runtime analysis and critical trait extraction through signatures, but they don't focus on code reuse. Automated code reuse detection can help malware analysts quickly identify previously analyzed code, develop links between malware and its authors, and triage large volumes of incoming data.

Daniel Raygoza is employed with General Dynamics at the Department of Defense Cyber Crime Center (DC3) Computer Forensics Laboratory (DCFL) as a Forensic Examiner, where he has worked for six years. He performs system forensics, incident response, malware analysis and reverse engineering, and R&D in support of his fellow analysts. He has presented several times at the DC3 Cyber Crime Conference, and has released several small tools for use by the forensics community.

return to top

Injecting Electromagnetic Pulses into Digital Devices

Paul F. Renda Data Security Analyst, Futurist

This talk is not about someone on the ground firing a ray gun at a jet and bringing it down, this talk is about someone on the jet injecting EMP in the wiring system of the jet and causing great problems with the aviation systems and the black box. I will define smart and dumb digital devices based to how they respond to injected pulses. The talk will have at least 10 video demos of device pulses and a video of a surge protector. The Marx generator will be explained and a mosfet charging circuit. Going green, fly by wire airplanes, robotic control trains, densely integrated systems, these are all realities of our daily environment. One problem is that all of these make our life more susceptible to an EMP disruption. Other topics covered include TWA 800, Telsa coil, Byzantine faults and the power grid. Note : Contact me if you live in the northeast and have a pole pig I can rent for 2 hours.

Paul F. Renda started his career working on IBM 360 and the PDP 11. He was an early advocate of using Hacking Software to check corporate data systems and has presented talks at the COMPUTER SECURITY INSTITUTE. Paul's articles have appeared in the Info Security magazine. In 1995 Paul, developed a defense against WAR DIALERS. His process was published in Info Security Magazine. A dialer is a program that dials a series of phone number and logs number that are connected to a modem. He is currently a computer security analyst and futurist.

return to top

Hacker vs. Disasters Large and Small: Hacker Skills for Wilderness and Disaster Survival

Michael "theprez98" Schearer

Part 1: Our hacker brains are pre-wired to find alternate uses for many devices, but most often we're "on the grid" and close to our precious electronics and high speed internet. What would happen if you find yourself stranded in the middle of nowhere, become lost during a simple daytime hike, or wake up in the midst of a natural disaster? Over the past year, I have gone to "the middle of nowhere" armed with my video camera, a la survivorman, to demonstrate how your hacker skills are largely compatible with the skills necessary to survive in the wilderness or during a natural disaster. Using demonstrations of simple techniques, some ancient and others more modern, this presentation will show you that your hacker ingenuity is well-suited to helping you survive the worst.

Part 2: Large scale emergency and disaster survival (RenderMan)
Introduction: We as hackers are a unique breed of human. We look at the world as a puzzle to solve in everything we do. We can come up with the most extraordinary solutions to problems under the most extraordinary circumstances. However though, we are the first to admit that without technology, many of us are rather useless. Do we have what it takes to think outside the box if the internet and technology suddenly went away? Society in general is becoming more and more dependent on technology, what skills are likely to be missing or forgotten in the event of a major cataclysm? Many of us could survive for short term disasters, but what about long term, society rebooting events? Could we be useful in rebuilding society by taking steps to preserve useful knowledge?

RenderMan is a Canadian born and raised hacker who spends way too much time figuring out ways of inserting electronics into treasured childhood toys. A frequent speaker at hacker and security cons around the world, he has also help author 2 books, RFID security and Kismet Hacking, both from Syngress. Consultant by trade, hacker by birth, fedora by fashion.

As co-refounder of the Church of Wifi and recent member of the NMRC, he spends his time adding to his expansive collection of con badges and thinking of new ways to subvert wireless networks and childhood memories.

Michael "theprez98" Schearer spent nearly nine years in the United States Navy as an EA-6B Prowler Electronic Countermeasures Officer. His military experience includes aerial combat missions over both Afghanistan and Iraq and 9 months on the ground doing counter-IED work with the U.S. Army. He is a graduate of the Department of Defense's Survival, Evasion, Resistance and Escape (SERE) School as well as other survival and outdoor training. Michael is a licensed amateur radio operator, an active member of the Church of WiFi, and enjoys spending time outdoors. He lives in Maryland with his wife and four children.

return to top

So You Got Arrested in Vegas...

Jim Rennie Attorney

Vegas is all fun and games until someone gets arrested. Do you know what to do if you or your buddies get thrown in the slammer? Want to get the heck out of there before its time for your flight home? If so, then this talk is for you. Come find out how much trouble you might get into while you're here. Find out the locations of the local jails. Understand the process of being taken into custody and bailing out again. Pick up a handy card that has valuable contact information should someone spend the night in the slammer! Sure, you may laugh now, but just wait until you're in the holding tank with 10 other DefCon attendees.

Jim Rennie currently practices criminal defense law in Las Vegas. Prior to that, Jim had geekier jobs involving code, but that was a while ago now. Jim has been attending DefCon for the past 10 years, which makes him feel old, but not oldschool. Jim previously gave a talk at DefCon about Creative Commons licensing.

return to top

0-day, gh0stnet and the inside story of the Adobe JBIG2 vulnerability

Matt Richard Malicious Code Researcher, Raytheon
Steven Adair Researcher, Shadowserver

This talk is the story of 0-day PDF attacks, the now famous gh0stnet ring and the disclosure debacle of the Adobe JBIG2 vulnerability in January and February 2009. This is the story of international cyber-espionage using 0-days and the fierce debate over how to defend networks in the face of prolonged periods of exposure to unpatched vulnerabilities.

We seek to answer the following questions in this talk:

  • Who was behind the early 0-day attacks and are they the same as the gh0stnet report published in April 2009?
  • Did disclosure of the Adobe JBIG2 vulnerability have an impact on targeted attacks?
  • How effective were post-disclosure protections such as AV signatures, IDS signatures and workarounds?

Throughout the talk we dissect the 0-day artifacts and other events leading up to the partial disclosure of the JBIG2 vulnerability on February 19 by ShadowServer. Using a variety of 0day PDF samples we will analyze the 0-day attacks and attempt to correlate them to the attackers discussed in the recent paper "Tracking GhostNet: Investigating a Cyber Espionage Network".

We will also look at the partial disclosure by ShadowServer and then full disclosure on the Sourcefire blog and assess the impact on targeted attacks. We will analyze the various malicious PDF's submitted to Virustotal to determine their lineage and relationship to either the original 0day exploit and gh0stnet or new attacks that sprang up in the wake of the disclosure. The analysis tools and techniques will be shared to aid future analysis efforts.

Matt Richard is Malicious Code Operations Lead at Raytheon Corporation. At Raytheon he is responsible for analyzing and reporting on samples of unknown malicious code and other suspicious activity. Matt was previously Director of Rapid Response at iDefense. For 7 years before that, Matt created and ran a managed security service used by 130 banks and credit unions. In addition he has done independent forensic and security consulting for a number of national and global companies. Matt has written a number of tools including a web application testing tool, log management and intrusion detection application and an automated Windows forensics package. Matt currently holds the CISSP, GCIA, GCFA and GREM certifications.

Steven Adair is a security researcher with The Shadowserver Foundation and a Principal Architect at eTouch Systems. At Shadowserver Steven analyzes malware, tracks botnets, and deals with eCrime at varius levels. He frequently deals with targeted malware attacks analyzing their techniques, malware, and command and control mechanisms. Steven also blogs on the Shadowserver website about various malware incidents, 0-day vulnerabilities, politically motivated DDoS attacks, and more at www.shadowserver.org. At his day job with eTouch he supports the Cyber Threat program of a large customer providing insight, analysis, and defense in many of the same arenas.

return to top

Hackerspaces: The Legal Bases

Nicolle Neulist "RogueClown"

Hacker communities in many cities are becoming interested in starting hackerspaces. Getting together a core of talented, inquisitive, and creative people is an integral part of it, but it is also important to address the legal questions that arise. The goal of this presentation is to make anyone interested in hackerspaces aware of the most likely legal issues to arise, and to equip them to ask the right questions. The subjects discussed in the presentation include choosing an organizational structure, specific benefits and concerns that arise if a hackerspace is organized as a nonprofit, zoning and leasing issues that arise when finding a physical space, and managing liability in order to protect officers, directors, members, and guests alike.

Nicolle Neulist , "RogueClown", is an attorney licensed in the state of Illinois. She is a founding member of Pumping Station: One, Chicago's hackerspace, and has done their legal work from the ground up. When she is not navigating the jungle of legal bureaucracy, she is probably coding, singing karaoke, or getting that darn theremin to work.

return to top

The security risks of Web 2.0

David Rook

Web 2.0 technologies are changing the landscape of the Internet by delivering significant increases in the functionality of websites and providing a more interactive experience to the user. This rapid proliferation of new technologies is also accompanied by new attack vectors that hackers are eager to exploit. I will detail the security risks introduced by web 2.0 and how you can prevent them.

David Rook works as a Security Analyst for Realex Payments in Dublin. He's an author of the OWASP Code Review Guide and contributes to several other OWASP projects including the browser security framework working group. He has presented at several conferences including OWASP Ireland chapter meetings. David is a member of the OWASP Ireland board and the Irish Internet Association Web Development Working Group helping to publicize web application security within Ireland. In addition to his work with OWASP and the IIA, he has his own security website and blog which can be found here: www.securityninja.co.uk/blog. He has also had articles published in (in)secure magazine. More recently he has found security flaws in the Facebook website and provided guidance to them on how to fix the flaw.

return to top

Deblaze - A Remote Method Enumeration Tool for Flex Servers

Jon Rose Trustwave

This talk will provide a basic overview of Flash remoting and cover some of the security issues found in real-world flash applications and demonstrate a new tool for testing flash applications.

Flash applications can make request to a remote server to call server side functions, such as looking up accounts, retrieving additional data and graphics, and performing complex business operations. However, the ability to call remote methods also increases the attack surface exposed by these applications. Deblaze came about as a necessity during a few security assessments of flash based websites that made heavy use of flash remoting. I needed something to give me the ability to dig a little deeper into the technology and identify security holes. This tool will allow you to perform method enumeration and interrogation against flash remoting end points.

The latest version can be found at deblaze-tool.appspot.com

Jon Rose has close to a decade of experience performing network and application security assessments, including network penetration testing, blackbox application testing, and code reviews across a wide range of programming languages and technologies. His security expertise also includes creating enterprise security programs, providing guidance in an enterprise security architect role, and building security into organizations existing software development lifecycle. Jon currently works in Trustwave's SpiderLabs Application Security team.

return to top

Protecting Against and Investigating Insider Threats (A methodical, multi-pronged approach to protecting your organization)

Antonio "Tony" Rucci Program Director, Technical Intelligence and Security Programs, Oak Ridge National Laboratory

This presentation will focus on indicators of insider threats and how to detect them. I’ll primarily focus on specific hiring practices to minimize risk to your organization. We’ll take a deep dive look into open source searches you should be doing on the internet that may expose someone who could potentially be a liability to you and your company. I’ll talk about the importance of security awareness training and education to thwart opportunistic individuals. And Finally, we’ll wrap things up with some interesting, relevant case studies that illustrate the key indicators and what their status is today.

Antonio "Tony" Rucci With more than 25 years of counterintelligence and security experience, Tony Rucci currently serves as the Program Director, Technical Intelligence and Security Programs, Global Initiatives Directorate (GID) at the Oak Ridge National Laboratory (ORNL), Department of Energy, Oak Ridge, Tennessee. Prior to his employment with ORNL, Tony retired after serving 21 years as a United States Army Counterintelligence (CI) Warrant Officer / Special Agent, having served in a variety of leadership positions and conducted numerous counterintelligence, security and espionage investigations to protect our national interests, culminating with his final assignment as the Counterintelligence Operations Officer for the Director of Security, White House Military Office. Tony has attended several BH/Defcon events!

return to top


Adam Savage Co-Host, MythBusters

A meditation on how I've screwed things up, lost friends and clients, and learned about myself in the process.

