skip to main content

DEF CON Hacking Conference

Village Speaker Schedule

In addition to the main DEF CON tracks, several of the Villages have a full-blown speaker track of their own, full of good stuff specific to their area of focus. Below we have a partial schedule (we'll update it as information comes in).

Packet Capture Village

Friday, August 7


Tools and Techniques Used at the Wall of Sheep

Ming Chow

Ming will demonstrate how to capture and analyze packets using the tools that are used by the shepherds at the Wall of Sheep. The tools include Wireshark, tcpdump, dsniff, and ettercap. Attendees do not need to have any networking or security experience but are expected to bring their own laptop. For the purpose of this session, a *nix environment will be used (e.g., Linux, Mac OS X).

BIO: Ming Chow (Twitter: @0xmchow) Ming has been involved with the Wall of Sheep since DEF CON 15 (2007).


Mobile Data Loss - Threats & Countermeasures

Michael Raggo

Current attack vectors indicate that malware, spyware, and other nefarious attacks are targeting mobile devices for financial gain, cyber espionage, or to simply damage company reputation. Additionally, the threat from the inside has also increased, leading to intentional and unintentional data leakage for many companies. This presentation will review best practices and strategies for controlling the dissemination of data on mobile devices by analyzing current mobile attack vectors and countermeasures.

BIO: Michael Raggo (Twitter: @MikeRaggo) Michael applies over 20 years of security technology experience and evangelism to the technical delivery of Mobile Security Solutions. Mr. Raggo's technology experience includes mobile device security, penetration testing, wireless security assessments, compliance assessments, incident response and forensics, security research, and is a former security trainer. His publications include books for Syngress titled "Data Hiding" and McGraw Hill as a contributing author for "Information Security the Complete Reference 2nd Edition", as well as multiple magazine and online articles. He is also a participating member of the PCI Mobile Task Force. Mr. Raggo has presented on various security topics at numerous conferences around the world (BlackHat, DefCon, SANS, Gartner, DoD Cyber Crime, OWASP, InfoSec, etc.) and has even briefed the Pentagon and FBI.


Sniffing SCADA

Karl Koscher

Over the past few years, interest in ICS/SCADA systems security has grown immensely. However, most of this interest has been focused on IP-connected SCADA networks, largely ignoring numerous deployments relying on other technologies such as wireless serial links. In this talk, I'll introduce a new GNU Radio module which lets you sniff (and potentially speak with) SCADA networks that use a popular RF modem for their communications. I'll also describe the process of reverse-engineering the proprietary RF protocol used. Finally, I'll talk about the higher-layer protocols used in SCADA networks, including ModBus and DNP3, demonstrate how we are able to monitor the (unencrypted and unauthenticated) sensing and control systems used by a large electricity distribution network, and discuss some of its implications.

BIO: Karl Koscher (Twitter: @supersat) Karl is a postdoctoral researcher at the University of California San Diego where he specializes in embedded systems security. In 2011, he and his collaborators were the first to demonstrate a complete remote compromise of a car over cellular, Bluetooth, and other channels. In addition to breaking systems, he also works on creating tools and technologies to enable developers to automatically find (and fix) potential security vulnerabilities in their embedded systems. Since earning his ham license at DEF CON 22 (and later upgrading to Amateur Extra), he has become interested in many aspects of wireless communications.


dnstap - A Standard Interface to Real Time DNS Transaction Flows

Paul Vixie

DNS is a high volume low latency datagram protocol at the heart of the Internet -- it enables almost all other traffic flows. Any analysis of network traffic for security purposes will necessarily include contemporaneous DNS traffic which might have resulted from or directed that traffic. Netflow by itself can answer the question, "what happened?" but it cannot by itself answer the equally important question, "why?"

Collecting DNS query and response data has always been challenging due to the impedance mismatch between DNS as an asynchronous datagram service and available synchronous persistent storage systems. Success in DNS telemetry has historically come from the PCAP/BPF approach, where the collection agent reassembles packets seen 'on the wire' into DNS transaction records, with complete asynchrony from the DNS server itself. It is literally and always preferable to drop transactions from the telemetry path than to impact the operation a production DNS server in any way.

BPF/PCAP is not a panacea, though, since the complexity of state-keeping means that most passive DNS collectors are blind to TCP transactions, and all are blind to data elements which don't appear on the wire, such as cache purge or cache expiration events, or to "view" identifiers or current delegation point. The Farsight Security team has therefore designed a new open source and open protocol system called 'dnstap' with a transmission/reception paradigm that preserves the necessary lossiness of DNS transaction collection while avoiding the state-keeping of BPF/PCAP based systems.

This talk will cover passive DNS including collection, sharing, post-processing, database construction, and access, using the Farsight Security system as a model. 'dnstap' will be introduced in that context, including a status report and road-map.

BIO: Dr. Paul Vixie (Twitter: @paulvixie) Paul is the CEO of Farsight Security. He previously served as President, Chairman and Founder of Internet Systems Consortium (ISC), as President of MAPS, PAIX and MIBH, as CTO of Abovenet/MFN, and on the boards of several for-profit and non-profit companies. He served on the ARIN Board of Trustees from 2005 to 2013, as ARIN Chairman in 2008 and 2009, and was a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC). He operated the ISC's F-Root name server for many years, and is a member of Cogent's C-Root team. He is a sysadmin for Op-Sec-Trust.

Paul has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. He wrote Cron (for BSD and Linux), and is considered the primary author and technical architect of BIND 4.9 and BIND 8, and he hired many of the people who wrote BIND 9. He has authored or co-authored a dozen or so RFCs, mostly on DNS and related topics, and of Sendmail: Theory and Practice (Digital Press, 1994). His technical contributions include DNS Response Rate Limiting (RRL), DNS Response Policy Zones (RPZ), and Network Telemetry Capture (NCAP). He earned his Ph.D. from Keio University for work related to DNS and DNSSEC, and was named to the Internet Hall of Fame in 2014.


Hacker's Practice Ground

Lokesh Pidawekar

Learning Hacking legally and economically is not a myth anymore. You will witness how to create a practice ground to hone the skills of hacking. The talk will take you through infrastructure, tools and techniques of practicing hacking. It will also cover information about online hacking challenges and breaking into bug bounty programs. Expect lot of demos.

BIO: Lokesh Pidawekar (Twitter: @MaverickRocky02) Lokesh is Master's student in Information Assurance at Northeastern University, Boston. He has more than 4 years of experience in System hardening, Network architecture assessments and web application penetration testing. During last summer, he was software security intern at Cigital, Inc. where he worked on various mobile and web application penetration testing projects. He actively participates in bug bounty programs and responsibly disclosed vulnerabilities to various companies. He is president of ISSA-Northeastern University student chapter and recipient of ISC2 Graduate research scholarship.


Global Honeypot Trends

Elliot Brink

Many of my computer systems are constantly compromised, attacked, hacked, 24/7. How do I know this? I've been allowing it. This presentation will cover over one year of research running several vulnerable systems (or honeypots) in multiple countries including the USA, mainland China, Russia and others. We'll be taking a look at: a brief introduction to honeypots, common attacker trends (both sophisticated and script kiddie), brief malware analysis and the statistical analysis of attackers based on GeoIP. Are there differences in attacks based on where a computer system is located? Let's investigate this together! Beginners to the topic of honeypots fear not, the basics will be covered.

BIO: Elliott Brink (Twitter: @ebrinkster) Elliott is an Information Security Consultant based out of Chicago, IL. He specializes in internal/external pentesting, security architecture, and social engineering engagements. He loves computer history, tracking bad guys, honeypots, an expertly crafted bloody mary and traveling the globe.


Remaining Covert in an Overt World

Mike Raggo, Chet Hosmer

With the explosion of social media, sharing apps, and an overall world of overtness, some of us are seeking ways to communicate covertly and protect our privacy. This has prompted the emergence of new and enhanced covert communications. This includes methods for hiding data within apps, communication protocols, and even enhanced techniques for hiding data within data. In this talk we'll explore the most recent techniques for secret communications and hiding data, while also exploring new ideas for covert storage in wearables, mobile devices, and more with walkthroughs and demos.

BIOS: Michael Raggo (Twitter: @MikeRaggo) Michael applies over 20 years of security technology experience and evangelism to the technical delivery of Mobile Security Solutions. Mr. Raggo's technology experience includes mobile device security, penetration testing, wireless security assessments, compliance assessments, incident response and forensics, security research, and is a former security trainer. His publications include books for Syngress titled "Data Hiding" and McGraw Hill as a contributing author for "Information Security the Complete Reference 2nd Edition", as well as multiple magazine and online articles. He is also a participating member of the PCI Mobile Task Force. Mr. Raggo has presented on various security topics at numerous conferences around the world (BlackHat, DefCon, SANS, Gartner, DoD Cyber Crime, OWASP, InfoSec, etc.) and has even briefed the Pentagon and FBI.

Chet Hosmer Chet is the Founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using Python. Chet is also the founder of WetStone Technologies, Inc. and has been researching and developing technology and training surrounding forensics, digital investigation and steganography for over two decades. He has made numerous appearances to discuss emerging cyber threats including National Public Radio's Kojo Nnamdi show, ABC's Primetime Thursday, NHK Japan, CrimeCrime TechTV and ABC News Australia. He has also been a frequent contributor to technical and news stories relating to cyber security and forensics and has been interviewed and quoted by IEEE, The New York Times, The Washington Post, Government Computer News, and Wired Magazine. He is the author of three recent Elsevier/Syngress Books: Python Passive Network Mapping (ISBN-13: 978-0128027219), Python Forensics (ISBN-13: 978-0124186767), and Data Hiding which is co/authored with Mike Raggo (ISBN-13: 978-1597497435). Chet serves as a visiting professor at Utica College where he teaches in the Cybersecurity Graduate program. He is also an Adjunct Faculty member at Champlain College in the Masters of Science in Digital Forensic Science Program. Chet delivers keynote and plenary talks on various cyber security related topics around the world each year. Chet resides with Wife Janet, Son Matthew along with his four legged family near Myrtle Beach, South Carolina.


Violating Web Services

Ron Taylor

The majority of today's mobile applications utilize some type of web services interface (primarily SOAP and REST) for connecting to back end servers and databases. Properly securing these services is often overlooked and makes them vulnerable to attacks that might not be possible via the traditional web application interface. This talk will focus on methods of testing the security of these services while utilizing commercial and open source tools. We will also highlight some web services of well-known sites that have been recently violated.

BIO: Ron Taylor (Twitter: @Gu5G0rman) Ron has been working in the information security field for the past 16 years. He spent 10 years in consulting, gaining experience in many areas. For the past 7 years he has been working as an engineer for Cisco Systems in RTP. His focus is on Pen Testing Cisco products and working with the development teams to implement high security standards. He also holds certifications including GPEN, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP and MCSE. He is a SANS Mentor and one of the founders of BSides Raleigh.

Saturday, August 8


How Machine Learning Finds Malware Needles in an AppStore Haystack

Theodora Titonis

Machine learning techniques are becoming more sophisticated. Can these techniques be more affective at assessing mobile apps for malicious or risky behaviors than traditional means? This session will include a live demo showing data analysis techniques and the results machine learning delivers in terms of classifying mobile applications with malicious or risky behavior. The presentation will also explain the difference between supervised and unsupervised algorithms used for machine learning as well as explain how you can use unsupervised machine learning to detect malicious or risky apps.

What you will learn:

Understand the difference between advanced machine learning techniques vs. traditional means.
Recognize different types of algorithms used to improve mobile security.
Understand how you can use unsupervised machine learning to detect malicious or risky apps.