Adam Savage has spent his life gathering skills that allow him to take what's in his brain, and make it real. He's built everything from ancient Buddhas to futuristic weapons, from spaceships to dancing vegetables, from fine art sculptures to animated chocolate -- and just about anything else you can think of.

The son of a filmmaker/painter and a psychotherapist, Adam has been making his own toys since he was allowed to hold scissors. Having held positions as a projectionist, animator, graphic designer, carpenter, interior and stage designer, toy designer, welder, scenic painter, he’s worked with every material and process he could get his hands on -- metal, paper, glass, plastic, rubber, foam, plaster, pneumatics, hydraulics, animatronics, neon, glassblowing, moldmaking and injection molding to name just a few.

Since 1993, Adam has concentrated on the special effects industry, honing his skills through more than 100 television commercials and a dozen feature films, including Star Wars Episode I: The Phantom Menace and Episode II: Attack of the Clones, Galaxy Quest, Terminator 3, A.I. and the Matrix sequels. He's also designed props and sets for Coca-Cola, Hershey's, Lexus and a host of New York and San Francisco theater companies.

Not only has he worked and consulted in the research and development division for toy companies and made several short films, but Adam has also acted in several films and commercials -- including a Charmin ad, in which he played Mr. Whipple’s stock boy, and a Billy Joel music video, "Second Wind", in which he drowns.

Today, in addition to co-hosting Discovery Channel's MYTHBUSTERS, Adam teaches advanced model making, most recently in the industrial design department at the San Francisco Academy of Art. Somehow he also finds time to devote to his own art -- his sculptures have been showcased in over 40 shows in San Francisco, New York and Charleston, West Virginia.

Look for Adam on Twitter at http://twitter.com/donttrythis.

return to top

Cloud Security in Map/Reduce

Jason Schlesinger Security Researcher

This presentation is an overview of the operations principles of Map/Reduce and Hadoop with examples of typical implementation in a business environment. It points out significant security issues that now exist and others that will certainly arise. The presentation also offers suggestions for improving security in existing installations, and presents improvements to provide security going forward.

Jason Schlesinger is a computational mathematics undergraduate student at Arizona State University. He has studied different forms of cloud computing over the former half of the year 2009. He has a history of technical support and information technology, with an emphasis on open source telephony.

return to top

Q & A with Bruce Schneier

Bruce Schneier is an internationally renowned security technologist and CTO of BT Counterpane, referred to by The Economist as a "security guru." He is the author of eight books -- including the best sellers "Beyond Fear: Thinking Sensibly about Security in an Uncertain World," "Secrets and Lies," and "Applied Cryptography" -- and hundreds of articles and academic papers. His influential newsletter, Crypto-Gram, and blog "Schneier on Security," are read by over 250,000 people. He is a prolific writer and lecturer, a frequent guest on television and radio, has testified before Congress, and is regularly quoted in the press on issues surrounding security and privacy.

return to top

Screen Scraper Tricks: Extracting Data from Difficult Websites

Michael Schrenk

Screen scrapers and data mining bots often encounter problems when extracting data from modern websites. Obstacles like AJAX discourage many bot writers from completing screen scraping projects. The good news is that you can overcome most challenges if you learn a few tricks.

This session describes the (sometimes mind numbing) roadblocks that can come between you and your ability to apply a screen scraper to a website. You'll discover simple techniques for extracting data from websites that freely employ DHTML, AJAX, complex cookie management as well as other techniques. Additionally, you will also learn how "agencies" create large scale CAPTCHA solutions.

All the tools discussed in this talk are available for free, offer complete customization and run on multiple platforms.

Michael Schrenk is a webbot developer and the author of "Webbots, Spiders, and Screen Scrapers" (2007, No Starch Press). He has also written for ComputerWorld, php|architect and Web Techniques magazines. Mike also gave presentations at DEF CON X, XI and XV. He works for a wide range of clients across North American as well as in Russia, Spain and The Netherlands. Stop by www.schrenk.com and say hello.

return to top

That Awesome Time I Was Sued For Two Billion Dollars

Jason Scott Textfiles.com

In a world where scams are now considered as commonplace as functioning websites and cell phones, it's sometimes too easy to forget the insidiousness and complicated preparation that can go into a well-honed misleading attempt to gain financially from unknowing people. It also helps if you're this side of crazy. For over a decade, Jason Scott (and a group of others) were plagued by one such artist of misdirection, and he will present an dismaying, tragic, but hilarious recounting of what he learned along the way and what you yourself might find yourself confronted with as you go about your business. The story is true, the two billion dollars was demanded but not awarded, and the case got to court. Come hear a legal yarn with a side order of fried conspiracy theory, and walk away a little wiser.

Jason Scott is a computer historian and speaker celebrating ten years at DEF CON. He runs TEXTFILES.COM, has filmed documentaries on the BBS and Text Adventures, and is the owner of the (as of this writing) most popular cat on Twitter, Sockington.

return to top

The Making of the second SQL injection Worm

Sumit Siddharth IT Security Consultant

The "turbo" talk will focus on exploiting SQL injections in web applications with oracle back-end. Mostly exploiting Oracle sql injections in web applications is considered to be restricted to extraction of data only. Oracle database does not offer hacker friendly functionalities such as openrowset or xp_cmdshell for privilege escalation and O.S code execution. Further, as web API do not support execution of multiple query in single statement, the exploitation is further restricted. The Talk will highlight attack vector to achieve privilege escalation (from Scott to SYS) and O.S code execution by exploiting Oracle SQL injections in web applications. Further, there will be demo of how a worm could target an Oracle back-end just as it targeted the SQL server applications.

Sumit "sid" Siddharth works as a senior IT security consultant for Portcullis Computer Security in the UK. He has been a speaker at many security conferences including Troopers, OWASP Appsec and IT Underground. He also runs the popular IT security blog www.notsosecure.com.

return to top

Metasploit Autopsy: Recontructing the Crime Scene

Peter Silberman
Steve Davis

Meterpreter is becoming the new frontier of malicious payloads, allowing an attacker to upload files that never touch disk, circumventing traditional forensic techniques. The stealth of meterpreter creates problems for incident responders. Such as how does a responder determine what occurred on a box exploited by meterpreter?

During this talk we discuss accessing physical memory for the purpose of acquiring a specific processes’ address space. Process address space acquisition includes DLLs, EXEs, stacks and heaps. This includes memory resident modules. We describe in detail how meterpeter operates in memory and specifically how memory looks when meterpreter scripts/commands are executed and the residue these scripts create in the exploited processes’ memory space. Finally, we tie all this knowledge together and discuss how to reconstruct a meterpreter session – completely from memory – and determine what the attacker was doing on the exploited machine.

The talk will conclude with the demonstration of a new tool, the audience will see how an attacker using meterpreter is no longer hidden from the forensic investigator, as we recreate the meterpreter session from memory.

Peter Silberman works at MANDIANT on the product development team. For a number of years, Peter has specialized in offensive and defensive kernel technologies, reverse engineering, and vulnerability discovery. He enjoys automating solutions to problems both in the domain of reverse engineering and rootkit analysis. Although he is college educated, Peter does not believe formal education should interfere with learning.

Steve Davis is a Consultant in Mandiant’s Alexandria, Virginia office. Mr. Davis specializes in exploit research and development, malware analysis, and application and network vulnerability assessments. He has developed numerous internal tools to aid in penetration tests and malware analysis. Mr. Davis has also instructed malware analysis and wireless security courses at industry standard conferences, to include Black Hat, and to private clientele.

return to top

Manipulation and Abuse of the Consumer Credit Reporting Agencies

Anonymous Speaker

This talk will present a number of loopholes and exploits against the system of consumer credit in the United States that can enable a careful attacker to hugely leverage her (or someone else's) credit report for hundreds of thousands of dollars. While the techniques outlined in this talk have been used for the personal (and legal) profit by a small community of credit hackers, these same techniques could equally be used by more nefarious persons { that is, criminals willing to break the law, engage in fraud, and make off with large sums of money. The purpose of this talk is to shed light on these exploits, to analyze them through the lens of the computer security community and to propose a number of fixes which will significantly reduce the effectiveness of the exploits, by both those with good and ill intentions.

Speaker is a Ph.D. candidate at a major US university. He studies security, privacy and technology policy. He has discovered and disclosed security flaws in applications with millions of active users, and is happy to turn his attention to more obscure, yet equally interesting financial, credit and trust exploitation techniques.

return to top

Bluetooth, Smells Like Chicken

Dominic Spill Security Researcher
Michael Ossmann Wireless Security Researcher
Mark Steward Security Researcher

Bluetooth traffic analysis is hard. Whilst most 802.11 chips support promiscuous mode, Bluetooth dongles cannot monitor all traffic due to a pseudo-random frequency hopping system. Previous attempts have recovered a small number of channels using software radio techniques but have required expensive equipment.

We will review the options available today for passive Bluetooth monitoring with an emphasis on software radio techniques. Although single channel monitoring with software radio has been demonstrated before, we will show how to extend the technique to all 79 channels and how to predict the target network's pseudo-random hopping sequence using passively collected information. We will also discuss the options available when a high end software radio device cannot be used and will show what we are currently able to achieve with off the shelf hardware for under $10. The presentation will feature live demonstrations of the current status of the gr-bluetooth project and a new release of the open source tools.

Dominic Spill is a grad student at Imperial College London. Having worked with GNU Radio and Bluetooth security for his undergraduate degree, he released his work to the community in 2007 and continues to actively participate in the gr-bluetooth project. His current research focus is reconfigurable hardware solutions for SDR applications.

Michael Ossmann is a wireless security researcher for the Institute for Telecommunication Sciences at the U.S. Department of Commerce Boulder Laboratories in Colorado. He currently develops software radio tools for security research both as a hobby and for his day job.

Mark Steward began investigating Bluetooth sniffing for his masters project at University College London, and has spent the last year as a sysadmin for the Royal Academy of Dramatic Art. He speaks four dead languages, including assembler.

return to top

"I Am Walking Through a City Made of Glass and I Have a Bag Full of Rocks" (Dispelling the Myths and Discussing the Facts of Global Cyber-Warfare)

Jayson E. Street CIO Stratagem 1 Solutions

<hype> There is a war being raged right now. It is being fought in your living room, in your dorm room even in your board room. The weapons are your network and computers and even though it is bytes not bullets whizzing by that does not make the casualties less real. We will follow the time line of Informational Warfare and its impact today. We will go deeper past the media hype and common misconceptions to the true facts of what's happening on the Internet landscape. You will learn how the war is fought and who is fighting and who is waiting on the sidelines for the dust to settle before they attack. </hype>

We will discuss in a logical manner what is really going on as it relates to Cyber-Warfare. The answers and the questions raised will surprise you!

Jayson E. Street Jayson is well versed in the ten domains of Information Systems security defined by the International Information Systems Security Certification Consortium ([ISC]2). He specializes in intrusion detection response, penetration testing, and auditing. He also has a working knowledge of the implementation and administration of major firewalls, vulnerability scanners, and intrusion detection systems.

He has created and conducted security awareness training for a major Internet bank and has created security policies and procedures currently used by several companies. He also created and taught a three day training course on Intrusion Detection Systems for an undisclosed government agency in Washington D.C.. He has also created and taught a workshop on ethical pen-testing with Backtrack 3 for ISSA. He also taught a two day class for Back|Track 4 for ISACA.

His consultation with the FBI and Secret Service on attempted network breaches resulted in the capture and successful prosecution of the criminals involved. In 2007 he consulted with the Secret Service on the WI-FI security posture at the White House.

He has also spoken from Belgium to Brazil and at several other colleges and organizations on a variety of Information Security subjects.

He has attended XCon 2008 in Beijing, the 25th CCC in Berlin, SYSCAN '09 in Shanghai as well as PH-Neutral 0x7d9 plus he is a regular attendee at Black Hat and DEF CON.

Forbes and Scientific American interviewed him regarding his research on the issue of cyber-warfare as it relates to China and their preparedness for an online war. He was an expert witness in two cases involving the RIAA. His declaration was on Slashdot and other websites and is currently being taught as source material at a University in Massachusetts.

He is on the SANS GIAC Advisory Board as well as a mentor for SANS. He is also a current member on the board of directors for the Oklahoma "INFRAGARD". He is also Vice President for ISSA OKC and a member of the "OSVDB". Jayson is also a longtime member of the "SNOsoft" research team.

On a humorous note he was chosen as one of Time's persons of the year for 2006. ;)

return to top

Dangerous Minds: The Art of Guerrilla Data Mining

Mark Ryan Del Moral Talabis Senior Consultant, Secure-DNA Consulting

It is not a secret that in today's world, information is as valuable or maybe even more valuable that any security tool that we have out there. Information is the key. That is why the US Information Awareness Office's (IAO) motto is "scientia est potential", which means "knowledge is power". The IAO just like the CIA, FBI and others make information their business. Aside from these there are multiple military related projects like TALON,ECHELON, ADVISE, and MATRIX that are concerned with information gathering and analysis.

The goal of the Veritas Project is to model itself in the same general threat intelligence premise as the organization above but primarily based on community sharing approach and using tools, technologies, and techniques that are freely available. Often, concepts that are part of artificial intelligence, data mining, and text mining are thought to be highly complex and difficult. Don't mistake me, these concepts are indeed difficult, but there are tools out there that would facilitate the use of these techniques without having to learn all the concepts and math behind these topics. And as sir Isaac Newton once said, "If I have seen further it is by standing on the shoulders of giants".

The combination of all the techniques presented in this site is what we call "Guerrilla Data Mining". It's supposed to be fast, easy, and accessible to anyone. The techniques provides more emphasis on practicality than theory. For example, these tools and techniques presented can be used to visualize trends (e.g. security trends over time), summarize large and diverse data sets (forums, blogs, irc), find commonalities (e.g. profiles of computer criminals) gather a high level understanding of a topic (e.g. the US economy, military activities), and automatically categorize different topics to assist research (e.g. malware taxonomy).

Aside from the framework and techniques themselves, the Veritas Project hopes to present a number of current ongoing studies that uses "guerilla data mining". Ultimately, our goal is to provide as much information in how each study was done so other people can generate their own studies and share them through the project. The following studies are currently available and will be presented:

1. Computer Security Trends - This is the banner study for the Vertias Project. The study uses various clustering, text mining, and visualization techniques to track security trends based on security news and forum data. The idea is to detect different increases and changes in "chatter" on different security topics and determine which topics are related to which. For example, tracking "Credit Cards", would give you associations to Hannaford, Stolen Laptops, and Heartland. This is useful for people security researchers in order to track trends and which events are related to other events. The study is based on more than a years worth of data consisting of thousands of data items.

2. American Minds - This is a non-security implementation of the Veritas Project. The study aims to assist in understanding what is currently on the minds of people here in the US based on a mixture of text and data mining techniques. This is based on data gathered from different forums such as the Obama Townhall meeting. Current research of the Veritas Project using this data set sentiment analysis which is meant to provide a positive or negative rating which will give an indication of the mood and reaction of the people. This is currently in progress.

3. Malware Taxonomy - This research is meant to see how Artificial Intelligence techniques would classify malware. This produces a "non-standard" classification since it takes into consideration all aspects of the description given by AV vendors.

4. "Computer Criminals" - This is a profiling study of people labeled as "computer criminals". The goal of the study is find any commonalities on the actions, backgrounds of these people. This is an ongoing research. Estimated time for completion is May 20009.

5. Military Intelligence - This is a second phase of the Computer Security Trends. It will be based on the same techniques and presentation of the Computer Security Trends Study but will be based on a different data set. The objective is to track events that are of military in nature. This is an ongoing research. First batch will be available on May 1, 2009.

6. A Company Profile - This is meant as a proof-of-concept on the marketing and corporate intelligence aspects of text mining. The study was used to find out the web "fingerprint" of a security company to show what aspects of security their current business model is based on.

7. Conficker - This study was done at the eve of the April 1 Conficker bruhaha. Someone asked us to create a profile on the current news regarding Conficker. This study was fast and dirty, done in less than 15 minutes as it was meant to give just a quick overview of the Conficker worm. This illustrates the speed that this kind of analysis can be done.

8. IRC Hacker Chatter - This study was inspired by the TV show NCIS. There was a point that lead was investigating a particular terrorist and asked whether INTERPOL detected an increase in chatter concerning that particular name. Thus in the same context, we applied this same concept in detecting potential increase in high value targets and topics in an IRC chat session. As a test, we used an old and fairly popular transcript of several "hackers" chatting to see whether names and associations will appear.
For more details, a preview of these studies can be viewed in our website:


Mark Ryan Del Moral Talabis is a Senior Consultant within the Secure DNA Consulting practice. He has over eight years of experience in Information Technology (IT) security, systems analysis and design; and software and web applications development. He has extensive experience in vulnerability assessments and application penetration testing and has specialized expertise in security analysis and computer forensics. Recently, he became a founding member of the Hawaii Honeynet Project. Prior to Secure DNA Consulting, he was the lead analyst of the Philippine Honeynet Project. He was a consultant for the Asian Development Bank (ADB), a lecturer for Ateneo de Manila University and the former Director of Software Development of Slingshot Interactive, a startup internet and database consultancy firm in Manila. He has been involved in the various security analysis activities of the Honeynet Research Alliance, Leurre'Com Project, and performed Incident Handling duties for the Philippine CERT and vulnerability and penetration testing for the Asia-Pacific CERT. He is also the Community Manager for Networks and Security Section of the UNDP-APDIP International Open Source Network. He has an MS in Information Technology; Certified Information Systems Security Professional (CISSP); Certified Information Systems Auditor (CISA); a Microsoft Certified Professional (MCP); a GIAC Certified Incident Handler Certification (GCIH); a GIAC Security Essentials Certification (GSEC). He has presented in a number of conferences such as Blackhat, INFORMS International Conference, ENGAGE European Union-Southeast Asia Collaboration, ISSA, etc. He is also very active in honeynet research and has a number of published papers to his name in various peer-reviewed journals.

return to top

Binary Obfuscation from the Top-Down: Obfuscating Executables Without Writing Assembly

Sean "Frank^2" Taylor Security Engineer, Rapid7

Binary obfuscation is commonly applied in malware and by software vendors in order to frustrate the efforts of reverse engineers to understand the underlying code. A common misconception is one must be a master of assembly in order to properly obfuscate a binary. However, with knowledge of compiler optimizations and certain keywords, one can frustratingly obfuscate their binary simply by writing specifically crafted high-level code. This talk will attempt to teach an array of methods that can be employed to obfuscate a binary as it is compiled rather than afterward. Knowledge of C/C++ is the only prerequisite for this talk.

Sean Taylor is a candidate for a BS in Computer Science at Cal Poly Pomona. In his spare time he can be found trying to take apart various pieces of malware or tinkering with a personal project. He is one of the architects of TwatFS-- the Twitter file system-- created by DC949 and has helped develop other (perhaps questionable) tools for Twitter.

return to top

Hacking UFOlogy 102: The Implications of UFOs for Life, the Universe, and Everything

Richard Thieme ThiemeWorks – Speaking, Writing, Unusual and Interesting Insights

Two years ago at Def Con 15, Richard presented Hacking UFOlogy. He supported his contention that (1) UFOs are real and (2) the data to support that statement is voluminous with numerous references and links which he encouraged others to explore in good old try-it-and-see hacker fashion. Who better than hackers to have open minds, a willingness to try new things, an ability to look deeply into systems, including systems of thought, to see how machinery can be made to do things its own inventors don’t know.

Thieme builds on the foundation of that prior talk.

The core of this presentation is his belief that while economies and nation states come and go, the cosmos, like the Dude, abides, and the single most important event in the 21^st century will be the realization – not the speculation, not the movie, webisode, or tweet – but the full awareness that we are not alone in the universe ... and not the top of the food chain. We will know that as we know that space travel, dismissed by the Royal Astronomer as “utter bilge” in 1956, the year before Sputnik, is simply a fact.

Richard will draw on conversations with engineers, scientists, NASA personnel, aviation professionals and serious researchers over a period of thirty years.

Serious researchers? Like who?

Brad Sparks, for example. Brad discovered that the CIA concluded before the Robertson Panel in 1952 that UFO's were extraterrestrial. This was confirmed by the CIA director and deputy director of its Office of Scientific Intelligence. Brad also carried out a systematic investigation of the CIA's UFO activities, which included interviewing some 100 CIA Directors, Deputy Directors, Assistant Directors, and various intelligence officials of the CIA, NSA, DIA, Air Force and Naval Intelligence and other agencies, since 1975. He has reviewed 100,000's of pages of declassified CIA, NSA, AF, Army, Navy and other agency documents on UFO's and agency background histories in the course of his research and is reconstructing the full history of the U.S. Intelligence Community involvement with UFO's. Brad uncovered the important fact that the AF made a milestone policy decision on July 28,1952, to discount and/or reject anecdotal UFO reports and to henceforth stress instrumented and technical UFO detections and sightings, and he believes this is the watershed event in all of governmental history in UFO studies.

Brad is one. Michael Swords is another. Jerry Clark is another. There are more, they are rock solid, and their work is not trivial or frivolous.

These are formerly hidden members of a no-longer-invisible college who have been compelled by disinformation campaigns to color outside the lines of orthodox research, while that research nevertheless took place under cover of other activities. Thieme will illuminate why this is not a “conspiracy theory” but simply how things are done and have been done since 1945.

Fascinating documents will be provided. Entertaining stories will be told. Research will be documented. All will point toward a conclusion identical to the hypothesis: the single most important event in this century will be the realization that we are not alone in the universe. Human history must be remythologized. The system must be rewired.

Who better than hackers to think about these things?

Richard Thieme (www.thiemeworks.com) is an author and professional speaker focused on the deeper implications of technology, religion, and science for twenty-first century life.

Thieme's creative use of the Internet to reach global markets has earned accolades around the world. He is a member of the “cyber avant-garde,” according to CNN … "a prominent American techno-philosopher" according to LAN Magazine (Australia) ... “a father figure for online culture,” according to the (London) Sunday Telegraph ... "a keen observer of hacker attitudes and behaviors" according to/ Le Monde/ (Paris) ... "one of the most creative minds of the digital generation" according to the editors of/ CTHEORY /and /Digital Delirium /and .../ /"an online pundit of hacker culture" according to the L A Times ... and “extremely subtle and deep” according to the Linux Journal.

Thieme has spoken eleven times for Def Con and served as speaker and panelist numerous times for the Black Hat Briefings. He has also spoken for Toor Con, PumpCon, Interz0ne West, SecurityOPUS, Xmas Con (New Orleans 2600), RubiCon, HiverCon (Dublin), ShmooCon, NotaCon and RootFest. He keynoted AUSCERT in Brisbane, Australia in 2005 and 2006 and closed that conference in 2007. He keynoted govcert in The Hague in 2007. He keynoted Wireless Australia 2006 and the ID Management Summit 2006 in Sydney. He keynoted Microsoft Tech Ed in Israel in consecutive years and shared the keynote platform at MIS InfoSecWorld with Bob Woodward and NBC’s Roger Cressey. In 2007 he keynoted conferences in Auckland and Wellington NZ and was invited to return to keynote a security conference in Wellington in 2009. He keynoted IT Defense in Berlin in February 2009. He has been invited in addition to speak in Oslo, London, Riyadh, Dubai, Singapore and Beijing.