BIO: Theodora Titonis is an innovative entrepreneur whose passion for technology began when she started programming computers at the age of seven. While pursuing computer science at The Ohio State University she focused her efforts on the challenging field of security. During the dotcom-era, Theodora architected systems and provided security expertise to federal government intelligence and defense agencies, leading financial institutions and Fortune 500 Companies.

Theodora served as the Founder, CEO, sole investor, and a patent assignee of Marvin Mobile. Veracode, Inc., the leader in cloud-based application security testing, acquired Marvin in September 2012. Ms. Titonis now serves as Veracode's Vice President of Mobile Security.


MITM 101: Easy Traffic Interception Techniques Using Scapy

Bob Simpson

Performing man-in-the-middle attacks takes a little planning and practice, but you will soon find that it is one of the most powerful and useful skills you can develop. Once you get the hang of it, Scapy makes it easy to target a specific box or a whole network, and whether you have physical access or remote penetration, you can use MITM to open up new possibilities.

BIO: Bob Simpson (Twitter: @bobby_simpson) is CIO for Finley & Cook, PLLC, a private accounting firm. He has been with the company for 8 years. Previously, he served as Security Architect for the Oklahoma Department of Human Services, and Senior Systems Engineer at iPolicy Networks, an intrusion prevention firm. Bob has system-wide design and project lead experience, including network architecture, security assessment and enforcement, and network software development. Mr. Simpson holds the CISSP, GCIH, GCIA, and GPEN, as well as MCSE and CCNA certifications. He serves on the SANS Advisory board and is a member InfraGard. Most recently, Bob has developed GhostSentry, a device for remote access logging and compliance.


I See You

Brian Wohlwinder, Andrew Beard

In this talk, we will dive into the data captured during last years Wall of Sheep applications and protocols that are giving your away credentials. This is something that anyone, with the right level of knowledge and inclination, could certainly do with a few basic ingredients. We will enumerate them. The dataset we will focus on was gathered as part of the Wall of Sheep contest during DEF CON 22. While this data was gathered using an off the shelf technology, that platform will not be the topic we discuss. Rather, we will focus on the types and scope of data sent totally in the clear for all to see. Additionally, we will discuss the ramifications this might have in a less "friendly" environment -- where loss of one's anonymity, might really, really suck. Finally, we will discuss and recommend ways you can hamper this type of collection.

BIO: Brian Wohlwinder In his role as Manager of Threat for Fidelis Cybersecurity Systems, Brian is responsible for developing and evolving the company's threat detection strategy while synchronizing it with product strategy. Before "retiring," Brian also held a number of roles, in a wide range of cyber programs within the Department of Defense and associated Joint Community; his military service includes stints as a Cyberspace Strategist for the Air Force Space Command, Mission Commander at the Joint Functional Component Command - Network Warfare, Chief of Space Systems Integration, Network Engineer, Programmer, Systems Analyst, and Rated Flight Engineer. In addition to extensive training in the military, Brian also received his Bachelor's degree in Computer Science from Charleston Southern University and a Master's degree in Business Administration from The Citadel Military College.

Andrew Beard Andrew is the Manager of Threat Systems for Fidelis Cybersecurity and is a native of the DC metro area. In his role, he manages a small team that is primarily responsible for processing threat intel at scale. He holds a B.S. in Computer Engineering from the University of Maryland, College Park, with a minor in Dance Dance Revolution. He is a connoisseur of astronaut ice cream and somewhat begrudgingly takes slow, meandering walks with his French Bulldog, Fudge. He is often accused of being Gordon Freeman's evil twin and insists that no one is too old to own action figures.


Powershell for Penetraton Testers

Nikhil Mittal

PowerShell has changed the way Windows networks are attacked. It is Microsoft's shell and scripting language available by default in all modern Windows computers. It can interact with .NET, WMI, COM, Windows API, Registry and other computers on a Windows network. This makes it imperative for Penetration Testers and Red Teamers to learn PowerShell. This talk looks at various attacks and tasks performed by penetration testers and red teamers during different phases of an assessment and utilize PowerShell to make them easy and much more powerful. Various techniques like in-memory shellcode execution from a Word macro, dumping system secrets in plain, using innovative communication channels, lateral movement, network relays, using Metasploit payloads without detection etc. would be discussed.

BIO: Nikhil Mittal (Twitter: @nikhil_mitt) is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has 6+ years of experience in penetration testing for his clients which include many global corporate giants. He is also a member of red teams of selected clients. He specializes in assessing security risks at secure environments which require novel attack vectors and "out of the box" approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation. He is creator of Kautilya, a toolkit which makes it easy to use Teensy in penetration tests and Nishang, a post exploitation framework in PowerShell. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks. He has spoken at conferences including DEF CON, BlackHat USA, BlackHat Europe, RSA China, and EuSecWest.


The Packets Made Me Do It: Getting Started with Distributed Full Packet Capture Using OpenFPC

Leon Ward

Network security analysts love to see packets, however most commercial security products don't record them, instead they provide packet-less event messages that can leave you asking yourself "Did that event really happen?" This talk investigates this situation and covers the history that lead the speaker to start an Open Source project that has helped him to enrich security detection events with packets as required.

OpenFPC is a packet capture framework that is designed to help retro-fit full packet data into external existing packet-less event generating tools (think Intrusion detection, firewalls, SIEMs, or log managers). Learn how to rapidly deploy a distributed full packet capture system using only a few commands, and then enrich other tools with it to augment your current event analysis process.

BIO: Leon Ward has spent over ten years in "day jobs" working closely with both open source and proprietary network security tools. Following years of experience of helping to design and deploy large intrusion prevention deployments, he decided to focus on trying to advance the products themselves. While working as Director of Product Management at Sourcefire, he became responsible for network detection technologies including the famous Snort open source intrusion prevention engine. OpenFPC was started is a spare time "passion" project for Leon (read "not his day job") that enables him to stay knee-deep in packets and code.


Is Your Android App Secure?

Sam Bowne

It's easy to audit Android app security, and very important, because most of them have one or more of the OWASP Mobile Top Ten Risks. I tested the top ten US bank apps, stock trading apps, and insurance apps, and 70% of them were insecure. I'll demonstrate how to find SSL validation failures and how to add Trojans to vulnerable apps to create a Proof-of-Concept. Complete instructions for all these tests are available free at

BIO: Sam Bowne (Twitter: @sambowne) has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON, HOPE, BayThreat, LayerOne, and Toorcon, and taught classes and many other schools and teaching conferences. He has these things: BS, PhD, CEH, CISSP, WCNA, and a lot of T-shirts.


Sup3r S3cr3t!



Creating REAL Threat Intelligence With Evernote


In the presentation that threat intel vendors do not want you to see, threat data from open source and home grown resources meets Evernote as the ultimate braindump repository with the outcome of producing real actionable threat intelligence that your organization can leverage to stop the bad guys. This presentation discusses an experiment of using Evernote as a informal threat intelligence management platform, the specific concepts and strategies used, and its overall effectiveness. Specific topics covered include the advantages of using an open and flexible platform that can be molded into an open/closed source threat data repository, an information sharing platform, and an incident management system. Although using Evernote in this way in large enterprises is probably not possible, organizations can apply the same reference implementation to build similarly effective systems using open source or commercial solutions.

BIO: Salvador Grec (Twitter: @grecs) has almost two decades of experience, undergraduate and graduate engineering degrees, and a really well known security certification. Despite his formal training, grecs has always been more of a CS person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for five years, he discovered his love of infosec and has been pursuing this career ever since. Currently, he spends his days improving and architecting SOC solutions. At night he runs a local infosec website where he discusses his latest security research and offers his commentary on the world of cyber.


Hacking the Next Generation

David Schwartzberg

Kids are wired to learn. They are learning while they are playing, so why not give them an environment where they can play while they are learning. A combination of a speaking track, workshops, and an open area of stations complementing each other enables the attendees to expand and enlighten their technical interests. For innovation to perpetuate, it's imperative that today's young users are exposed to the bigger picture of how we got here and to help realize their potential. You can come learn more about how Hak4Kidz is making a difference and how you can potentially organize a Hak4Kidz in your local city.

BIO: David Schwartzberg (Twitter: @DSchwartzberg) is a Senior Security Engineer at MobileIron, a mobile security company, where he specializes in mobile and network security. Utilizing his 6 years accounting experience and combined 17 years InfoTech and InfoSec experience, he speaks regularly with technology executives and professionals to help protect their corporate secrets and stay compliant. In his spare time he co-founded Hak4Kidz,, and has blogged for Dark Reading, Naked Security and Barracuda Labs. He has spoken at conferences such as Black Hat Arsenal, BSides, Converge, DerbyCON, GrrCON, OWASP AppSec, THOTCON, Wall of Sheep Village, (ISC)2 Congress and several others. David has earned several certifications in the field of Information Technology and Information Security. If you need to know the list of certifications, that's what Linkedin is for.

Sunday, August 9


802.11 Monitoring with PCAP2XML/SQLite

Vivek Ramachandran

802.11 monitoring, attack detection and forensics has always been hard. It's almost immpossible to get any meaningful inference if one relies only on Wireshark filters. This is why we created Pcap2XML/SQLite, a tool to convert 802.11 trace files into equivalent XML and SQLite formats. Every single packet header field is mapped to a corresponding SQLite column. This allows us to create arbitrary queries on the packet trace file and we will show how this can be used for attack detection and forensics with live examples.

BIO: Vivek Ramachandran (Twitter: @securitytube) discovered the Caffe Latte attack, broke WEP Cloaking and publicly demonstrated enterprise Wi-Fi backdoors. He is the author of two best selling books on Wi-Fi Security and Pentesting which have sold over 13,000+ copies worldwide. He is the founder of and runs SecurityTube Training & Pentester Academy which has trained professionals from 90 countries. He has spoken and trained at a number of conferences including DEF CON, Black Hat USA / Europe / Abu Dhabi, Brucon, Hacktivity.


The Digital Cockroach Bait Station: How to Build Spam Honeypots

Robert Simmons

Spam honeypots are an excellent way to gather malware binaries as well as malicious URLs that attackers use to infect their targets. Many malware campaigns are shotgun blasts of emails sent to very large numbers of email addresses. If you can get your bait address on their list, they essentially send you a copy of the malware or the URL that leads to it. This talk will cover how to setup a spam honeypot for gathering these types of threats. It will also cover how to efficiently sort through the data coming in, what data points are valuable to include in your analysis, and finally how and where to share the threat data that you are gathering. The goal is to give one the tools they need to protect themselves from emerging threats as they appear in the wild.

BIO: Robert Simmons (Twitter: @MalwareUtkonos) is a Senior Threat Intelligence Researcher for ThreatConnect, Inc. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine and has been known to swear profusely and constantly in Russian.


Fishing To Phishing: It's All About Slimy Creatures

Wayne Crowder

Fishing at a professional level shares a lot of traits with security professionals. Deep analysis of the environment, weather, and water conditions. A passion and certain stubbornness are what successful professional fisherman have. A security analyst requires similar skills and motivations to achieve their objectives. Not surprisingly, if you can market yourself well, you don't have to be the best at either industry to make money. This talk will poke fun at both of the industries work in and love. The technology available now for those how like to chase slimy creatures is nothing short of amazing. The sonar and mapping market has made the learning curve on most lakes very short for those who can afford the devices. The growth of this industry has left these units open for an interesting security review.

We will take a fun journey researching a powerful, yet poorly implemented network device found on a lot of fishing boats. Abuse of the lack of controls can lead to a bad day on the water. Imagine a fishing pole that could also double as an omnidirectional Wi-Fi antennae showing the poached signals and "hot spots" of other anglers. The talk will be fun, a little tongue-in-cheek, but more importantly should show the risks of enabling Wi-Fi for just about every device with a display. The underlying hardware and software of the units will be discussed. If the fish aren't biting, the "custom" build loaded on a device can pass the time as if you were home. The talk will conclude with thoughts about a few other examples where screen sharing over Wi-Fi could lead to problems. I will challenge attendees to think differently about the Internet of Things and how hacking and security research is crucial to make things safer, smarter and better. Or, just come to watch fishing porn.