At DefCon VIII, he moderated a panel that included the Assistant Secretary of Defense, Dir. of Information and Infrastructure Assurance for DOD, and the Dir. of the Federal Computer Incident Response Team who came to “dialogue” with more than 5000 computer hackers. He was invited to moderate because, according to a National Security Agency officer, “You’re the only one in the room with the acceptance and respect of both the hacking community and the Feds.”

return to top

Hacking, Biohacking, and the Future of Humanity

Richard Thieme ThiemeWorks

I was asked in 2006 at AusCert in Australia, my second of three years of keynoting, where did I see hacking headed in the future? I described biohacking and noted that genetic engineering, neuroscience (both black and white R&D) and the availability of everything one needs for a few thousand bucks to hack the genome in a garage, all made hacking human attributes and identity the next level of the transformation of human possibility.

This talk illuminates how current and future developments in information systems, robotics, biotechnology, nanotechnology, and the colonization of the solar system through telerobotic and human exploration, all suggest ways human identity will be hacked and enhanced. The evolution of post-human identity is in our hands. This talk sounds like science fiction but isn’t. It delivers profound insights into the next chapter of human civilization.

Richard Thieme (www.thiemeworks.com) is an author and professional speaker focused on the deeper implications of technology, religion, and science for twenty-first century life.

return to top

PLA Information Warfare Development Timeline and Nodal Analysis

TK234 Analyst

The development timeline is consistent with the broad contours of China's current IW theory. It showed clearly the footprints of China's common war preparation patterns and People's war concept. For China, IW is a People's War, beyond simple "hacking," and is a long-term strategy that considered a necessary component for total war preparation. China has thus integrated IW units at multiple layers into the civilian and national emergency infrastructure. Also, ten years of practicing suggests that China has developed a mature understanding of IW and methodology, which it is able to quickly deploy and duplicate.

is a member of the All Source Intelligence Group that focuses on cyber threats from nations, states, hacker groups and new technologies. He worked as a project manager in Ultra Sonic Laser and Handheld Laser. Prior this, he worked in "Green Mars" and "Alice, Talking Robot" projects. He graduated in 2003 with a M.S in Computer Engineering of Artificial Intelligent track. TK234 has vast of knowledge in Artificial Intelligent, Laser, Wireless Sensor and Cyber Intrusion.

return to top

Invisible Access: Electronic Access Control, Audit Trails and "High Security"

Marc Weber Tobias Investigative Attorney and Security Specialist, Security.org
Matt Fiddler Security Specialist, Security.org
Tobias Bluzmanis Security Specialist, Security.org

This presentation will include a detailed review regarding the protection of high security facilities, including airports and aircraft, power transmission facilities, and data center rooms. The emphasis will be on liability and security issues that may result from an undue reliance on certain high security locking systems and the resulting Audit Logs that may not even exist. We will discuss a number of misconceptions and why these facilities may be at risk, even with some of the most sophisticated physical and electronic access control hardware and software.

Specific problems inherent in conventional locking hardware will be the primary focus, together with an analysis of high security mechanical locks and electronic access control systems produced by many of the Assa Abloy companies. These technologies include the Cliq, Logic, and NexGen among others. The representations of certain manufacturers will be analyzed, and potential vulnerabilities in these high-tech systems will be explored, together with the liability that may flow to users if these systems are circumvented.

Since the publication of OPEN IN THIRTY SECONDS , which details the compromise of Medeco high security locks (2008), intensive research has been on-going in the U.S. and Europe regarding the security of different electronic access control systems.

Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He is the principal attorney for Investigative Law Offices, P.C. and as part of his practice represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. Marc and his associates also conduct technical fraud investigations and deal with related legal issues.

Marc has authored five police textbooks, including Locks, Safes, and Security, which is recognized as a primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book (LSS+) is also available online.

Marc has written extensively about the security vulnerabilities of products and has appeared in numerous television and radio interviews and news reports as well as magazine articles during the past thirty years. He is a member of several professional organizations including the American Bar Association (ABA, American Society for Industrial Security (ASIS), Associated Locksmiths of America (ALOA), Association of Firearms and Tool mark Examiners (AFTE), American Polygraph Association (APA) and the American Police Polygraph Association (APPA).

Matt Fiddler is a certified and registered locksmith and Information Security Professional with over 16 years of experience. Currently he the Director of International Information Protection for a large financial services organization. Mr. Fiddler's research into lock bypass techniques have resulted in many public and private disclosures of critical lock design flaws. Mr. Fiddler began his career as an Intelligence Analyst with the United States Marine Corps. Since joining the commercial sector in 1992, he has spent the last 16 years enhancing his extensive expertise in the area of Unix and Network Engineering, Security Consulting, Computer Forensics and Intrusion Analysis.

Tobias Bluzmanis Born in Caracas, Venezuela, Tobias came to the United States in 1995 and was granted citizenship in 2000. He has been a professional locksmith for the past 20 years. Tobias is an expert in Covert Methods of Entry and has developed many unique forms of bypass, custom tools, including a decoder for Medeco locks, which was the impetus for the book "Open in Thirty Seconds".

return to top

Metasploit Goes Web

Efrain Torres Metasploit Team

This topic will present and discuss the new Metasploit plugin for web exploitation and assessment. WMAP is part of the Metasploit framework and it is build with a different approach compared to other open source alternatives and commercial scanners. WMAP is not build around any browser or spider for data capture and manipulation and as test modules are implemented as auxiliary modules they can interact with any other MSF components including the database, exploits and plugins. Forget about this being another scanner, think of it as new building blocks for massive pwnage that crosses protocol boundaries.

Efrain 'ET' Torres is a Colombian security researcher that likes to break web applications and dislikes security certifications. Efrain currently works for one of the Big 4's IT Advisory practice in Houston, TX. Prior to coming to the US (5 years ago) he was an independent security consultant while trying to figure it out how to graduate from college.

return to top

Good Vibrations: Hacking Motion Sickness on the Cheap

Tottenkoph consultant, crypto-fiend, hacker, and awesome chix0r

Motion sickness has been an issue since man learned how to travel by means other than by foot, with the earliest recorded cases dating back to ancient Greece.

Although the problem has existed for such a long time, there has been no documented case of a cure for all forms and severities of motion sickness and the most common way to relieve people of the symptoms that go along with motion sickness involve taking drugs. In this presentation, Tottenkoph will give an overview of what causes motion sickness as well as introduce a set of devices that will help lessen the severity of the symptoms that can be made easily.

Tottenkoph: consultant, crypto-fiend, hacker, and awesome chix0r. She started with hardware modding and PC repair stuff until the wonderful world of cryptography and open networks was stumbled upon. Tottenkoph is currently doing school and projects full time.

return to top


Valsmith Attack Research, LLC., CEO
Colin Ames Security Researcher
David Kerb Security Researcher

Attackers have been increasingly using the web and client side attacks in order to steal information from victims. The remote exploit paradigm is shifting from the open port to the browser and email client. Penetration testers need to take these techniques into account in order to provide realistic tests.

In the past several years there have been numerous presentations on techniques for specific client side attacks and vulnerabilities. This talk will focus on building a phishing framework on top of Metasploit that pen testers can use to automate phishing and increase their overall capabilities. We will also cover some techniques for SpearPhishing on pen tests, second stage backdoors, and extensive communication over TOR.

Val Smith has been involved in the computer security community and industry for over ten years. He currently works as a professional security researcher on a variety of problems in the security community. He specializes in penetration testing, reverse engineering and malware research. He works on the Metasploit Project as well as other vulnerability development efforts. Most recently Valsmith founded Attack Research which is devoted to deep understanding of the mechanics of computer attack. Previously Valsmith founded a public, open source malware research project.

Colin Ames is a security researcher with Attack Research LLC where he consults for both the private and public sectors. He's currently focused on Pen testing, Exploit Development, Reverse Engineering, and Malware Analysis.

David Kerb has worked in the computer security arena for the past ten years. He has specialized in Reverse Engineering, Malware research, and penetration testing. During the past ten years he has worked with various places including Offensive Computing, a Malware Research Company. He is currently helping found Attack Research which is set up to help understand the internals of attacks. Dave Kerb has focused on *nix systems and enjoys figuring out how to abuse various trust relations between *nix systems.

return to top

Proxy Prank-o-Matic

Charlie Vedaa Founder @ PacketProtector.org
"Anonymous secondary speaker"

The Upside-Down-Ternet was just the beginning. What else can you do with a proxy server and a mischievous mind? We'll show you how to send your victims back in time (fun with archive.org), to the all-porn Internet (is there any other kind?), or to the Tourette-net (Cartman runs the Internets)! Via browser settings or port forwarding, using your Squid server or ours, you'll learn how to torment your friends in 20 fast-paced minutes.

Charlie Vedaa is a Network Architect for the FBI's CJIS Division. He is the founder of the PacketProtector project (http://packetprotector.org), an OpenWrt-based security distro for wireless routers.

The "Anonymous secondary speaker" is more l33t than you. Randomized address spaces spontaneously reorganize in his presence.

return to top

USB Attacks: Fun with Plug & 0wn

Rafael Dominguez Vega Security Researcher

How many times have you been handed a USB device and asked to copy a presentation or spreadsheet onto it? Often our biggest concern is around whether the device will be lost along with our company projections or takeover proposals. However, should we be more concerned about whether the device itself can be used to attack us and gain access to our system.

In the past USB security has often focused on the contents of the devices themselves. When considering the information that has been lost on unsecured devices it is quite understandable that this has received so much attention. However, in all this excitement have we lost perspective on where the real danger lies? If you want to know the answer to that question then you need to come along to the talk and find out.

The presentation will cover a wide range of security considerations for USB devices. However, it will specifically focus on the evolution of an attack that can be delivered through a malicious USB device. The talk will also include discussion about the methods that can be used to identify and exploit vulnerabilities in USB drivers and their advantages and disadvantages.

To highlight the reasons for conducting this research the presentation will also include the disclosure of a vulnerability affecting a USB driver in a common operating system that the audience will be very familiar with. It will also show how that can be exploited by simply plugging a malicious device into the system.

So, if you want to find out about a range of USB based attacks then come along to the talk. Afterwards you may think differently about that USB device you're just about to plug into your laptop.

Rafael Dominguez Vega works in the UK as a Penetration Tester and Security Researcher for MWR InfoSecurity. He enjoys researching into different areas of security, from embedded devices and hardware hacking to social engineering, physical security and 'weird' proprietary protocols.

return to top

Hacking with GNURadio


This presentation I will focus on the requirements for GnuRadio, cost, code, and radio technology basics. I will also present some of attacks that have been created using the GnuRadio, as well as my own research from a successful hack of a proprietary Multiple Address System (MAS) SCADA network, and a quick demo of the GnuRadio in action.

Videoman has 9+ years of experience doing computer security. He has worked for large enterprise financial institutions to secure their networks. Currently a computer security consultant, he enjoys working for NetSPI's clients to help them reduce their risks. In his spare time he and his wife run the local DefCon Group (DC612), and help to run the network at DefCon. He also likes to brew beer, and bike the many miles of pathways in Minnesota.

return to top

Cracking 400,000 Passwords, or How to Explain to Your Roommate why the Power Bill is a Little High…

Matt Weir PhD Student, Florida State University
Professor Sudhir Aggarwal Florida State University

Remember when phpbb.com was hacked in January and over 300,000 usernames and passwords were disclosed? Don't worry though, the hacker only tried to crack a third of them, (dealing with big password lists is a pain), and of those he/she only broke 24%. Of course the cracked password weren't very surprising. Yes, we already know people use "password123". What's interesting though is figuring out what the other 76% of the users were doing. In this talk I'll discuss some of my experiences cracking passwords, from dealing with large password lists, (89% of the phpbb.com list cracked so far), salted lists, (Web Hosting Talk), and individual passwords, (TrueCrypt is a pain). I'll also be releasing the tools and scripts I've developed along the way.

Matt Weir is a PhD student at Florida State University who is specializing in password cracking research. Before his journey back into academia he worked as a network security engineer for Northrop Grumman. The projects he's been a part of have ranged from providing first responders with wireless access, to assisting the Defense Department with computer forensics. Why he decided to go back to school no one knows (including him sometimes). It wasn't the pay that's for sure!

Sudhir Aggarwal has been Professor of Computer Science at Florida State University since the fall of 2002 where he directs the E-Crime Investigative Technologies Laboratory. Previous to his current position, he was Chief Technology Officer of the Internet Content Delivery and Distribution business unit of Lucent Technologies where he was responsible for the architecture, portfolio, and development of the Imminet product line. Dr. Aggarwal’s current research interests are in building software tools and systems that support cybersecurity and digital forensics. He is also interested in computer and communication networks where he has investigated infrastructures for network games and techniques for building efficient overlay networks.

return to top

Hacking WITH the iPod Touch

Thomas Wilhelm Sr. Network & Information Security Engineer; Adjunct Processor

There has been plenty of news about hacking into the iPod Touch, but what about using the iTouch as a hacking platform? This talk will discuss how to convert the iTouch into a PenTest device, describe available tools, and talk about potential uses for the iTouch as a social engineering tool to provide unauthorized access within a target network. We will also see real-world examples of the device in action against vulnerable systems.

Thomas Wilhelm: Currently employed in a Fortune 20 company performing penetration testing and risk assessments, Thomas has spent over 15 years in the Information System career field, and has received the following certifications: ISSMP, CISSP, SCSECA, SCNA, SCSA, IEM, IAM. Thomas is currently a PhD student, and is the founder of the De-ICE.net PenTest LiveCD project. Thomas has written for Hakin9 magazine, and has been published in multiple books, including: Professional Penetration Testing (to be released this year), Penetration Tester's Open Source Toolkit, Volume 2; Metasploit Toolkit for Penetration Testing; and Netcat Toolkit, all available through Syngress Publishing.

return to top

Cross Site Scripting Anonymous Browser 2.0

Jeff Yestrumskas Security Researcher
Matt Flick Principal at FYRM Associates

Cross Site Scripting Anonymous Browser, Version 2.0 Earlier this year, the Cross-site Scripting Anonymous Browser ("XAB") was presented as a new perspective on how we could extend the functionality of browser technologies, form dynamic botnets for browsing, and create an unpronounceable acronym all at once. We continue the madness with the second incarnation of the XAB framework.

XAB hasn't really revolutionized attacks or defenses in its short lifespan, nor is it great at factoring primes. However, it has opened the minds of a few by demonstrating an interesting way to combine unlike ideas and creating a new animal all of it's own. Think of it as forced social networking, without ever really knowing whom you're talking to, or what they're saying.

We will provide a brief review of the technology, pour over the trials and tribulations of the enhancements and additions of the past 6 months, provide a live demonstration of the improvements and continue the conversation about the future of the framework.

Jeff Yestrumskas is in charge of information security for an international application service provider, but still enjoys getting his hands dirty. His professional background spanning over a decade includes forensics, leading penetration tests, application security services and teaching others to do the same.

Matt Flick For more than 9 years, Matt Flick has developed his career in the information security industry, with expertise in application security and other areas within information security management, services, and auditing. Matt has worked with both commercial and federal government clients to help plan, develop, and assess their information security programs. Matt is currently a Principal with FYRM Associates Inc., an information security professional services organization, and a member of OWASP DC, ISACA and ISSA. Mr. Flick has previously presented at Blackhat DC 2009.

return to top

Doppelganger: The Web's Evil Twin

Edward Zaborowski Senior Security Engineer, Apptis

Users and administrators alike surf the web assuming that, for the most part, what they are looking at is what the website served to their browser; however, an attacker can deploy a malicious proxy, altering responses and requests, as well as potentially stealing sensitive data, all without a user being aware.

In this presentation I will discuss some of the attacks that a hacker can use when deploying a malicious proxy. Additionally, I will discuss Doppelganger, a tool that I've written to expedite some of the discussed techniques, its current capabilities, future additions, and more.

Edward Zaborowski started working in the computer security field when he enlisted in the US Air Force. During his enlistment he had the opportunity to help provide a wide array of security services such as intrusion detection, penetration testing, and incident response. He separated from the USAF in 2001 to continue his career in computer security and is currently working as a senior security engineer for Apptis based in Chantilly, VA.

When not he's not delving into security, he also enjoys as hobbies programming and video games (or programming video games) and can usually be found pwning or being pwned -- usually the latter -- in Call of Duty or DotA.

return to top

Criminal Charges are not pursued: Hacking PKI

Mike Zusman Intrepidus Group

From the night of Friday to Saturday at the 20 of December a new subscriber named Mike Zusman registered at the CA site. Subsequently he succeeded in overcoming the domain validation interface by validating for domains not under his control." - Critical Event Report

The last year has been a rough one for SSL PKI. Fraudulently provisioned certificates, MD5 collisions, SSL spoofing attacks, and most recently, attacks against EV SSL. The variety of these attacks shows us how big the attack surface of SSL really is. From crypto attacks to browser design flaws, attackers have choices when it comes to man-in-the-middling SSL protected web sites. This presentation covers one of these vectors: real attacks against CA web sites. While some folks look to CAs for guidance when it comes to conducting secure business on the Internet, the CAs themselves can fall victim to the same attacks consumers look to them for protection against. EV SSL is a step in the right direction, but with a heavy reliance on low-assurance domain validated SSL certificates, can we ever get SSL right?

Mike Zusman is a Senior Consultant with the Intrepidus Group. Prior to joining Intrepidus Group, Mike has held the positions of Escalation Engineer at Whale Communications (a Microsoft subsidiary), Security Program Manager at Automatic Data Processing, and lead architect & developer at a number of smaller firms. In addition to his corporate experience, Mike is an independent security researcher, and has responsibly disclosed a number of critical vulnerabilities to commercial software vendors and other third parties. He has spoken at a number of top industry events including Black Hat, CanSecWest, regional OWASP conferences, and also teaches Information Security & Penetration Testing at NYU/Polytechnic University. Mike brings 10 years of security, technology, and business experience to Intrepidus Group. He is a CISSP and an active member of the OWASP foundation.

return to top


Ask EFF: The Year in Digital Civil Liberties

Kurt Opsahl Senior Staff Attorney, Electronic Frontier Foundation
Jennifer Granick EFF Civil Liberties Director
Kevin Bankston EFF Senior Staff Attorney
Fred von Lohmann EFF Senior Staff Attorney
Marcia Hofmann EFF Staff Attorney
Peter Eckersley EFF Staff Technologist

Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation's premiere digital civil liberties group fighting for freedom and privacy in the computer age. This session will include updates on current EFF issues such as NSA wiretapping and fighting efforts to use intellectual property claims to shut down free speech and halt innovation, highlighting our open government efforts with documents obtained through the Freedom of Information Act on government surveillance efforts, introducing the Coder's Rights Project, and much more. Half the session will be given over to question-and-answer, so it's your chance to ask EFF questions about the law and technology issues that are important to you.

Kurt Opsahl is a Senior Staff Attorney with the Electronic Frontier Foundation focusing on civil liberties, free speech and privacy law. Before joining EFF, Opsahl worked at Perkins Coie, where he represented technology clients with respect to intellectual property, privacy, defamation, and other online liability matters, including working on Kelly v. Arribasoft, MGM v. Grokster and CoStar v. LoopNet. For his work responding to government subpoenas, Opsahl is proud to have been called a "rabid dog" by the Department of Justice. Prior to Perkins, Opsahl was a research fellow to Professor Pamela Samuelson at the U.C. Berkeley School of Information Management & Systems. Opsahl received his law degree from Boalt Hall, and undergraduate degree from U.C. Santa Cruz. Opsahl co-authored "Electronic Media and Privacy Law Handbook." In 2007, Opsahl was named as one of the "Attorneys of the Year" by California Lawyer magazine for his work on the O'Grady v. Superior Court appeal, which established the reporter's privilege for online journalists.

Jennifer Granick is the Civil Liberties Director at the Electronic Frontier Foundation. Before EFF, Granick was a Lecturer in Law and Executive Director of the Center for Internet and Society at Stanford Law School where she taught Cyber law and Computer Crime Law. She practices in the full spectrum of Internet law issues including computer crime and security, national security, constitutional rights, and electronic surveillance, areas in which her expertise is recognized nationally. Before teaching at Stanford, Jennifer spent almost a decade practicing criminal defense law in California. She was selected by Information Security magazine in 2003 as one of 20 "Women of Vision" in the computer security field. She earned her law degree from University of California, Hastings College of the Law and her undergraduate degree from the New College of the University of South Florida.

Kevin Bankston, an EFF Senior Staff Attorney specializing in free speech and privacy law, was EFF's Equal Justice Works/Bruce J. Ennis Fellow for 2003-05. His fellowship project focused on the impact of post-9/11 anti-terrorism laws and surveillance initiatives on online privacy and free expression. Before joining EFF, Kevin was the Justice William J. Brennan First Amendment Fellow for the American Civil Liberties Union in New York City. At the ACLU, Kevin litigated Internet-related free speech cases, including First Amendment challenges to both the Digital Millennium Copyright Act (Edelman v. N2H2, Inc.) and a federal statute regulating Internet speech in public libraries (American Library Association v. U.S.). Kevin received his J.D. in 2001 from the University of Southern California Law Center, and received his undergraduate degree from the University of Texas in Austin.

Fred von Lohmann is a senior staff attorney with the Electronic Frontier Foundation, specializing in intellectual property matters. In that role, he has represented programmers, technology innovators, and individuals in a variety of copyright and trademark litigation, including MGM v. Grokster, decided by the Supreme Court in 2005. He is also involved in EFF's efforts to educate policy-makers regarding the proper balance between intellectual property protection and the public interest in fair use, free expression, and innovation. Before joining EFF, Fred was a visiting researcher with the Berkeley Center for Law and Technology and an associate with the international law firm of Morrison & Foerster LLP. He has appeared on CNN, CNBC, ABC's Good Morning America, and Fox News O'Reilly Factor and has been widely quoted in a variety of national publications. Fred has an A.B. from Stanford University and a J.D. from Stanford Law School.

Marcia Hofmann is an EFF Staff Attorney focusing on government transparency and civil liberties issues. Along with her colleague David Sobel, she established EFF's FOIA Litigation for Accountable Government (FLAG) Project. Prior to joining EFF, Marcia was Director of the Open Government Project at the Electronic Privacy Information Center (EPIC), where she spearheaded EPIC's efforts to learn about emerging policies in the post-9/11 era and was lead counsel in several Freedom of Information Act (FOIA) lawsuits. Documents made public though her work have been reported by the New York Times, Washington Post, National Public Radio, Fox News, and CNN, among others. She is a graduate of the University of Dayton School of Law and Mount Holyoke College.

Peter Eckersley is a Staff Technologist for the Electronic Frontier Foundation. He keeps his eyes peeled for technologies that, by accident or design, pose a risk to computer users' Freedoms and then looks for ways to fix them. He explains gadgets to lawyers, and lawyers to gadgets. Peter is currently putting the finishing touches to a PhD on digital copyright policy with the Intellectual Property Research Institute of Australia and the computer science department at the University of Melbourne. His doctoral research focused on the practicality and desirability of using "virtual market" public funding systems to legalize P2P file sharing and similar distribution tools while still paying authors and artists for their work.

return to top

Meet the Feds 2009

Jim Christy DC3
Mike Convertino Air Force
John Garris NASA
Barry Grundy Treasury
Bob Hopper NW3C
Mischel Kwon USCERT
Robert Lentz OSD/NII
Rich Marshall NSA
Stephane Turgeon RCMP
Gordon Snow FBI
Ken Privette USPS IG
Paul Sternal DCIS
Jamie Turner NCIS
Lin Wells NDU
Rod Beckstrom Ex-DHS
Jerry Dixon Ex-DHS
Andy Fried Ex-IRS
Greg Garcia Ex-DHS
Jon Idonisi Ex-Navy
Ray Kessenich Ex-NCIS/DCITA
Kevin Manson EX-FLETC

Did you ever wonder if the Feds were telling you're the truth when you asked a question? This year we're inviting you to "Meet the Feds and Ex-Feds" to answer your questions. The objective is to get you the answers to your questions without getting a public official fired! Our goal, probably not yours! Come ask your question and compare the answers you get.