BIO: Wayne Crowder (Twitter: @wacbass) After the dream of becoming a fisheries biologist was crushed under the reality of low pay for 8+ years of school, Wayne turned to his love of technology. IT and Security have been very kind to Wayne's fishing habit. For many years it supported him while he moonlighted as a professional fisherman. Stints on TV, radio and seminars for boat or outdoor shows has led to at least a dozen autographs. Incident response and threat intel keep him busy. Wayne is proud he has more fishing poles than certifications.


From XSS to Root on Your NAS

Tony Martin

Home Network Attached Storage devices (NAS) are gaining in popularity because of the simplicity they offer to manage ever-growing amounts of personal data. The device's functionality is extending beyond a data store, adding functionality to become the central content management system, multimedia center, network management point and even automation hub for the home and small business. The devices offer accessibility to local and remote users as well as to untrusted users via data shares. These capabilities expose all stored data and the device itself to outside/remote attackers. This talk will demonstrate NEON TOOL; by leveraging multiple vulnerabilities, it allows a remote attacker to gain root access on a popular home NAS device. The talk will cover the problems that XSS, in conjunction with other weaknesses, can create. It will address how these vulnerabilities were uncovered, possible mitigations, how to work responsibly with the vendor to ensure a timely resolution and an investigation into the fixes employed.

BIO: Tony Martin ( Tony is a security architect at Fortune 100 networking company as part of the secure development lifecycle team. He likes green font with a black background and when bored, stuff tends to get broken –ethically. His areas of learning include software and system architecture / design with a flair for trying to build security from the start, implementing and breaking (or trying) applied crypto, and pen testing (hence this talk). Additionally, he loves training / teaching and enabling teams to build secure products. Tony volunteers many places including the Packet Hacking / Wall of Sheep Village.

Social Engineering Village

Friday, August 7


Yellow Means Proceed with Caution - Applied De-escalation for Social Engineering

Noah Beddome

Directing the nature and dynamic of social interactions is at the heart of social engineering. One of the most impactful forms of this is being able to make a functional interaction out of a hostile or uncomfortable one. During this talk we will look at the different levels of intensity within interactions and ways to manage them.

BIO: Noah Beddome is Former Marine and a present security consultant. His professional focus is on attack simulation with special emphasis on physical and interpersonal social engineering.


“I Didn’t Think it was Loaded” and Other Mental Derps

Michele Fincher

How many of you have ever yelled “Hey, watch this!” and lived to tell the tale? This year’s exciting glimpse into psychology and its application to security is around the fun topic of decision-making. Psychologists estimate that we make thousands of decisions a day. THOUSANDS. Now, many of these are trivial, but at least some of them have the potential to impact the security of your organization. We all think we’re great decision makers, and we’re all wrong at some point in our lives. Join me to get a better understanding of how and why we make our choices, and what you can do to improve your skills and guide your users to a happier (and safer) place!

BIO: Michele Fincher is the Chief Influencing Agent of Social-Engineer, Inc., possessing over 20 years experience as a behavioral scientist, researcher, and information security professional. Her diverse background has helped solidify Social-Engineer, Inc.’s place as the premier social engineering consulting firm.

As a US Air Force officer, Michele’s assignments included the USAF Academy, where she was a National Board Certified Counselor and Assistant Professor in the Department of Behavioral Sciences and Leadership. Upon separating from the Air Force, Michele went on to hold positions with a research and software development firm in support of the US Air Force Research Laboratory as well as an information security firm, conducting National Security Agency appraisals and Certification and Accreditation for federal government information systems.

At Social-Engineer, Inc., Michele is a senior penetration tester with professional expertise in all facets of social engineering vectors, assessments, and research. A remarkable writer, she is also the talent behind many of the written products of Social-Engineer, Inc., including numerous reports and assessments, blog posts, and the Social-Engineer Newsletters.

Michele has her Bachelor of Science in Human Factors Engineering from the US Air Force Academy and her Master of Science in Counseling from Auburn University. She is a Certified Information Systems Security Professional (CISSP).


Understanding Social Engineering Attacks with Natural Language Processing

Ian Harris

Social engineering attacks are a growing problem and there is very little defense against them since they target the human directly, circumventing many computer-based defenses. There are approaches to scan emails and websites for phishing attacks, but sophisticated attacks involve conversation dialogs which may be carried out in-person or over the phone lines. Dialog-based social engineering attacks can employ subtle psychological techniques which cannot be detected without an understanding of the meaning of each sentence.

We present a tool which uses Natural Language Processing (NLP) techniques to gain an understanding of the intent of the text spoken by the attacker. Each sentence is parsed according to the rules of English grammar, and the resulting parse tree is examined for patterns which indicate malicious intent. Our tool uses an open-source parser, the Stanford Parser, to perform parsing and identify patterns in the resulting parse tree. We have evaluated our approach on three actual social engineering attack dialogs and we will present those results. We are also releasing the tool so you can download it and try it for yourself.

BIO: Ian G. Harris is currently Vice Chair of Undergraduate Education in the Computer Science Department at the University of California Irvine. He received his BS degree in Computer Science from Massachusetts Institute of Technology in 1990. He received his MS and PhD degrees in Computer Science from the University of California San Diego in 1992 and 1997 respectively. His field of interest includes validation of hardware systems to ensure that the behavior of the system matches the intentions of the designer. He also investigates the application of testing for computer security. His group’s security work includes testing software applications for security vulnerabilities and designing special-purpose hardware to detect intrusions on-line.


I Am Not What I Am: Shakespeare and Social Engineering

John Ridpath

Teeming with experts in manipulation – from Machiavellian villains like Iago and Richard III, to more playful tricksters like Puck and Viola – William Shakespeare’s plays offer a surprising and fresh perspective on the art of social engineering. Via a deep analysis of the language and actions of these characters, we will explore Shakespeare’s skill in pretexting, spearphishing and baiting. With his mastery of the English language and appreciation of human psychology, there’s still a lot to learn from Shakespeare.

BIO: John Ridpath is Head of Product at Decoded. Most recently, he has worked on creating Hacker in a Day: a one day course designed to initiate non-technical audiences into the world of cybersecurity. Having studied an MA in Shakespeare at UCL, his early career spanned software development, journalism and lecturing.


Classify Targets to Make Social Engineering Easier to Achieve

Heng Guan

There are so many factors (culture, age, gender, level of vigilance, when to choose…) will affect the realization of each Social Engineering action. Since information gathering is needed, why not classify the targets first to increase the success rate? When people get trained, how to accomplish social engineering once more? This is a discussion about how to bypass the human WAF according to different characteristics, as a complement to existing research.

BIO: I am one of the few women security researcher & engineer working at TOPSEC, a leading company ranked first in Chinese information security market firewalls and hardware more than 10 consecutive years, having approximately 2000 workers. Graduated from Nanjing University of Aeronautics and Astronautics, one of China’s leading universities of science and engineering. Bachelor of Computer Science and Technology.

Saturday, August 8


Breaking in Bad! (I’m the one who doesn’t knock)

Jayson Street

I start off the talk describing each one of the below listed attack vectors I use. I tell a story from each of them I show video of me breaking into a bank in Beirut Lebanon. I show video of gaining access to USA State Treasury office. The most important part of my talk is not that at all. I spend the entire last half of the talk creating a security awareness talk! Where I go into ways to spot me (or any attacker) I show the different tools and devices users should be aware of. I show how users should approach a situation if someone like me is in the building or interacting with them online. I basically use this talk to entertain the security people in the audience enough that they will take this back to their work and share my PowerPoint and video of my talk with their executives and co-workers.

BIO: Jayson E. Street is an author of Dissecting the hack: The F0rb1dd3n Network and Dissecting the hack: The V3rb0t3n Network from Syngress. Also creator of He has also spoken at DEFCON, DerbyCon, UCON and at several other CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under Jayson E. Street *He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006.


Twitter, ISIL, and Tech

Tim Newberry

There is a concerted effort by researchers to understand how the Islamic State of Iraq and Levant (ISIL) is capable of influencing and radicalizing socially vulnerable audiences around the world via digital means. These efforts are demonstrated in a limited body of research that are often times rooted in conventional processes, therefore, having limited direct application to today’s dynamic, open-source digital environment. This environment affords a challenging, yet unique, opportunity to employ open source machine learning techniques guided by social learning and routine activities theory from the criminological field of study. This presentation will discuss a human driven, but machine assisted framework for identifying ISIL methods and victims in order to facilitate an effective counter-narrative for engaging the victims prior to influence happening. The framework utilizes historically based research designs to develop the frameworks, but machine learning to train classification algorithms utilizing data pulled from the Twitter API for modern application. The Scikit-Learn set of tools for Python were used to rapidly prototype tools for data mining and data analysis.

BIO: Timothy Newberry is a former Naval Officer and subject matter expert in digital training design and adversarial use of the internet. As a co-founder of White Canvas Group, Tim was selected to create, design, and implement a program for the CIAs Counter Terrorism Center producing measurable results against global terror networks. Tim has provided countless hours of subject matter expertise and creative design support to US Special Operations Forces (SOF) in developing alternative technical solutions for existing mission requirements within SOF. Since founding WCG, Tim has built technologies like GridMeNow, a location-based service for enhanced situational awareness, which has since been spun off into its own company. Tim has also been a noted speaker at venues such as the Global Information Operations conference in London and the World Wide Information Operations conference in Washington DC.

Prior to White Canvas Group, Tim was a Submariner for eight years of active duty service while completing various assignments in the Pacific, Iraq and Washington DC areas. He is a 2000 graduate from the United States Naval Academy where he earned a B.S. in Computer Science and graduated with distinction. He has an M.S. in Engineering Management from Catholic University of America, a masters level equivalent in Nuclear Engineering for US Naval Nuclear Power Plant operations, and is currently a PhD candidate at the University of New Haven where his focus is on the intersection of new age digital challenges and criminal justice.


A Peek Behind the Blue Mask: The Evolution of the SECTF

Chris Hadnagy

Join HumanHacker in an in-depth exploration of the mysterious world of the SECTF. From a small competition demonstrating a live compromise of fortune 500 companies to a full-scale village, how has the Social Engineering CTF evolved? What are the greatest takeaways from hosting 6 years of CTF competitions? It’s not often you get to hear what goes on behind the scenes. This informative talk will help social engineers, pentesters and future SECTF contestants alike understand how the Social Engineering CTF works. How are results calculated? What attack vectors have the highest success rate? What’s in a theme? What implications does the contest have for the world of SE and the state of corporate security? He’ll discuss expectations from the highest caliber social engineers and how he’s seen social engineering attacks evolve throughout the years. Part education, part documentary, this presentation is an ode to all things SE from the man who started it all.

BIO: When struck by lightning Chris Hadnagy was transformed into loganWHD and infused with the power of social engineering and the ability to identify the weak point in any physical security system. Countering the natural instinct to use his powers for self gain, Chris has spent his time teaching others in the lost arts of many security topics and spreading knowledge through articles and interviews published in local, national, and international magazines and tv shows and books. Hidden amongst normal mortals as the Chief Human Hacker of Social-Engineer, Inc, Chris currently lives a hidden life as the lead developer of Social-Engineer.Org and is the author of a few books on social engineering. If you are in trouble, and no one else can help, you can contact Chris online at or twitter at @humanhacker


Understanding End-User Attacks – Real World Examples

Dave Kennedy

ct: From our own analysis, phishing attacks for the first time are the number one attack vector superseding direct compromises of perimeter devices. Endpoints are now subjective to a number of different types of attacks and it’s all around targeting the user. This talk will walk through a number of targeted attacks that elicit social engineering aspects in order to gain a higher percentage of success against the victims. Additionally, we’ll be covering newer techniques used by attackers to further their efforts to move laterally in environments. Social engineering is here to stay and the largest risk we face as an industry – this talk will focus on how we can get better.