Each of the agency reps and ex-agency rep will make an opening statement regarding their agencies role, and then open it up to the audience for questions.

With representatives from Defense Cyber Crime Center (DC3), FBI, IRS, NCIS, NASA, DHS USCERT, DoJ, NSA , National White Collar Crime Center (NWC3), NSA, US Postal IG, Office of the Secretary of Defense, National Defense University and other fine Federal agencies, you will have an abundance of opportunities to attempt to humiliate, harass, threaten, or even bring them to tears. Go ahead hack away and take your best shot. Remember, what is said on this panel in Vegas, stays on this panel in Vegas..

For years Defcon participants have played "Spot the Fed." For the 4th year, the feds will play "Spot the Lamer". Come out and nominate a Lamer and watch the feds burn' em.

SA (Ret) Jim Christy, DC3
Director, Futures Exploration (FX)
Department of Defense Cyber Crime Center (DC3)

FX is responsible for informing and educating members of the other Department of Defense organizations, federal agencies, state and local law enforcement, international partners, the private sector, and academic institutions on the mission and activities of all DC3 programs. SA Christy is a retired Air Force Office of Special Investigations Computer Crime Investigator. SA Christy was an AFOSI computer crime investigator for over 18 years. In Oct 03, the Association of Information Technology Professionals, awarded SA Christy the 2003 Distinguished Information Science Award for his outstanding contribution through distinguished services in the field of information management. Previous recipients of this prestigious award include Adm. Grace Hopper, Gene Amdahl, H. Ross Perot, LtGen. Emmett Paige, Bill Gates, Lawrence Ellison, David Packard and Mitch Kapor.

From 17 Sep 01 – 1 Nov 03 SA Christy was the Director of Operations, Defense Computer Forensics Lab, DC3. As the Dir of Ops for the DCFL he managed four sections with over 40 computer forensic examiners that supported Major Crimes & Safety, Counterintelligence and Counterterrorism, as well as Intrusions and Information Assurance cases for the Department of Defense.

From May 98 – Sep 01 Mr. Christy was assigned to the Defense-wide Information Assurance Program, Assistant Secretary of Defense for Command, Control Communications and Intelligence (ASDC3I) as the Law Enforcement & Counterintelligence Coordinator and Infrastructure Protection Liaison.

SA Christy served as the DoD Representative to the President’s Infrastructure Protection Task Force (IPTF) from Sep 96 – May 98. The President signed Executive Order, 13010 on 15 Jul 96, creating IPTF to protect the Nation’s critical infrastructure from both physical and cyber attacks.

Prior to the IPTF, SA Christy was detailed to Senator Sam Nunn’s staff on the Senate, Permanent Subcommittee on Investigations as a Congressional Fellow, Jan - Aug 96. Senator Nunn specifically requested SA Christy’s assistance for the Subcommittee to prepare for hearings in May - Jul 1996, on the vulnerability and the threat to National Information Infrastructure from cyberspace. SA Christy authored the Subcommittee’s investigative report and testified twice before the Subcommittee.

Rod Beckstrom, Ex-DHS
Rod Beckstrom is a highly successful entrepreneur, founder and CEO of a publicly-traded company, a best-selling author, avowed environmentalist, public diplomacy leader and, most recently, the head of a top-level federal government agency entrusted with protecting the nation’s communication networks against cyber attack.

Throughout 2008, Rod served as the Director of the National Cybersecurity Center (NCSC) at the U.S. Department of Homeland Security, where he reported to the Secretary of DHS, and was charged with cooperating directly with the Attorney General, National Security Council, Secretary of Defense, and the Director of National Intelligence (DNI). Prior to joining DHS, he served on the DNI’s Senior Advisory Group. Rod is unique in having experienced the inner workings of two, highly-charged, often competing, federal security agencies created in the wake of the September 11th attacks, an event that he says, “changed my life.”

Rod is widely regarded as a pre-eminent thinker and speaker on issues of cybersecurity and related global issues, as well as on organizational strategy and leadership. He is also an expert on how carbon markets and “green” issues affect business. While Director of the NCSC, Rod developed an effective working group of leaders from the nation's top six cybersecurity centers across the civilian, military and intelligence communities. His work led to his development of a new economic theory that provides an explicit model for valuing any network, answering a decades-old problem in economics.

Rod co-authored four books including The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations, a best-selling model for analyzing organizations, leadership styles, and competitive strategy. The Starfish and the Spider has been translated into 16 foreign editions and is broadly quoted.

At age 24, Rod started his first company in a garage apartment and, subsequently, grew it into a global enterprise with offices in New York, London, Tokyo, Geneva, Sydney, Palo Alto, Los Angeles, and Hong Kong. CATS Software Inc., went public and later sold. Nobel Laureates Myron Scholes and William F. Sharpe served on the company's boards of directors and advisors. While at CATS Rod helped advance the financial theory of “value at risk,” now used globally for all key banking risk management. Rod co-edited the first book to introduce “value at risk.” Rod also co-founded Mergent Systems, a pioneer in inferential database engines, which Commerce One later acquired for $200 million. He has co-launched other collaborations, software, and internet service businesses, as well. From 1999 to 2001, he served as Chairman of Privada, Inc, a leader in technology enabling private, anonymous, and secure credit card transactions over the internet.

In 2003, Rod co-founded a global peace network of CEO's which initiated Track II diplomatic efforts between India and Pakistan. The group’s symbolic actions opened the borders to people and trade, and contributed to ending the most recent Indo-Pak conflict. It's one of several non-profit groups and initiatives Rod has started. He now serves on the boards of the Environmental Defense Fund, which Fortune Magazine ranked as one of the seven most powerful boards in the world and Jamii Bora Trust an innovative micro-lending group in Africa with more than 200,000 members.

He is a graduate of Stanford University with an MBA and a BA with Honors and Distinction. He served as Chairman of the Council of Presidents of the combined Stanford student body (ASSU) and was a Fulbright Scholar at the University of St. Gallen in Switzerland.

Colonel Michael Convertino, AF
Commander of the 318th Information Operations Group
Lackland Air Force Base, Texas

Colonel Convertino holds bachelors and masters degrees in computer engineering, information systems management, and international security studies and has held numerous assignments supporting intelligence collection and communications operations at both the National Security Agency and the Central Intelligence Agency. He has served as a communications and information squadron commander twice, once deployed to Bosnia in support of Predator intelligence drone operations and once in-garrison leading hundreds of airmen in operating of over $300 million in signals intelligence and mission-critical communications assets. He was assigned to the Joint Staff where he overhauled joint data interchange requirements and standards to focus on interoperable intelligence capabilities after 9/11. He has also served as a four-star generals Aide, responsible for planning, coordination and execution of policy statements, public speeches and congressional responses.

Jerry Dixon, Ex-DHS
Director of Analysis
Team Cymru

Team Cymru is focused on supporting customers and conducting cyber-security research. Prior to that Mr. Dixon was appointed Director of the National Cyber Security Division on at Homeland Security where he also served as the Deputy Director of Operations for the U.S. Computer Emergency Readiness Team (US-CERT). Mr. Dixon was instrumental in creating US-CERT, which serves America as the 24x7x365 cyber watch, warning, and incident response center that protects the cyber infrastructure by coordinating defense against and response to cyber attacks. Mr. Dixon led the initial development of US-CERT's capabilities for analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities across federal, state, local government agencies, and private sector organizations, making it Homeland Security's primary element of cyber preparedness and response.

Before joining NCSD, Mr. Dixon was the founding director of the Internal Revenue Service's (IRS) Computer Security Incident Response Capability. In this role, Mr. Dixon led their operational cyber security capability for the IRS and developed their ability to detect and respond to protect American taxpayer's private information from security attacks. Mr. Dixon has also served as Director of Information Security for Marriott International, a global private sector company, where he led cyber security planning, security architecture, and security operations. Mr. Dixon is a member of the InfraGard Maryland Members Alliance.

Andy Fried, Ex-IRS
Security Researcher
Internet Systems Consortium
Andrew Fried is currently a security researcher with Internet Systems Consortium (ISC), a nonprofit 501(c)(3) public benefit corporation dedicated to supporting the Internet community with software and professional services essential to its infrastructure. Mr. Fried is also the CEO of Deteque, a consulting and solutions provider for mitigating online threats. In 2008, Mr Fried retired from the United States Department of the Treasury, where he had been a Senior Special Agent for twenty years. Throughout his career with Treasury, he was involved in computer and network security.

Gregory T. Garcia, Ex-DHS
President, Garcia Strategies, LLC
Now President of Garcia Strategies, LLC, a strategic business and government affairs advisory services firm, Gregory (Greg) T. Garcia served as the nation’s first Presidentially-appointed Assistant Secretary for Cyber Security and Communications (CS&C) for the U.S. Department of Homeland Security, from 2006-2008. Garcia led the strategic direction of CS&C, overseeing a $500 million budget for the National Cyber Security Division, the Office of Emergency Communications and the National Communications System.

During Garcia’s tenure, DHS affirmed the urgency of cyber security across the nation and embarked on a comprehensive cyber initiative that will measurably strengthen the security of our nation’s networks against domestic and international threats.

He established the Office of Emergency Communications, which collaborated with stakeholders across the country to develop a first-ever National Emergency Communications Plan and 56 state and territory plans to drive interoperable emergency communications for our federal, state and local first responders.

His organization enhanced the availability, resiliency and priority service of communications for national security and emergency preparedness needs, and in disaster-stricken areas such as the Gulf States in the aftermath of Hurricanes Ike and Gustav in 2008.

Finally, he worked to integrate the Nation’s overall cyber and communications security strategy to align with the evolving architecture and risk profile of our national information infrastructure. Prior to joining the Department, Garcia served as Vice President for Information Security Programs and Policy with the Information Technology Association of America (ITAA), where, among other accomplishments, he worked with the Department of Homeland Security to co-found the National Cyber Security Partnership.

Before joining ITAA in April 2003, Garcia served on the staff of the House Science Committee where he was responsible for industry outreach and information technology and cyber security policy. Garcia had a lead role under Chairman Sherwood Boehlert (R-NY) in drafting and shepherding the enactment of the Cyber Security Research and Development Act of 2002.

Prior to his service on Capitol Hill, Garcia contributed to national policy development through several private sector organizations. He was the Director of 3Com Corporation’s Global Government Relations Office in Washington, DC, where he established and managed all aspects of the company’s strategic public policy formulation and advocacy.

He served as Coalition Manager for Americans for Computer Privacy, a high profile grassroots policy advocacy campaign dedicated to overturning U.S. export and domestic use regulation of encryption technology. This effort was successful after just one year of intense lobbying and high-end media strategies.

Garcia lobbied international trade policy for the American Electronics Association, including export controls, customs, European and multilateral trade negotiations.

His first career position was as a consultant with Newmyer Associates, Inc., a public policy consulting firm where he advised on international trade policy for Fortune 500 clients.

Garcia graduated with distinction from California State University at San Jose with a degree in Business Administration.

John D. Garris, NASA
Special Agent in Charge, Computer Crimes Division
Office of Investigations, NASA Office of Inspector General

John Garris is the Special Agent-in-Charge of the Computer Crimes Division, Office of Investigations, NASA Office of Inspector General.

During 2004, then Lieutenant Colonel Garris, was the Chief of the Law Enforcement and Counterintelligence Center for the Department of Defense’s (DoD) Joint Task Force for Global Network Operations, Arlington, VA. He was the senior DoD law enforcement agent responsible for coordinating the computer intrusion investigations of all five DoD criminal and counterintelligence investigative agencies.

From 2001 to 2004, he was the director, Special Operations Division, Head Quarters, Air Force Office of Special Investigations (AFOSI), Andrews AFB, MD. He was the U.S. Air Force’s single manager for computer crimes investigations, technical services countermeasures, polygraph, and counterintelligence support to Information Operations. While deployed in support of Operation Iraqi Freedom during this time period, he served both as the Squadron Commander for AFOSI personnel stationed in Turkey, and as the Counterintelligence Coordination Authority for Task Force – North, U.S. Central Command.

From 1999 to 2001, he was the commander of AFOSI Detachment 253, Lackland AFB, TX. In this position, he oversaw the establishment of the first office dedicated to law enforcement and counterintelligence support to Air Force computer network defense and information operations worldwide. His unit was responsible for the initial investigative response to 82 computer intrusions into Air Force and DoD information systems.

From 1997 to 1999, while assigned to the Pentagon, he was the Air Force Inspector General’s program manager for computer crime and information operations. He was instrumental in developing DoD’s first Computer Forensic Laboratory and Training Program. He also spearheaded the development of AFOSI’s participation in DoD’s first Joint Task Force for Computer Network Operations.

From 1995 to 1997, as AFOSI’s International Liaison Officer, he managed programs for international cooperation with counterpart law enforcement and security agencies. He created and directed AFOSI’s first program to locate and apprehended fugitives wanted for committing felony crimes. His efforts resulted in the capture of 24 fugitives.

From 1990 to 1993, Lt Col Garris was the commander of Det 522, Incirlik AB, Turkey. He directed counterintelligence and antiterrorism support to U.S. and multinational forces in Southeastern Turkey and Northern Iraq. He supervised several investigations of terrorist attacks against U.S. citizens, as well as directed a number of proactive anti-terrorism and criminal investigations in partnership with Turkish law enforcement authorities. He was selected as AFOSI’s Officer Special Agent of the Year for 1992.

From 1988 to 1990, he served as AFOSI District 69’s Counterintelligence Collections Manager, while assigned to Ankara, Turkey.
From 1986 to 1987, he served as both Deputy Commander and Commander of the AFOSI Office, Tinker AFB, OK

Lieutenant Colonel Garris entered the Air Force in 1984 as a graduate of the Virginia Polytechnic University ROTC program. He commanded AFOSI units in combat zones during operations Desert Shield, Desert Storm, Provide Comfort, Northern Watch, and Operation Iraqi Freedom.

Lieutenant Colonel Garris is married to the former Andrea Harnad of Burke, Virginia. They have two children: Samuel and Maxwell.

Barry J. Grundy, Treasury
Barry J. Grundy recently joined the Treasury Inspector General for Tax Administration (TIGTA) as a Senior Special Agent in the System Intrusion and Network Attack Response Team (SINART). The TIGTA SINART is responsible for conducting computer intrusion and other cyber investigations related to IRS networks, assets and programs. Prior to joining the Treasury Department, Grundy worked for the NASA Office of Inspector General, Computer Crimes Division as the Resident Agent in Charge of the Computer Crimes Division's East Region, responsible for the supervision of criminal investigations related to cyber events at all NASA Centers and facilities east of the Mississippi river. Prior to his federal career, Grundy was employed as a Special Agent for the Ohio Attorney General's Office, Health Care Fraud Unit, where he was responsible for the computer seizure and forensic media analysis support in addition to maintaining a normal health care fraud case load.

Grundy served for six years in the United States Marine Corps. All of his active duty service was spent in Reconnaissance Battalions, eventually as a Recon Team Leader, Scout/Sniper, and Combat Diver.

Shawn Henry, FBI
Special Agent

Mr. Henry began his career as a Special Agent with the FBI in 1989. His first office of assignment was the Washington Metropolitan Field Office, where he investigated a variety of matters, focusing primarily on public corruption, and was a member of the FBI SWAT team. In 1996, Mr. Henry was promoted to Supervisory Special Agent at FBIHQ.

In 1999, Mr. Henry was designated Chief of the Computer Investigations Unit within the National Infrastructure Protection Center at FBIHQ, with management responsibility for all FBI criminal computer intrusion matters. During this tenure, he was appointed as a representative for the United States’ delegation to the G8 as a member of the High-Tech Crimes Subgroup.

In 2001, Mr. Henry was promoted to field supervisor of the Computer Crimes Squad for the FBI's Baltimore Field Office. In 2003, he was named Assistant Inspector and Team Leader in the Inspection Division at FBIHQ where he led teams conducting evaluations and audits of FBI operations nationwide.

In 2004 Mr. Henry was selected as Assistant Special Agent in Charge of the Philadelphia Field Office, with oversight for Special Operations, Technical Services, and the Field Intelligence Group. Mr. Henry was subsequently detailed to FBIHQ to assist in the implementation of the National Security Branch (NSB). In 2006 he was selected as a member of the Senior Executive Service to serve as Chief of the Executive Staff to the Executive Assistant Director of the NSB.

In 2007, Mr. Henry was named Deputy Assistant Director of the FBI’s Cyber Division, with program management responsibility for all FBI computer investigations worldwide. In September 2008, he was selected to his current position as FBI Assistant Director of the Cyber Division.

Mr. Henry has earned a Bachelor of Business Administration from Hofstra University in New York, and a Master of Science in Criminal Justice Administration from Virginia Commonwealth University. He is a graduate of the Naval Postgraduate School Center for Homeland Defense and Security, Homeland Security Executive Leaders Program.

Robert Hopper, NW3C
Mr. Hopper is Manager of NW3C Computer Crime Section is responsible for all aspects of management within the section including staff assigned throughout the country. Mr. Hopper retired with thirty years service with the Arizona Department of Public Safety and thirty-seven years in Law Enforcement. Mr. Hopper’s Law Enforcement career included assignments in Narcotics, Air Smuggling, White Collar Crime, Organized Crime and Advanced Officer Training. Mr. Hopper developed and managed the Arizona Department of Public Safety Regional Computer Forensics Lab.

Jon Iadonisi, Ex-Navy Seal
Jon Iadonisi is the founder of White Canvas Group- a company that specializes in cultivating alternative and disruptive strategies. He has spent the past twenty years creating and applying new perspectives and strategies derived from leveraging computing technologies with scholarship. His diversified expertise and unique operational background has afforded him the opportunity to develop new capabilities within the US National Security arena. Prior to joining the private sector, Jon served as a Navy SEAL where he designed, planned and lead various combat operations creating new capabilities within the Special Operations Community and Central Intelligence Agency. He is a combat wounded and decorated veteran who earned a B.S. in Computer Science from the US Naval Academy, and M.S. in Homeland Security from San Diego State University. He is a member of the Council on Foreign Relations and guest lectures at San Diego State University and Georgetown Law School. He enjoys reading, music, the outdoors, and wine. He is an academic and athletic all American and participated in the 2000 Olympic Rifle team trials.

Raymond J. Kessenich, SA Ex-NCIS/DCITA
Special Agent Raymond Kessenich is currently the Director of Training, Centre for Training and Skills Development, International Multilateral Partnership Against Cyber Threats based out of Cyberjaya, Malaysia. Kessenich is retired from the Naval Criminal Investigative Service following more than 21 years of service. His last assignment was as the Director of the Defense Cyber Investigation Training Academy in Linthicum, MD. Special Agent Kessenich joined the Naval Criminal Investigative Service (NCIS) in 1987 after serving for seven years as a Police Officer, the most recent as a Detective with the Polk County Sheriff’s Department in Lakeland, FL. Since joining NCIS, he served as a Special Agent at NCISRA Jacksonville, Florida; Representational Resident Agent, NCISRU Key West, Florida; Special Agent at the NCIS Resident Agency, Subic Bay, Republic of the Philippines; Special Agent at NCISRA Okinawa, Japan; Resident Agent in Charge of the NCIS Resident Agency Brunswick, Maine; Investigator, US Senate, Permanent Subcommittee on Investigations, 106th Congress, Washington DC; Supervisory Special Agent, NCISHQ Counterintelligence Directorate; and as the Assistant Special Agent in Charge at the NCIS Field Office, Washington DC.

Mischel Kwon, USCERT
Director, United States Computer Emergency Readiness Team
National Cyber Security Division
U.S. Department of Homeland Security

Mischel Kwon, an IT professional with more than 27 years of experience, was named the Director for the United States Computer Emergency Readiness Team (US-CERT) in June 2008. As the Director for the US-CERT, Kwon is responsible for the operational mission of the US-CERT. US-CERT is responsible for analyzing and reducing cyber threats and vulnerabilities in Federal networks, disseminating cyber threat warning information, and coordinating incident response activities.

Kwon brings a unique blend of hands on experience, academic research and training, and a seasoned understanding of how to build operational organizations from inception. Among her successes at the United States Department of Justice (DOJ), where she was Deputy Director for IT Security Staff; she built and deployed the Justice Security Operations Center (JSOC) to monitor and defend the DOJ network against cyber threats. In addition, she served as the lead project manager for the Trusted Internet Connections (TIC) project at DOJ. The TIC project is a jointly lead project between OMB and DHS. This experience provides a unique perspective in her operational mission at DHS.

In addition to the operational role, Kwon lends her experience and drive for providing superior customer service to DHS. Kwon is leading the effort to enhance the US-CERT’s ability to disseminate reasoned and actionable cyber security information to key stakeholders, including: federal agencies, industry, the research community, and state and local governments. In tandem with this effort, Mischel is in the process of building and enhancing US-CERT’s capability to better protect our nation's Federal Internet infrastructure by coordinating actionable mitigation against and response to cyber attacks.

Ms. Kwon holds a Master of Science in Computer Science and a graduate certificate in Computer Security and Information Assurance. In addition, she serves as an adjunct professor at George Washington University in Washington, DC, where Ms. Kwon also runs the GW Cyber Defense Lab. Her interests branch out into cryptology, wireless networks, and antenna theory.

Robert F. Lentz, OSD/NII
Mr. Lentz is the Deputy Assistant Secretary of Defense for Cyber, Identity and Information Assurance (CI&IA) in the Office of the Assistant Secretary of Defense, Networks and Information Integration/Chief Information Officer. Since November 2000, he has been the Chief Information Assurance Officer (CIAO) for the Department of Defense (DoD) and, in this capacity, oversees the Defense-wide IA Cyber Program, which plans, monitors, coordinates, and integrates IA Cyber activities across DoD.

Mr. Lentz is the Chairman of the National Space INFOSEC Steering Council (NSISC), DoD member of the Presidential Sub-Committee on National Security Systems (CNSS), the leader of the DoD IA Steering Council, and the IA Domain Owner of the Global Information Grid Enterprise Information Management Mission Area. In his capacity as the CIAO, Mr. Lentz is a member of the DoD CIO Executive Council. He is also the DoD liaison to several private sector boards, including the Center for Internet Security (CIS) Strategic Advisory Council, the Common Vulnerabilities & Exposures (CVE) Senior Advisory Council, the International Cyber Center Advisory Board and SAFEcode.

Mr. Lentz has over 26 years of experience with the National Security Agency (NSA) in the areas of financial management and technical program management. He has served as Chief of the Space and Networks IA Office, Chief Financial Officer of the NSA IA Directorate, Executive Assistant to the NSA SIGINT Collections and Operations Group and Field Chief of the Finksburg National Public Key Infrastructure/Key Management Infrastructure Operations Center.

Mr. Lentz has received the NSA Resource Manager of the Year Award, the Defense Meritorious Service Award, 2006 “Top 20” Excellence.gov Award, the 2003 Presidential Rank Award and the 2004 “Federal 100” award. In 2004, Mr. Lentz also received the highest-level honorary award the Department can bestow on a civilian employee, the prestigious Secretary of Defense Distinguished Civilian Service Award. In 2008, he was named Information Security government Executive of the year for the Middle Atlantic region, culminating in his award as the North American Executive of the year. In 2009, he was the recipient of the RSA award for Excellence in the Field of Security Practices.