Bio: Dave Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David was the former Chief Security Officer (CSO) for a Fortune 1000 company where he ran the entire information security program. Kennedy is a co-author of the book “Metasploit: The Penetration Testers Guide,” the creator of the Social-Engineer Toolkit (SET), and Artillery. Kennedy has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. Kennedy is the co-host of the social-engineer podcast and on a number of additional podcasts. Kennedy has testified in front of Congress on two occasions on the security around government websites. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.Directing the nature and dynamic of social interactions is at the heart of social engineering. One of the most impactful forms of this is being able to make a functional interaction out of a hostile or uncomfortable one. During this talk we will look at the different levels of intensity within interactions and ways to manage them.


Phishing: Recon to Creds with the SpeedPhishing Framework

Adam Compton & Eric Gershman

This presentation will quickly explore some of the common phishing attack tools and techniques. Additionally, there will be a demo of a new tool, which can assist penetration testers in quickly deploying phishing exercises in minimal time. The tool can automatically search for potential targets, deploy multiple phishing websites, craft/send phishing emails, record the results, generate a basic report, among other bells and whistles.

Bios: Adam Compton currently works as a penetration tester and has over 20 years of infosec experience, 15 years as a penetration tester. He has worked in both the government and private sectors for a variety of customers ranging from domestic and international governments, multinational corporations, and smaller local business.

Eric Gershman is currently working on the security team for a group that manages large systems that enable researchers to do “Big Science”. Prior to working in security Eric pursued a bachelors degree in Information Technology at the University of Central Florida. During his time at UCF, he worked as a technician on a large help desk, research intern for an Anti-Virus company and finally as a Linux Systems Administration for several Department of Defense projects.

Wireless Village

Friday, August 7


PSK31 Modulation Polyglots

Travis Goodspeed & Sergey Bratus

BIO: Travis Goodspeed: Merchant of Dead Trees and Licensed Proselytizer of the Gospel of the Weird Machines with Pwnage, PoC, and Secular Rock.

Sergey Bratus is a Research Associate Professor at Dartmouth College. He enjoys finding weird properties of common programming models and protocols.


WPA Enterprise Hacking

Vivek Ramachandran & Thomas D’Otreppe

In this workshop, we will look at the different tools and techniques available to create honeypots and exploit WPA/WPA2 Enterprise networks. Our focus for this talk will be PEAP and EAP-TTLS but the principles taught can be extended to other EAP types as well.

BIOS: Vivek Ramachandran (Twitter: @securitytube) is the Founder and Chief Trainer at He discovered the Caffe Latte attack, broke WEP Cloaking, a WEP protection schema in 2007 publicly at Defcon and conceptualized enterprise Wi-Fi Backdoors. He is also the author of the book "Backtrack 5 Wireless Penetration Testing". He runs SecurityTube Trainings and Pentester Academy currently taken by infosec professionals in 75 countries. He also conducts in-person trainings in the US, Europe and Asia. Vivek's work on wireless security has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. He has spoken/trained at top conferences around the world including Black Hat USA, Europe and Abu Dhabi, DEF CON, Hacktivity, Brucon, ClubHack, SecurityByte, SecurityZone, Nullcon, C0C0n etc.

Thomas d'Otreppe "Mister X" is a wifi hacker and the author of Aircrack-ng, a Wi-Fi auditing suite as well as OpenWIPS-ng, an open source WiFi Intrusion Prevention System. He has designed Offensive-Security WiFu, a proactive wireless security course, with Mati Aharoni (muts) and also contributes to Kali Linux (and contributed to BackTrack Linux). He works as a software developer for MainNerve.Twitter: @aircrackng @openwipsng


SIGINT and Blind Signal Analysis with GNU Radio + Advanced SDR

Balint Seeber


The Wireless World of the Internet of Things

JP Dunning

The Internet of Things is a new spin old technology. Basically bringing to life all the "things" in our world, from door knobs to light bulbs. This presentation will talk about the wireless technologies integrated into these products along with some of there existing and potential risk, focusing predominantly on the favored ZIgBee and Z-Wave wireless protocols.

BIO: JP Dunning (.ronin) is a professional “breaker of things”. He has performed research and testing in security for over a decade. Primarily areas of play include portable, wireless, physical, and hardware security. He has developed and contributed to multiple projects including Katana: Multi-Boot Security Suite, The Glitch, SpoofTooph, BlueRanger, and CavitySearch.


Covert Wireless: Practical Hacker LPI-LPD

Wireless Warrior

Unlike commercial and consumer wireless, based on standards emphasizing cost, speed and interoperability, secure military and intel gear pays careful attention to low probability of detection and intercept (LPD/LPI) and traffic analysis. Their major tech focus is at the PHY layer using proprietary methods. Until the advent of Software Defined Radio the technology and cost to implement such protection were beyond all but the very well-funded. This presentation will review some of the publicly known capabilities of government monitoring and the practicality of defeating them using SDR, cypherpunk and varients of even amateur radio tech.

BIO: Wireless Warrior is a long-time cypherpunk with significant writings and contributions. He has worked with notables, including: Adam Back, David Chaum, Bram Cohen, Zooko Wilcox-O’Hearn, Jon Callas and Bruce Schneier. He has 10+ years experience in aerospace (plus 3 years at a successful commercial crypto and wireless company at the director level) with emphasis on secure communication. He is a founding member of GnuRadio (with Eric Blossom and John Gilmore).

Saturday, August 8


Wireless Pentesting: So Easy a Cave Man Can Do It


Chris will discuss wireless penetration testing using the network management suite he has written called n4p. N4p takes the pain away from system network device management during wireless pentests (WPA2 WPS) and the lengthy command memorization while bringing the ease of a highly modularized framework based design for efficient offensive tasks.

N4p incorporates hashcat for cracking pcap handshakes by converting pcaps to hcaps and running your pre defined rules. Wireless enterprise radius hacking with hostapd is also included. N4p also brings you the only solution for more incognito minded individuals by controlling your VPN and device bridges on the fly. By doing this we provide your MITM attacks with a strong attack base you could take nearly anywhere from SSLstrip to pulling off elaborate phishing with SET and redirection in iptables.

N4p provides you with a well planned out comprehensive iptables base script that provides adapter and port limitations out of the box for your rogue AP. You could restrict your victim's activity onto specific ports for easy of monitor/sniffing and be alerted real time with the ip of any new victims connecting.

BIO: In 2000, Chris released his first commercial app, Advanced Timer, which was the most widely adopted time candle chart utility in the commodities day trading practice in the early 2000s. Chris also developed the first Instant Messaging proxy platform for the AIM protocol in 2001. These applications were designed as early remote social engineering tools functioning as communication drop bots and incognito mail platforms. In 2007, Chris was an early adopter of smart phone development where he built custom ROMs for the windows PPC platform. More recently, Chris has spent time working in cryptography with the goal of ensuring the protection of sensitive information no matter where it travels, and focusing on internal IT architectural and administration vulnerabilities. Chris's passion for network intrusion and coding expertise led him to develop a comprehensive framework for wireless network intrusion, N4P, which is featured in the repository of Pentoo Linux. In addition to his technical expertise, Chris is a noted writer, and was recognized as a finalist for best new security blogger by the Security Bloggers Council at the 2014 RSA Security conference. Chris has also enjoyed speaking at national security events. Prior to his career in InfoSec, Chris spent 11 years at a national level and 8 as professional competitor in Motocross before retiring as a competitor to focus on his InfoSec career. He still serves as a mentor and trainer in the motocross community.


Software Defined Radio Performance Trades and Tweaks

Michael Calabro

This workshop is targeted at new and experienced software defined radio (SDR) operators, developers, and enthusiasts seeking a better end-to-end system understanding, and anyone looking to maximize their SDR’s performance. Commercially available SDRs (e.g. USRPs, RTL-SDRs, BladeRFs, etc) are commonly used to fuzz wireless interfaces, deploy private cellular infrastructure, conduct spectrum surveys, and otherwise interact with a wide variety of custom and commercial devices. This workshop focuses on the key parameters and performance drivers in SDR setup and operation that elevate these common platforms to the level of fidelity required to interact seamlessly with commercial devices and networks.

The workshop will begin by surveying different SDR hardware architectures and summarizing the performance tradespaces of several of SDR applications (e.g. collection/survey/transmit). Then the workshop will break down into three main content focuses:

Understanding SDR Hardware: Breakdown common RF frontend and receiver architectures. Identify and derive key performance parameters, and when they will bound performance. Topics covered will include: Noise figure calculation, internal amplification, Frequency selectivity, external RF chains, and noise sources.

Understanding SDR Platform Objectives: Collection, transmission, surveying, and other applications, each present unique challenges to SDRs and will be limited by different dimensions of SDR processing and/or setup configuration. Topics covered include: real-time processing, host buffering, sampling, guard-intervals, framework selection (GRC vs REDHAWK vs MATLAB vs custom), and frequency and time domain signal representation.

Optimizing and Improving Performance: Now that the hardware and platform trade space have been characterized, how do attendees meet and exceed the performance requirements of their application? We will present specific examples for several common platforms (RTL-SDR and USRP). Topics covered will include clock selection, ADC dynamic range, FPGA/SoC offloading, RFIC configuration, CIC filters, sampling, DC biases, antenna selection & pointing, host buffering / processing, and cost-performance trades..

BIO: Michael Calabro is a Senior Engineer at Booz Allen Hamilton Engineering Services where he is a technical leader of the Communications Center of Excellence. He has worked on digital communication systems and software defined radios for 7+ years and holds an MSEE focused in wireless communications. He regularly consults as a subject matter expert on commercial, government, and custom communication standards and systems.



Karl Koscher

The barrier to entry in software-defined radio is now almost non-existent. Wide band, receive-only hardware can be obtained for as little as $10, and tools like gqrx and SDR# make it extremely easy to get started listening to signals. However, there is a steep learning curve graduating from an SDR script kiddie to developing your own SDR tools. In this talk, I’ll cover the basic theory behind software-defined radios digital signal processing, and digital communication, including I/Q samples, FIR filters, timing and carrier recovery, and more.

BIO: Karl Koscher is a postdoctoral researcher at the University of California San Diego where he specializes in embedded systems security. In 2011, he and his collaborators were the first to demonstrate a complete remote compromise of a car over cellular, Bluetooth, and other channels. In addition to breaking systems, he also works on creating tools and technologies to enable developers to automatically find (and fix) potential security vulnerabilities in their embedded systems. Since earning his ham license at DEFCON 22 (and later upgrading to Amateur Extra), he has become interested in many aspects of wireless communications.


Automatic Live WPA/WPA2 Attacks and WPA_Supplicant

Vivek Ramachandran

In this workshop you will learn how to automate Wpa_supplicant to conduct live attacks on WPA/WPA2 PSK and Enterprise networks. We will be using Wpa_supplicant's control interface for automation via Python. We will be touching upon both the wpactrl wrapper as well as the DBUS API to demonstrate custom scripts for attacks.

BIO: Vivek Ramachandran discovered the Caffe Latte attack, broke WEP Cloaking and publicly demonstrated enterprise Wi-Fi backdoors. He is the author of "Backtrack 5: Wireless Penetration Testing" which has sold over 13,000+ copies worldwide. He is the founder of and runs SecurityTube Training & Pentester Academy which has trained professionals from 90 countries. He has spoken/trained at DEF CON, Blackhat USA/Europe/Abu Dhabi, Brucon, Hacktivity etc. conferences.


GNU Radio Tools for Radio Wrangling and Spectrum Domination

Tim O’Shea

An overview of modern tools available in GNU Radio and the greater GNU Radio ecosystem for building, testing, inspecting and playing with radio system physical layers in gory detail.

BIO: GNU Radio Developer, Software Radio and Machine Learning Researcher, Tim O'Shea is currently serving as research faculty at Virginia Tech Research Center in Arlington, VA


Rollin’ Down the Street Sniffin’ WiFi, Sippin’ on Pineapple Juice

Darren Kitchen & Sebastian Kinne

Why crack the network when you can be the network? Join Sebastian Kinne and Darren Kitchen of Hak5 as they slice the WiFi Pineapple down to its core. >From tracking and reporting to recon and targeting. From the next generation rogue access point to the future of the fruit. Learn what's possible with the WiFi Pineapple Mark V. Plus, adventures in not getting arrested on the Golden Gate Bridge.

BIOS: Darren Kitchen is the founder of Hak5, an Internet television show inspiring hackers and IT pros since 2005. Breaking out of the 1990s phone phreak scene, Darren has continued to foster his passion for information security throughout his career as a systems administrator, presenter and now creator of nefarious penetration testing tools. He also pwns you at Unreal Tournament.

Sebastian Kinne is the lead developer of the WiFi Pineapple. Prior to hacking fruits, he reverse engineered MMORPG network protocols while completing his BSc in Computer Science. As an avid speaker, trainer and wireless enthusiast, he has probably tracked your smartphone's WiFi in a demo or two.


Tospo Virus: Weaponizing WiFi Pineapple Vulnerabilities


Responsible disclosure of bugs in the Hak5 Wifi Pineapple, release of corresponding metasploit modules, and a walk through of weaponizing these bugs into a functioning worm originally designed for release at DEFCON23. Including novel methods for near proximity, low bandwidth, data ex-filtration in utilizing 802.11x packets.

BIO: Catatonic has three great loves in his life, his wife, his computer, and his whiskey.

Sunday, August 9


Meeting People Over WiFi


From day one when you buy a piece of wireless technology, whether it be just a cell phone, laptop or a fitbit, you get a wireless signature. In this talk we will talk about some of the things that can identify you in an environment and how people can track you. We will look at bluetooth scanning apps that you can use every day to track people inconspicuously from your phone, while walking, metroing, or as a passenger in a car driving. (Note: Some of this will require additional hardware, but we will show how you would do this via a laptop if you can't/don't want to buy additional hardware)

I will also be sharing how I was able to identify certain individuals who where around me was around me while traveling.

There will be a demo and walk anyone that is interested how they can do the same on their laptop right away. Depending on the setup of the room this year, this may mean one on one walking around or having individuals following along and field questions from the front of the room when experiencing problems.

Individuals that attend this presentation should be able to:

Use their Android or iPhone to identify bluetooth in their environment
Use Kismet (Android or Laptop) to identify users via wifi connections

BIO: Joshua currently works doing Incident Response in the Washington DC Area where he is part of the security group NovaHackers. Previously he worked for the Federal Reserve Board doing Unix and Network Administration, he has a Masters degree from UNC Charlotte in Security and Privacy, was the founder of the 49th Security Division. This year will be his 3rd time competing in the Defcon WCTF.

Additional activities he enjoys researching web vulnerabilities, looking for intel on pastedump sites, traveling, playing xbox and trying out new places to eat with friends.


Seeing Blue: Tools, Tricks, and Techniques for Messin’ With Bluetooth

Mike Ryan & Dominic Spill

Join Mike and Dominic for a hands-on workshop on how to use the latest and greatest tools and techniques to attack Bluetooth devices. This workshop serves as an intro to using Ubertooth to monitor classic Bluetooth and Bluetooth Smart (BLE). We will also cover cracking BLE crypto and give an intro to Bluetooth reconnaissance using open source tools and inexpensive off-the-shelf hardware.

BIOS: Mike Ryan is a Bluetooth expert and knows literally nothing about any other subject.

Dominic Spill is the lead maintainer of Ubertooth and full-time malingerer.

Crypto & Privacy Village

Friday, August 7


DNS and the Future of Authenticity


DNS is the keystone of the internet, the interface that allows us to attach semantic meaning to the world’s largest distributed computing system. It is the basis of the most widely used remote function call interface: the web browser’s address bar. From the browser, to SSH, to email, the Domain Name System is what we use to bootstrap the identity of programs, servers, and people.

Yet this key/value data store from the 80’s is insecure and increasingly prone to censorship. We have had the tools needed to make DNS cryptographically verifiable and decentralized for some time but the initial implementations failed. Thankfully, after years of research and trial-and-error, we finally have practical and deployable solutions.

This talk covers the benefits a cryptographically verifiable domain name system and the state of decentralized DNS. It debunks common myths about DNSSEC and explains why it is vital to a decentralized DNS. It finishes with an overview of Namecoin, outlining past challenges that have stymied widespread adoption and potential solutions.

BIO: Indolering is a usability engineer and focuses on security related usability research. He is a recent graduate, the lead usability engineer for the Namecoin project, and has a similar day job at EasyDNS.


Getting into the Trust Store We Trust

Ajit Hatti

It all starts with Trust Stores. Booting in to a trusted OS, managing sensitive information, establishing a secure channel for Communication across the networks or any transaction involving PKI.

Lets try and understand more about the Trust Stores, how do they work, how malwares and attackers (can) use different ways to manipulate the Trust Stores & what we can do to detect and secure such attempts.

BIO: Ajit Hatti is a Co-founder of “null -Open security community”, His work is focused on Infrastructure Security, providing Trusted Computing On Hostile Platforms & most of his papers are in social interest. Invented the widely exploited “Applanting” attack.

Previously worked on secure applications of Cryptography at Symantec Corporation. He has worked as an Engineer and Security Researcher with security companies like IBM-ISS, Bulelane, Zscaler in past.

He has previously presented his security research at BlackHat, NullCon, Ground Zero Summit & C0C0N

11:00 (Bronze 4)

Modern Crypto: 15 Years of Advancement in Cryptography

Steve Weis

This talk presents a general introduction to some of the most interesting developments in cryptography from 2000 onward. We'll present a high-level explanation of recent crypto developments, what applications they may enable, and how they may become more important in the coming years.

Topics may include modern elliptic curves, pairing-based cryptography, fully homomorphic cryptography, functional cryptography, obfuscation, and post-quantum cryptography.

BIO: Steve Weis is a software engineer at Facebook, where he most recently helped release support for PGP. Previously, Steve was co-founder & CTO of PrivateCore, a security startup acquired by Facebook in 2014. In the past, Steve was a technical director at AppDirect and a member of the applied security group at Google.

While at Google, Steve created Google 2-step verification and the Keyczar cryptographic library. Steve received a PhD in computer science from MIT where he was advised by Ron Rivest. Steve's interests include cryptography, security, theoretical computer science, and entrepreneurship.

11:00 (Bronze 3)

Using Privacy and Crypto Tools

Edmond Rogers (bigezy) & Shane Rogers (bust3r)

This talk will discuss tools you can use to ensure your privacy online. What options are available now to protect your privacy in your personal computing device and the cloud? We’ve all heard of tools like PGP and OTR, but we’ll show you some newer tools with which you may not be familiar. This will include the best way to encrypt your email, providing privacy in cloud storage, and managing encryption keys. We will also step through how to install these tools. From there we will also discuss how to keep your privacy intact showing ways to clean cookies and other tracking data that accumulates in your devices.

BIO: Edmond Rogers was actively involved as an industry participant in many research activities in ITI’s TCIPG Center, including work on NetAPT (the Network Access Policy Tool) and LZFuzz (Proprietary Protocol Fuzzing). Rogers was a security analyst for a fortune 500 investor-owned utility, where his responsibilities included cyber security of SCADA networks. Before that, he was a security manager and network architect for a transfer agent for 43% of all mutual funds. Rogers leverages his wealth of experience to assist ITI researchers in creating laboratory conditions that closely reflect real-world configurations.

Shane Rogers (no relation) is working toward his Master's in Computer Science as an ICSSP scholar at the University of Illinois at Urbana Champaign. He has worked as a research assistant for Information Trust Institute at UIUC focusing on OpenFlow enabled software defined networks and as an EO&T Systems Engineering Intern at Boeing Defense, Space, and Security. He is also the ACM chair of the Open Network Security Monitoring (@OpenNSM) group at UIUC and in his free time likes nothing better than answering questions from his family members about how to fix their smartphones. Have you tried turning it off and back on again?


Peerio: Productivity with end-to-end encryption

Nadim Kobeissi

Peerio is a desktop and mobile productivity app that combines messaging with cloud file storage and sharing, as well as contacts management and everything else you need to be productive. Peerio does what you'd expect from a Gmail + Google Drive hybrid, except it comes with end-to-end encryption built in from the ground up.

BIO: Nadim Kobeissi is a PhD researcher studying applied cryptography at INRIA's PROSECCO lab. He is interested in provable security, usable encryption, formal logic, JavaScript and the web. His software projects, which have focused on making encryption and online privacy more ubiquitous, include Cryptocat, an encrypted instant messaging platform, miniLock, a modern standard for file encryption, and Peerio, a full-featured open source productivity platform with end-to-end encryption. Originally from Lebanon, Nadim completed his undergraduate studies in 2013 in Montréal, Canada, and currently resides in Paris.


Keynote: Crypto & Privacy Village

Whitney Merrill (@wbm312), Justin Culbertson (@jus341), Peter Teoh (@pteoh), Tony Arcieri (@bascule), Jorge Lacoste (@lacosteaef), and Nadia Kayyali (@NadiaKayyali)

Welcome to the Crypto & Privacy Village. Come and learn all about the Village and the humans behind the scenes. We will announce some cool crypto puzzles we have planned and talk about our first electronic badge. Come and learn how you can participate and get involved.

BIOS: Whitney Merrill is an attorney and graduate student in computer science at the University of Illinois at Urbana-Champaign specializing in information security, computer crime, privacy, surveillance, and Internet law. Her current research focuses on Android privacy, digital forensics, and the legal and usability issues surrounding encryption. She is a member of the Illinois Security Lab, and in her spare time Whitney runs the Crypto & Privacy Village. She loves solving puzzles and recently staying up late creating them.

Justin, aka Neon, helps run the Crypto & Privacy Village from the website to puzzles. He is also a DC DarkNet Operative and a member of the defcoin community! Come say hi to get a taste of those decentralized, digital hacker coins.

Peter Teoh leads the software security and compliance function for his current employer. He has worked in the tech industry since the last century in a variety of roles from network security, to data protection and privacy. Pete has been attending DEF CON since DC19 and was a speaker at DC22. In his spare time he hoards electronic gadgets and is an honorary cat lady.

Tony Arcieri works on the Platform Security Team at Square. These days he dabbles in cryptography. In the past he made the Celluloid actor framework for Ruby and the Reia programming language.

Jorge Lacoste swizzles bits and harvests blue smoke from ICs. This is his 6th DEF CON. Say hello if you see him. Jorge is also the principle designer of the first ever CPV electronic badge.

Nadia Kayyali got the opportunity to work with Crypto & Privacy Village as a member of EFF’s activism team. Nadia's work at EFF focuses on surveillance, national security policy, and the intersection of criminal justice, racial justice, and digital civil liberties issues. Nadia has given privacy trainings to a wide variety of audiences in the U.S., from artists to Black Lives Matter activists. Nadia previously served as the 2012 Bill of Rights Defense Committee Legal Fellow where they worked with grassroots groups to restrict the reach of overbroad national security policies. They earned their B.A. from UC Berkeley, where they majored in Cultural Anthropology and minored in Public Policy. They received their J.D. from UC Hastings.