Mr. Lentz is a graduate of the National Senior Cryptologic Course at the National Cryptologic School, Federal Executive Institute (FEI) and the Resource Management Course at the Naval Postgraduate School. He earned a Bachelor’s Degree with a double major in History and Social Science from Saint Mary's College of Maryland and a Masters Degree in National Security Strategy from the National War College.

Kevin Manson, Ex-DHS
Secure Online Community Architect

1970's State Prosecutor and Magistrate.

1980's - Coined the term "Cybercop", Staff counsel on US Senate Judiciary Committee.

1990's - Co-founded Cybercop Portal, a Department of Homeland Security endorsed, secure online information sharing community with a DARPA pedigree serving over 12,000 law enforcement and industry users. Cybercop was founded to strengthen our nation's "CyberCivil Defense" as contemplated by Presidential Decision Directive 63 (URL: http://www.cybercopportal.com)

At the Federal Law Enforcement Training Center (FLETC), pioneered Internet investigations training and in the early 90's developed the Cybercop BBS, (Wildcat), the first online community for federal law enforcement agents.

Designed, developed and deployed new training initiatives for "Digital Officer Safety", Data Mining and Internet Investigations for federal agents at the FLETC. (URL: www.fletc.gov)

2000's - Co-Keynoted at Black Hat 2001 with FBI UNABOM'er profiler William Tafoya ("The elite are not those who destroy or cause havoc in cyberspace, but rather [those who work] to protect the Net," URL: http://archives.cnn.com/2001/TECH/internet/07/16/black.hat.conference.idg/ ). "Meet the Fed" panelist. Member of the US Secret Service New York Electronic Crimes Task Force. Collaborating with field experimentation teams at the Naval Postgraduate School regarding Secure Trusted Proxy networks, UAV and Robotics technologies (Cooperative Operations and Applied Science and Technology Studies). Building Hastily formed technology accelerations teams for national security and public safety in support of those who serve behind the "thin digital blue line" with my group of "Usual Suspects.”

Richard H.L. Marshall, NSA
Mr. Richard H. L. Marshall is the Senior Information Assurance (IA) Representative, Office of Legislative Affairs at the National Security Agency (NSA). NSA’s Legislative Affairs Office is the Agency’s point of contact for all NSA matters concerning Congress and is committed to maintaining a relationship with Congress built on trust, candor, completeness, correctness, consistency, and corporateness. Mr. Marshall has been instrumental in framing critical appreciation by key Senators and Representatives on Information Assurance and its impact on helping to protect the nation’s critical infrastructures. As an additional duty, Mr. Marshall also represents NSA in the National Centers of Academic Excellence in Information Assurance Program in Boston, Massachusetts and the Detroit, Michigan areas where he led the effort to establish an International Consortium on Information Assurance.

Mr. Marshall is a sophisticated senior executive level leader. He is respected by White House (National Security Council and Homeland Security Council) and Congressional staffers, Department of Defense, Department of Homeland Security, Department of the Treasury and private sector leaders – particularly the financial services sector – for his subject matter expertise and skills in policy formulation and ardent advocacy. Mr. Marshall commands a deep understanding and appreciation for the full range of Information Assurance-related legal, legislative and policy issues. He interacts confidently in the most senior levels of government, business and academia.

He is a frequent keynote speaker, panelist and moderator at information technology, legal and policy symposia and conferences both here and abroad – to include Black Hat and DEF CON. He is a nationally recognized, respected and articulate advocate of the need for the private and public sectors to work together to improve information assurance and business continuity practices, policies and technology. He has addressed various international, Department of Defense, Army, Navy and Air Force legal conferences on information operations, information assurance and critical infrastructure assurance, twice sharing the podium with the Secretary of the Air Force and once with the former Vice-President of the United States.

He has testified before numerous Congressional subcommittees and has distinguished himself as a guest lecturer at the National Defense University (NDU), the Industrial College of the Armed Forces, Stanford University, George Mason University, George Washington School of Law, Boston University, Duke University, the University of Virginia, University of Detroit-Mercy, The Harvard Club, and numerous graduate and law schools on a myriad of legal issues related to national security and information assurance.

Mr. Marshall was selected by Dick Clarke, the Cyber Advisor to the President to serve as the Principal Deputy Director, Critical Infrastructure Assurance Office (CIAO), Bureau of Industry and Security, Department of Commerce where he led a team of 40 dedicated professionals in coordinating and implementing the Administration’s National Security for Critical Infrastructure Protection initiative to address potential threats to the nation’s critical infrastructures. He persuasively articulated the business case for enhancing information assurance in government and private sectors, and championed national outreach and awareness of information assurance issues to key stakeholders such as owners and operators of critical infrastructures, opinion influencers, business leaders, and government officials.

Before being nominated by the DIRNSA and approved by the SECDEF to serve in an Executive Development assignment to help lead the CIAO, Mr. Marshall served with distinction as the Associate General Counsel for Information Systems Security/Information Assurance, Office of the General Counsel, National Security Agency for over eight years. In that capacity, Mr. Marshall provided advice and counsel on national security telecommunications and technology transfer policies and programs, the National Information Assurance Partnership, the Common Criteria Mutual Recognition Arrangement, legislative initiatives and international law. Mr. Marshall was the legal architect for the Joint Chiefs of Staff directed exercise “Eligible Receiver 97” that spotlighted many of the cyber-vulnerabilities of our nation’s critical infrastructures and helped bring focus on this issue at the national leadership level.

Mr. Marshall graduated from The Citadel with a B.A. in Political Science; Creighton University School of Law with a J.D. in Jurisprudence; Georgetown School of Law with an LL.M. in International and Comparative Law; was a Fellow at the National Security Law Institute, University of Virginia School of Law in National Security Law; attended the Harvard School of Law Summer Program for Lawyers; the Georgetown University Government Affairs Institute on Advanced Legislative Strategies and participated in the Information Society Project at Yale Law School and in the Privacy, Security and Technology in the 21st Century program at Georgetown University School of Law.

Ken Privette, USPS IG
Special Agent in Charge
Digital Evidence Services
USPS Office of Inspector General

Ken serves as the Special Agent in Charge of Digital Evidence Services (DES), a component of the United States Postal Service Office of Inspector General providing computer crime and digital forensics support to investigators from the United States Postal Service Office of Inspector General and Postal Inspection Service. He and his team of digital forensic examiners have pioneered state-of-the- art initiatives such as remote forensics and the development of forensic tools such as eInvestigator – an online forensic collaboration tool for sharing, parsing and searching digital evidence.

Ken spent much of his professional life as a Special Agent with the Naval Criminal Investigative Service both overseas and state-side where he conducted investigations involving computer crime, terrorism, and counterintelligence matters. He has worked in assignments at the Department of Defense Computer Emergency Response Team and served as an instructor in the Computer Forensics, Investigation and Response course for the SANS Institute.

Keith Rhodes, Ex-GAO
Keith Rhodes is currently the Chief Technologist of the U. S. Government Accountability Office and Director of the Center for Technology & Engineering. He provides assistance throughout the Legislative Branch on computer and telecommunications issues and leads reviews requiring significant technical expertise. He has been the senior advisor on a range of assignments covering continuity of government & operations, export control, computer security & privacy, e-commerce & e-government, voting systems, and various unconventional weapons systems. He has served as a Commissioner on the Independent Review of the National Imagery and Mapping Agency. Before joining GAO, he was a supervisory scientist at the Lawrence Livermore National Laboratory. His other work experience includes computer and telecommunications projects at Northrop Corporation and Ohio State.

Paul Sternal, SA DCIS
Special Agent Sternal is the cyber crimes program manager for the Defense Criminal Investigative Service. He began his law enforcement career in 1993 as a special agent with the U.S. Air Force Office of Special Investigations (OSI), and was assigned to Yakota AB, Japan. During that time, he served as a computer crime investigator operating throughout the Pacific Rim at bases in Guam and Korea as well as Japan.

In 1995, Paul entered the Air Force communications field, holding assignments at the Air Intelligence Agency in San Antonio, Texas and the White House Communications Agency in Washington, D.C. As a Reservist, he is currently a Lieutenant Colonel assigned to the Defense Information Systems Agency.

In 2002, Paul joined DCIS as a computer crime investigator in the Mid-Atlantic Field Office. Since joining DCIS, he has specialized in high technology crime investigations and computer forensics. He has been intricately involved in several high-profile intrusion investigations. In 2004, he served a three month tour as a DCIS Special Agent with the Middle East Task Force - Baghdad, Iraq, Coalition Provisional Authority.

SA Sternal is a graduate of George Washington University and holds a Bachelor's Degree in Computers and Information Systems. He holds a Master's Degree in Business Administration from Rutgers University and a Master of Public Policy degree from Georgetown University.

Sgt. Stephane Turgeon, RCMP
Royal Canadian Mounted Police

Sgt. Stéphane Turgeon has been a Member of the Royal Canadian Mounted Police since 1998. He has performed general duty policing in the beautiful province of Nova Scotia for 6 years and then joined the A-Division Integrated Technological Crime Unit located in Otttawa, Ontario in April of 2004. Since then, he obtained the RCMP designation as a computer forensic examiner by successfully completing several computer forensic courses and certifications. He has conducted hundreds of computer crimes investigations and is now Acting in charge of the A-Division Integrated Technological Crime Unit, which is comprised of more than 20 Members from the RCMP, Ottawa Police Services and the Department of National Defence. The Unit is responsible for the investigation of pure computer crimes within the National Capital Region ( Ottawa area ) and the assistance to other specialized investigative sections, Units and the federal departments.

Jamie Turner, NCIS
Senior Investigative Computer Specialist

Jamie Turner is a Senior Investigative Computer Specialist for the Naval Criminal Investigative Service. He has over 20 years of professional experience in the cyber field with the last 10 years conducting computer crime investigations and operations. Jamie holds several IT and forensics certifications and is considered an one of the best experts for NCIS Cyber in the fields of computer forensics, mobile forensics, data recovery and court room testimony.

Linton Wells II, NDU
Distinugished Research Professor
Force Transformation Chair

Dr. Linton Wells II is a Distinguished Research Professor and serves as the Transformation Chair at National Defense University (NDU). Prior to coming to NDU he served in the Office of the Secretary of Defense (OSD) from 1991 to 2007, serving last as the Principal Deputy Assistant Secretary of Defense (Networks and Information Integration). In addition, he served as the Acting Assistant Secretary and DoD Chief Information Officer for nearly two years. His other OSD positions included Principal Deputy Assistant Secretary of Defense (Command, Control, Communications and Intelligence-C3I) and Deputy Under Secretary of Defense (Policy Support) in the Office of the Under Secretary of Defense (Policy).

In twenty-six years of naval service, Dr. Wells served in a variety of surface ships, including command of a destroyer squadron and guided missile destroyer. In addition, he acquired a wide range of experience in operations analysis; Pacific, Indian Ocean and Middle East affairs; and C3I. Recently he has been focusing on STAR-TIDES, a research project focusing on affordable, sustainable support to stressed populations and public-private interoperability (www.star-tides.net).

Dr. Wells was born in Luanda, Angola, in 1946. He was graduated from the United States Naval Academy in 1967 and holds a Bachelor of Science degree in physics and oceanography. He attended graduate school at The Johns Hopkins University, receiving a Master of Science in Engineering degree in mathematical sciences and a PhD in international relations. He is also a 1983 graduate of the Japanese National Institute for Defense Studies in Tokyo, the first U.S. naval officer to attend there.

Dr. Wells has written widely on security studies in English and Japanese journals. He co-authored Japanese Cruisers of the Pacific War, which was published in 1997. His hobbies include history, the relationship between policy and technology, and scuba diving. He has thrice been awarded the Department of Defense Medal for Distinguished Public Service.

return to top