Keynote: Underhanded Crypto Contest

Adam Caudill (@adamcaudill) & Taylor Hornby (@DefuseSec)

The Underhanded Crypto Contest is a research project to better document the state of the art in malicious crypto implementations and designs - and through that understand, lead to better training for reviewers and better detection of flaws, accidental or otherwise. Starting this year, the Underhanded Crypto Contest will be working closely with the Crypto & Privacy Village - this year we are running two short challenge contests; details available on Starting next year, the winners of the main event will be announced here.

BIO: Adam Caudill is an independent security researcher and software developer with a primary focus on application security, secure communications, and cryptography. He is active in the open source community, writes on security and related topics, and is an advocate for user rights and privacy. His work has been cited by many media outlets and publications around the world, from CNN to Wired and countless others.

Taylor Hornby is a recent graduate and independent security researcher focusing on topics ranging from human usability to side channel information leakage. He has contributed to the open source community by performing both volunteer and paid security audits of popular code, as well as by creating developer-friendly security libraries.


Life of PII: A Day in the Life of Your Personally Identifiable Information

Alisha Kloc

As privacy issues move into public awareness, it’s important for consumers to understand what companies, governments, and other entities are doing with their private data. What really happens after you click “Submit”? How well-protected is your data? How do companies keep it safe — from unscrupulous data collectors, from overreaching governments, from malicious actors or just plain overly-curious employees? With Google as an example, take a look at the lifecycle of an average consumer’s PII, or personally identifiable information, from its entry into a website to its deletion from the site’s servers. Learn how private data is currently protected, and find out what you can do to safeguard your data and encourage more companies to implement strong data privacy protections.

BIO: Alisha Kloc is a security and privacy engineer at Google, where she protects users’ data from unauthorized access and misuse. Before Google she built security systems for several governments as a security engineer at Boeing. She is passionate about data security and user privacy, and believes that more openness around and sharing of corporate privacy policies, practices, and procedures will help companies and users develop a much stronger sense of, and appreciation for, data privacy and security.


Opening Backdoors: The Importance of Backdoor Research

Adam Caudill

The world of security research is fraught with ethical dilemmas, and open research on how to backdoor and subvert systems certainly brings its fair share. Releasing code for an intentionally flawed encryption implementation or a design for a system that appears to be secure, but in fact allows an attacker to easily recover secret data - this pushes the limits of doing more harm than good, yet is critically important for defenders. Without solid research into how systems could be effectively and efficiently backdoored, defenders quickly fall behind, giving clever attackers a strong upper hand. Defenders, those charged with reviewing code and designs may be able to easily detect the cliched sending emails with credit card numbers, but how prepared are they for a better class of attacker? This talk seeks to cover both the need for the information gained, especially through events such as the Underhanded Crypto Contest, and the risks that it presents.

BIO: Adam Caudill is an independent security researcher and software developer with more than 15 years of experience. He primarily focuses on application security, secure communications, and cryptography, though also works with hardware, embedded systems, and related technologies. His research and writing has been cited by media outlets and publications around the world. Active blogger, open source contributor, and advocate for user privacy and protection. Adam is also the founder of the Underhanded Crypto Contest.


How to Engineer a Cryptographic 'Front Door'

Karl Koscher

With technology companies embracing strong encryption, the US Government is now pushing for cryptographic “front doors” that would allow law enforcement to break encryption with a warrant. But is it even possible to build these “front doors” without introducing vulnerabilities that could be maliciously exploited? In this talk, I’ll sketch out a potential solution (and what I believe NSA/FBI wants to implement, based on their public statements) using public key cryptography, threshold secret sharing, and cryptographic hardware. I will also explain why “front doors” are still a bad and unworkable idea.

BIO: Karl Koscher is a postdoctoral researcher at the University of California San Diego where he specializes in embedded systems security. In 2011, he and his collaborators were the first to demonstrate a complete remote compromise of a car over cellular, Bluetooth, and other channels. In addition to breaking systems, he also works on creating tools and technologies to enable developers to automatically find (and fix) potential security vulnerabilities in their embedded systems.


Let's Talk about Let's Encrypt

Bill Budington (@legind)

Let's Encrypt is a new Certificate Authority. It will provide free X509 certificates in an automated way, with close to no deployment overhead. Currently, requesting and deploying X509 certificates is a tedious and costly process - both in terms of vendor and labor costs. Our studies show that it often takes between 1 to 3 hours to go thorough the entire process of setting up HTTPs on a webserver. Let's Encrypt will reduce that time to a matter of minutes for the initial setup, and mere seconds for renewals.

BIO: William Budington is a Software Engineer at the EFF, where he works on Let's Encrypt as well as other technology projects. He's also a developer for SecureDrop, an anonymous document submission platform. As a crypto-enthusiast, he's taken part in the W3C Web Crypto Working Group and is excited to see the web grow as a platform for cryptographic applications. He loves hacker spaces and getting together with other techies to tinker, code, share, and build the technological commons.

16:00 (Bronze 4)

CFSSL: the evolution of a PKI toolkit

Nick Sullivan

n July 2014, CloudFlare released CFSSL, an open source toolkit for TLS and PKI written in Go. CFSSL can be used as a lightweight certificate authority (CA), a certificate chain bundler--and now--a TLS configuration scanner. One year later, CloudFlare is excited to announce CFSSL 1.1 and, the home on the web for the CFSSL development team. This presentation will cover the challenges of the project and how it evolved from an internal tool for CloudFlare's Railgun product into a software library used by several high-profile organizations including the "Let's Encrypt" project.

BIO: Nick Sullivan is a cryptography and security enthusiast. He founded and built the security team at CloudFlare, one of the world's leading web security companies. He is a digital rights management pioneer in his work building Apple’s multi-billion dollar iTunes store. He holds an MSc in Cryptography and a BMath in Pure Mathematics.


Machine Learning and Manipulation

Jennifer Helsby (redshiftzero)

The wealth of data available in the modern age has enabled the use of machine learning methods and other data science methods in a range of new areas. Current applications include ranking items in social media feeds, optimizing advertisements, and surveillance and predictive policing by government and law enforcement. This talk will discuss some of the potential ethical and privacy issues associated with the widespread use of machine earning algorithms. Most suffer from a lack of transparency in their design and operation. Mass social engineering is feasible through the use of individualized messages crafted by adaptive algorithms. Subtle manipulation would be very difficult to detect by individuals but can have significant social impact. In addition, biases in input datasets used for training algorithms treated as impartial can systematize discrimination against certain populations. Faced with these challenges, some potential avenues for ameliorating these problems will be discussed, both in terms of policy and technology. As a community, we need to better understand and monitor the role of these methods in society in order to ensure that we build and support systems that are resistant to misuse.

BIO: Jennifer Helsby (@redshiftzero) is a researcher and scientist. She is currently a Data Science for Social Good fellow at the University of Chicago where she works on the application of data analysis and machine learning methods to problems with positive social impact. She also is a co-organizer of Cryptoparty Chicago, which teaches people about privacy issues and digital security practices. Before that, she completed a Ph.D. in Astrophysics at the Kavli Institute for Cosmological Physics at the University of Chicago where she did theoretical and computational work studying the large scale distribution of galaxies in the universe.

16:30 (Bronze 4)

IMSI Catcher Counter-Surveillance

Freddy Martinez

This talk will address how activists can detect IMSI Catchers around political protests and how to do some practical counter-surveillance. We will very briefly discuss the capabilities of IMSI catchers and then launch into a discussion about detection and evasion. In the talk we will describe practical (cheap / off the shelf) solutions that we have actually used in various scenarios. Lastly we will describe future work in this area.

BIO: Freddy studied graduate level physics now works as a Linux SysAdmin. His current focus is on privacy/digital rights, free and open source projects, and FOIA work including multiple lawsuits against the City of Chicago.


Beginner Crypto for Application Developers

Justin Engler

Are you a software application developer who wants to add secure storage or communication to your application, but you have no idea where to start? This talk will quickly lay out the basics of how to add crypto to your application in a straightforward manner. No math, no cryptonerd technobabble, just simple practical techniques to use and pitfalls to avoid.

BIO: Justin breaks into programs for a living. This includes both private and publicly-released work on open and closed source messaging and privacy applications. Justin has been breaking into programs for a living for 5 years, and has been doing IT and security work for over 10 years. He has previously spoken at DEF CON, Toorcon, Black Hat, and several regional conferences.


Breaking RSA - new cryptography for a post-quantum world

Jennifer Katherine Fernick

As we move into a new paradigm of computation, almost all of our assumptions about the security of our current cryptosystems are wrong. Large-scale quantum computers are known to be able to execute algorithms capable of efficient factoring and discrete logarithm computations. Unfortunately, most of the public-key cryptography widely used on the Internet today - including RSA and Elliptic Curve Cryptography - is based on the presumed hardness of these exact problems. In this talk, I introduce quantum computation and the practical realities it will have on popular cryptosystems - both technically, as well as from the perspective of a variety of use cases. From here, I introduce the new mathematics we're currently building to replace RSA in a post-quantum world, and the entirely new cryptanalytic tools we'll need to use to construct it.

BIO: Jennifer Katherine Fernick is security researcher and PhD candidate in Cryptography & Quantum Information at the Institute for Quantum Computing at the University of Waterloo. Her research involves cryptology and quantum computation - specifically, in looking for cryptographic algorithms that will be resistant to cryptanalytic attacks from adversaries with access to quantum computers. She is a founding member of the European Telecommunications Standards Institute's industry specification group on Quantum-Safe Cryptography, which aims to find and standardize quantum-resistant alternatives to our current cryptographic infrastructure. Previously, she has studied for a Master of Engineering in Systems Design Engineering and holds a BSc in Cognitive Science & Artificial Intelligence.

Saturday, August 8


Should we trust crypto frameworks? A story about CVE-2015-2141

Evgeny Sidorov

The presentation will cover details of a bug (CVE-2015-2141) I found in the Rabin-Williams (RW) digital signature system implementation in the well-known Crypto++ ( framework. The bug is misuse of "blinding" technique that should prevent timing attacks but results in an ability to recover a private key having only two signatures of one message.

BIO: Evgeny Sidorov is an Information Security Officer at the major Russian search engine company Yandex. Evgeny works in the Product Security Team and is responsible for developing and embedding various defense techniques in web and mobile applications. He finished his Master degree in applied mathematics at the Institute of Cryptography, Telecommunications and Computer Science of Moscow.


Where are the privacy-preserving services for the masses?

Hadi Asghari

We seldom see incremental trade-offs offered between privacy and other qualities in online services. Many markets are dominated by large firms offering services for "free" and in exchange for personal data. There are less popular offerings in the other extreme, providing privacy and anonymity in exchange for lower performance and convenience. Offerings in between the two extremes are not common, despite post-Snowden surveys showing that a third of consumers find privacy very important. The absence of services to fill this market gap is puzzling. I hypothesize that a number of fundamental economic reasons make it hard for commercial, privacy-enhanced services to compete with the two extremes on scale. These include: difficulty in trusting privacy claims, the usefulness of data in designing and securing services, network effects, and the high value of targeted ads. In economic terms these induce market failures and if proven have regulatory consequences, for instance with regards to competition law. I am embarking on new research in this area, and would like to present the idea to privacy enthusiasts, coders, and entrepreneurs producing privacy-preserving services to receive input for my research.

BIO: Hadi Asghari is an assistant professor at Delft University of Technology in the Netherlands and a visiting fellow at Princeton's Center for Information Technology Policy (CITP) starting this fall. His research focuses on the economics of cybersecurity and online privacy. Prior to moving to the Netherlands, he worked as a software and network engineer in Iran.


Skip, Freak, and Logjam: Moving past a legacy of weakness in TLS

Karthikeyan Bhargavan

The Transport Layer Security (TLS) protocol suffers from legacy bloat: after 20 years of evolution, it features many versions, extensions, and ciphersuites, some of which are obsolete and known to be insecure. Implementations and deployments of TLS deal with this complexity by implementing composite state machines that allow new and old features to coexist for interoperability, while waiting for deprecated features to be disabled over time. Getting this composition right is tricky, and any flaw can result in a serious attack that bypasses the expected security of TLS.

This talk will discuss three recent vulnerabilities discovered in our group: SKIP uses state machine flaws in Oracle’s JSSE to hijack TLS connections between a Java client and any web server; FREAK uses legacy support for export-grade RSA cipher suites to break into connections between mainstream browsers and 25% of the web; Logjam exploits a protocol flaw to confuse DHE key exchanges into using export-grade Diffie-Hellman groups. These attacks rely on a combination of protocol-level weaknesses, implementation bugs, and weak cryptography. The talk will advocate principled methods to avoid such weaknesses in the future, such as software verification and new robust designs for new protocols like TLS 1.3.

BIO: Karthik is a researcher at INRIA, the French national lab for computer science. He is based in Paris where he leads a team called Prosecco (“programming securely with cryptography”) and is the principal investigator of an ERC starting grant on provably secure implementations of cryptographic protocols. Karthik and his colleagues develop new programming languages like F* ( and use them to build and verify protocols like TLS (

Along the way, they sometimes find and disclose implementation bugs and protocol flaws like Triple Handshake (, FREAK (, and Logjam ( Partly as a consequence of these attacks, and partly motivated by stronger security theorems for the web, Karthik is loosely involved with the TLS working group in the design on TLS 1.3. Karthik was trained at IIT New Delhi and the University of Pennsylvania. Before coming to Paris in 2009, he worked as a researcher at Microsoft Research in Cambridge, England for several years.


Workshop: How Do I TAILS? A Beginner's Guide to Anonymous Computing

Forrest (Forbo)

Tails is The Amnesic Incognito Live System. Think of it as 'private browsing on steroids'. It is a fully bootable Debian-based distro that is designed from the ground up to protect your anonymity and privacy. All traffic is routed through Tor by default. In addition to many basic applications, it includes utilities designed to prevent information leaks.

It is used by whistleblowers, journalists & their sources, political activists living under oppressive regimes, victims of domestic abuse and many more. Edward Snowden, Glenn Greenwald and Laura Poitras all used it throughout the process of bringing the NSA's overreach to light, and continue to use it today.

In this workshop, we will be covering more fully what Tails is, what it is used for, how to get your own copy up & going, as well as special considerations to take when it comes to operational security. Step-by-step instructions for creating your own bootable copy will be provided for your convenience.'

BIO: Forbo (is a penetration tester with a background in network and systems administration. An EFF member and volunteer, he helped people to learn about privacy protecting technologies at last year's Crypto & Privacy Village. When he's not protesting the NSA's mass surveillance, he pretends to be a DJ mixing bumpity-bumpity-boom computer music, particularly trance, breaks, and drum & bass.


What is Bitcoin Tumbling and why do it?

Sean Thomas Jones

Bitcoin and other crypto-currencies have become a very big deal since its inception in January 2009 when the very first transaction was recorded to the blockchain. Since this time multiple other crypto-currencies have come into existence, an entire crypto-currency market has been created and the technology is making waves in the overall economy.

As with all technology it can be used for good or bad and Bitcoin is no different. The technology has grown in popularity and many people desire to use it in a secure, anonymous manner that would make it difficult to identify them. One option would be the use of a Bitcoin Tumbler. This tool was created because every Bitcoin transaction is written to a public ledger called the blockchain. Anyone can track Bitcoins as they are transferred between addresses.

When used properly the process of tumbling Bitcoin may increase your chances of remaining anonymous. This tool is useful to people looking to maintain their privacy, those who may be in restrictive countries or someone looking to make a purchase without it being tracked back to them. It also may be used to launder stolen Bitcoins, make illegal purchases or avoid leaving the paper trail found with traditional currencies.

BIO: Sean Thomas Jones is an accomplished information security professional and father of three. He has many years of experience securing and defending networks and hardening applications by using best practices, tools and technologies. Sean recently won the World Championship Title Belt in Spaghetti Monster Wrestling by defeating his children in the royal rumble. Along with this Championship, Sean also holds the SANS/GIAC Incident Handler, Intrusion Analysis and Web Application Penetration Tester Certifications along with the ITIL Foundation Certification. He practices his craft as a Cyber Crime Researcher at AlertLogic in Texas, which is affectionately called "GOD's Country" or the Lone Star State" and owes his success to his wonderful and patient wife.


The design and implementation of a white-listed, end to end encrypted status application

David Dahl

The design and implementation of a white-listed, end to end encrypted status application, or how we can have nice (private social network) things. The general line about privacy and social networking goes like this: "You can either have an easy to use and very social system with ads and data-mining or you can use GPG and like it". While there are many technical hurdles to overcome, the burden for a designer of a "private Twitter" or "private Facebook Wall" lies chiefly with user experience that rises above that of all of the difficult to use privacy tools we depend on today. In this talk, the code, frameworks, data structures, database queries and front-end UX will be examined, discussed and demoed in a working "Twitter-like" status update application.

BIO: David Dahl is the director of the Crypton project at SpiderOak. Crypton is a end to end encrypted application framework for mobile and desktop applications. In a previous life, David was a Senior Privacy Engineer at Mozilla Corporation where he helped edit the W3C Web Crypto API specification and created the Web Console in Firefox. Before this episode, he was a Software Engineer at Industrial Light & Magic working on the artists' knowledge base. He hacks on Zero-Knowledge software in his bunker somewhere in the Middle-West.

13:00 (Bronze 4)

Hacking Quantum Cryptography

Marina (bt3)

Alice and Bob’s quest through the fascinating quantum mechanics world as a way to avoid archvilainess Eve eavesdropping. In 1994, Peter Shor showed that many of the cryptosystems used today can be broken using a quantum computer. This idea will be explained together with a short overview of qubit systems. Next, we will see how quantum computing gives rise to the possibility of quantum key distribution with unparalleled security. We will end with a brief discussion on post-quantum cryptography concepts.

BIO: Marina is an information security engineer at Yelp, in San Francisco. She finished her PhD in Physics last year, at the University of Stony Brook in New York. During graduate school she researched theoretical and computational Physics at several national laboratories, such as NASA Goddard Space Center, Los Alamos National Laboratory, and Brookhaven National Laboratory. She is an avid CTF player and her first computer was a 386, when she was 5 years-old.


The Death of Privacy


How did we let it get this bad and what you can do to get some of yours back.

Over the years our individual freedoms and personal privacy rights have steadily been eroded. But it is not just the fault of the government or the NSA. Many of our own choices and changes in cultural norms have helped make this happen. In this talk I will explore how things got out of hand and why. While it may be too late to go back to that age of innocence, we can face the future better informed and prepared to protect our security and reclaim our rights to personal privacy.

BIO:Involved in computers since the dark ages (before WWW). The first computer I hacked was an IBM 1130 mainframe. Designed and built my first personal computer running CPM on a Z80 in the late 70s. Built large scale WANs for Fortune 500 companies during the 80s. Developed eCommerce sites and managed web developers during the 90s. Since 2000 I have been an Information security and computer forensics expert and have acquired a lifetime of experience to share in many aspects of the tech industry. .A Defcon goon for 22 years and longtime privacy advocate.


CrypTag: Building Encrypted, Taggable, Searchable Zero-knowledge Systems

Steven Phillips

Internet users should be able to access their data from anywhere without having to trust the web applications and cloud services storing that data.

But there's a problem. Zero-knowledge storage systems are often impractical for web apps because they can't perform often-essential functionality on behalf of the user, such as search, since they don't have the password to decrypt that data in order to search it, and you can't search encrypted data. Or can you?

This presentation introduces CrypTag, a library that enables Go programmers to easily build applications that store encrypted user data that users can tag and securely, efficiently, remotely search by those tags without revealing anything about the nature of said data to the party storing it. That is, CrypTag is a library for easily creating encrypted, taggable, searchable zero-knowledge systems.

This talk covers the tricks behind how CrypTag works, the pros and cons of using CrypTag versus alternatives, includes a live demo of a useful open source CrypTag-based program, and is suitable for anyone who knows what a server is and is excited about leveraging encryption to help everyday users and geeks alike.

BIO: Steven Phillips is a Philosopher and computer programmer. He studied Philosophy and mathematics at UC Santa Barbara before co-founding the cleverly-named Santa Barbara Hackerspace in 2010. In 2012, after heeding the warnings of Jacob Appelbaum and Julian Assange of an ever-growing surveillance state, he co-founded The Cloak Project ("TCP" for short) with AJ Bahnken. TCP has since produced the secure chat programs LanChat and Cloakcast, as well as cryptographic utility libraries written in the Go programming language.

Steven is passionate about human Greatness, social justice, democratizing forces, and revolutionary projects.


Making Email Dark

Ladar Levison & Fred Nixon

This talk will focus on the Dark Internet Mail Environment (DIME), a standards based, collaborative effort to create an elegant technical solution which is capable of protecting the privacy of email. DIME is focused on making the end-to-end encryption of email messages automatic, provides for message confidentiality, author verification, and minimizes the leakage of metadata. The DIME standards dramatically reduce the amount of trust individual users must place in service providers. The new standards, which we hope will someday succeed OpenPGP, have been designed to resist manipulation by advanced persistent threats. During this short presentation, we will provide a compressed discussion of the DIME standards, followed by a project update, where we hope to showcase the DIME implementation />
BIO: Ladar Levison is the Owner and Operator of Lavabit, LLC, an email service founded in 2004 (and originally named Nerdshack), Lavabit has always been focused on protecting the privacy of its user's communications. Levison created Lavabit because he believes that privacy is a fundamental, inalienable right, and a prerequisite for afunctioning, free and fair democratic society. This led Lavabit to reach, at its peak, over 410,000 users. Then, on August 8, 2013, and in response to a court decision which required Lavabit to surrender its TLS private key, Levison made the bold decision to suspend operations, and refuse to remain silent, and "complicit in crimes against the American people." Since then Levison has been vigorously defending the right to speak freely, and privately on the Internet. As the principal force behind the Dark Mail Initiative, Levison has also been working on a technical solution for the problem of email privacy.

Fred Nixon is a developer, based in Atlanta, and working to implement the Dark Internet Mail Environment. Fred has worked for Mindspring, Earthlink, and General Electric in Research and Development, creating scalable, distributed systems for communications and core ISP services. He is an advocate for speech and privacy rights, and the technology to support those rights for everyone.


STDs are the least of your worries when Cyber Cancer Prognosis is imminent

Chris Brown (BigBiz)

Crypto and privacy are BIG concerns when dealing with any type of threat but when dealing with STDs (we refuse to acknowledge APT - anyone who mentions advanced persistent threats shall be thrown out of the talk ;>)

BIO: Mr. Brown has been a Info/Cyber Security Instructor since 2004 and in the IT business since 1997. Currently traveling and teaching as a Sr. Technical Instructor for FireEye, he has previously taught for ArcSight (Pre-HP acquisition), Dept of Army Europe, contract trained for Microsoft, HP, Comptia and ISC2. Mr. Brown has also worked various Cyber Security Analyst and InfoSecurity positions for Northrop Grumman, Raytheon, DRS and a few other defense contractors. Mr. Brown has traveled extensively both on a domestic and international level and has seen the good, the bad and the ugly regarding a broad range of topics that relate to crypto, privacy, intrusion-problem set actors and detection & defense TTPs/SOPs that work and haven't worked.


Protecting global email - status & the road ahead

Per Thorsheim

In the spring of 2014 was launched. A simple service to measure and grade the RFC 3207 STARTTLS support of the mailservers for any given domain, it was quickly embraced by ACLU and EFF. Used as a reference site, major service providers around the world were persuaded very quickly to implemented support for RFC 3207.

This talk will summarize the history & current status of worldwide RFC3207 adoption. It will also look at upcoming solutions that will further enhance the security of email and keep the bad guys from unlawfully intercepting & monitoring your private communication.

BIO: Above average interested in Passwords. The guy who has convinced the Norwegian government to recommend (& soon standardize) the use of RFC 3207 STARTTLS, as the first country in the world to do so.


Engineering Responsible Data Governance - A Privacy by Design Primer

Steven F. Fox

The data “gate keepers” – companies that gather and process data using technologies ranging from mobile/wearable devices to Big Data – have the opportunity to be the guardians of privacy. This role can be realized only through the work of practitioners that can design for data security and privacy. While RSA Conference sparked the vision in my minds of management, this session calls upon the DefCon community to make it happen.

This talk uses case studies to explore Privacy by Design (PbD), a systems engineering approach that accounts for privacy throughout a lifecycle. Attendees will learn how to apply the seven principles of PbD to account for privacy concerns while delivering on a system’s business requirements. They will also learn how to become trusted advisors to organization working to integrate PbD into their development programs.

BIO: Steven F. Fox is an infosec polymath – bringing a cross-disciplinary, international perspective to the practice of information security; combining his security architecture/engineering, consulting, an IT Audit and systems engineering expertise with principles from behavioral/organizational psychology to address security challenges. He is a blogger covering IT Governance, Risk Management and IT-Business fusion topics. He also volunteers his time to the Ponemon Institute and Circle City Con.


Underhanded Crypto Contest Wrapup

Adam Caudill & Taylor Hornby

Sunday, August 9

11:00 (Bronze 4)

Breaking CBC, or Randomness Never Was Happiness

Dr. Albert H. Carlson (ECCSmith) & Patrick Doherty

Hiding patterns in encrypted messages to make the transmission look like random symbols is the goal of cryptography. However, all ciphers do not completely disguise those patterns, making decryption possible. In response to this problem, modes were introduced to break up patterns and to increase the “randomness” of an encrypted message. In the case of Cipher Block Chaining mode (CBC) the randomizing material is the cipher text from the preceding block. CBC uses a “feed forward” algorithm and a regular structure that provides attackable data. In fact, there is so much information in the structure and associated data that CBC wrapped around ANY cipher can be efficiently broken.

We show that by using the blocks of the CBC algorithm both linear and non-linear encryptions using CBC can be broken. Further, we show that no linear cipher (such as a permutation or XOR cipher) is safe when used in conjunction with the mode and that non-linear ciphers (such as AES) are also vulnerable. Using the Birthday Paradox to predict how much data is needed to allow for decryption. This talk will demonstrate the break and show the mathematical background of the attack.

BIO: Dr. Albert Carlson began his hacking career soon after he began taking programming courses in High School in Chicago in 1975. Upon completion of his BSCompEng degree from the University of Illinois at Urbana in 1981, he joined the US Army as a Military Intelligence Officer specializing in Electronic Warfare and Cryptography. Retiring due to injury, he then began a 25 year career in engineering that included work in consumer, military, and designing utility substation security systems.

Dr. Carlson returned to school at the University of Idaho in 2002. There he completed his Master’s degree and PhD, both in Computer Science and specializing in Advance Set Theory and Cryptography. His dissertation, accepted in June of 2012, had as its’ subject: applying Set Theoretic Estimation to decryption.

In 2013 Dr. Carlson joined the faculty of Fontbonne University on the staff of the Math and Computer Science department. His research team studies the use of patterns in natural language and how they relate to set and information based attacks on ciphers. Dr. Carlson’s research interests include: cryptography, set theoretic estimation, natural language, patterns in language, physical security, critical infrastructure protection, and hardware security.

Patrick Doherty is a senior at Fontbonne University and will graduate in December of 2015. He is majoring in Computer science and plans on earning a graduate degree in the same field. He is the Project manager for the Research team.

BioHacking Village

Friday, August 7

10:00 - 10:15

Parallels in BioSec and InfoSec

Walter Powell aka Mr_Br!ml3y

Biosecurity and information security share a common vocabulary and threat environment due to the shared infection paradigm. Since both biosecurity and information security exist in an environment with pervasive and continuously evolving threats, both fields utilize similar methods to reduce risk: controlled access to facilities (isolation), maintenance of 'safe' environment (sanitation), user training (education), and ongoing checks for hazards (monitoring). The main differences between the two are ease of attack (virtual vs. physical) and costs/penalties for failure.

BIO: Mr_Br!ml3y grew up farming and liked it so much he went into information technology at the first opportunity. He has 5 years full-time infosec experience and strong side interests in biology and chemistry. He is currently trying to social engineer some department into paying for his PhD.

10:25 - 10:50

Social Implications of DNA Acquisition & Storage

Michael Goetzman (@Goetzman)

The advent of rapid 'Next-Generation' DNA sequencing methods has greatly accelerated biological and medical discovery steering society into a paradigm shift, the genomic era, of personalized medicine. This trend promises an affordable insight into your personal genome potentially giving individual’s personal advantages. What information is hidden within a strand of DNA and what are implications of accessing this data? Will these rapid advancements enhance humanity without sacrificing ethics and personal exposure? Can society overcome challenges stemming from emerging technologies such as massive internet accessible databases and cloud storage?

BIO: Michael Goetzman is an Information Security Specialist for a midwestern nonprofit collection of 18 hospitals employing over 22,000 associates. His responsibilities include the confidentially of electronic medical records and general protection of sensitive data. Michael holds a masters of science in management involving international studies in Havana, Cuba studying healthcare related technologies and earned his CISSP. On his free time, Michael enjoys exotic rides in zeppelins, soaring in experimental planes, and piloting colorful hot air balloons. Michael believes in freedom of non-harmful information, equality before the law, the advancement of scientific research, and the individual imperative.

15:00 - 15:20

Physiology from the Perspective of Control: A Bio-hacker's Guide

David Whitlock &Jasmina Aganovic (@JasminaAganovic)

A Hacker needs intimate and thorough understanding of the internal workings of a system to successfully and elegantly manipulate that system; along with the chutzpah to do so. ;)

Living tissue is active matter; it dissipates free energy while maintaining itself in a viable state. This requires a Control system that reduces the degrees of freedom of the system to only those desired.

All disorders are disorders of control. Either Control allowed physiology to get into a bad state, or Control did not get physiology out of a bad state. Bio-hacking requires understanding physiology from the perspective of Control.

Good design heuristics make modular systems with designed interfaces. Evolution didn't do that. Modern living environments are very different than environments our ancestors evolved in. Not surprising a number of disorders that are common in the urban developed world are rare to unknown in the rural undeveloped world; things like diabetes, obesity, allergies, inflammatory disorders. This observation has lead to the “hygiene hypothesis”; the idea that there is a “factor” associated with “dirt” or lack of “hygiene” that is protective. This presents the hypothesis that the loss of ammonia oxidizing bacteria through modern bathing practices adversely affects the background nitric oxide level and so perturbs all NO-mediated control pathways, with no threshold.

The importance of the background level of nitric oxide will be discussed in the context of a component of the human microbiome; ammonia oxidizing bacteria living on the skin and converting ammonia in sweat into nitrite and nitric oxide so as to set the background NO/NOx level to avoid nitropenia.

BIO: David Whitlock is Chief Scientist/co-founder of AOBiome and discovered that AOB are commensal organisms for many eukaryotes. He received his MS and BS in Chemical Engineering from MIT.

Jasmina is a consumer goods entrepreneur who received her degree in chemical and biological engineering from MIT. Her unconventional path combined her technical background with roles at personal care brands.

15:30 - 15:50

Examining the Robustness of the Brain Against a Malicious Adversary

Avani Wildani

Neural networks in the brain are sparsely connected, composed of components with an over 50% failure rate, and still amazingly consistent in their high-level behavior over time. We are building models of biologically plausible neural networks to help explain how the brain can protect against a malicious adversary while keeping networks tiny, low power, and easily trained. Using parameters taken from the somatosensory cortex, we have built a simulator to show the relationships between connectivity and severity of possible attacks. Some prior knowledge of distributed system design is helpful, and we'll teach you all of the neuroscience you need to know.

BIO: Dr. Avani Wildani (neuron) is a postdoctoral fellow at the Salk Institute, where she is applying her background in distributed systems to exploring the security profile of computational neurobiology. Her Ph.D. work included finding correlated disk activity by analyzing block I/O traces collected through tapping the SATA bus. She believes that the best way of understanding how a system is designed is to understand the attacks it can and cannot defend against. She is usually found with Toool, tinkering with something small and sharp.

Sunday, August 9

14:00 - 14:25

Physiology from the Perspective of Control: A Bio-hacker's Guide

Christian "quaddi" Dameff MD (@CDameffMD), Jeff "r3plicant" Tully MD (@JeffTullyMD), Peter Hefley (@PeterHefley)

We live in a world shaped by the hacker ethos. Systems underlying the backbone of our daily lives - from government to finance to entertainment - have grown and evolved based in part on the ingenuity and input of people like you. What happens when we take that drive to understand, tinker, and (most of all) improve, and turn it towards the most complex system on Earth? Welcome to the world of biohacking.

Join two doctors/hackers and an infosec security pro as they take a deep dive into the realm of implantable mods, from the smallest DIY project to the cutting-edge in academic and industrial prototypes. This talk will also outline principles of successful human modification as well as highlight the need for caution at a time when innovation and imagination is pursued at the expense of security. But above all else, this talk is a celebration of the pioneering spirit of grinder culture and a call for hackers to continue to shape the future of what may be the most important movement in human history.

BIO: Christian (quaddi) Dameff is an emergency medicine physician, former open capture the flag champion, prior Defcon speaker, and researcher. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. His most recent focus is on biohacking, medical device security, and critical medical infrastructure cyber security. He can’t spell words well. This is his tenth Defcon.

Jeff Tully is a pediatric physician and researcher with an interest in understanding the ever-growing intersections between health care and technology. Prior to medical school he worked on “hacking” the genetic code of Salmonella bacteria to create anti-cancer tools but now spends a majority of his time dreaming of a world where human beings will be able to upload their consciousness into utterly immersive simulations of the Star Wars universe.

Peter Hefley has no medical device implants because he is squeamish about blood and cutting oneself open. With experience in information security consulting and penetration testing, he'd like to help lay the groundwork for body modifications and biohacking in a way that prevents folks' brains from getting pwned.

14:30 - 14:55

Cloning Access Cards to Implants

Alex Smith @CyberiseMe

Ever cloned an office access card but been afraid you'd be caught and searched? In this talk I'll show you how to clone RFID cards to subdermal implants to avoid detection.

This talk will cover the basics of RFID security, card cloning and RFID implants. It will focus on the AT5577 chip in the new implantable form factor and show how to use it to access RFID controlled security systems.

BIO: Alex is a DIY cyborg, aka grinder. He designs, builds and implants cybernetic devices.

19:00 - 19:50

Brain Waves Surfing - (In)security in EEG (Electroencephalography) Technologies

Alejandro Hernández (@nitr0usmx)

Electroencephalography (EEG) is a non-invasive method for the recording and the study of electrical activity of the brain taken from the scalp. The source of these brain signals is mostly the synaptic activity between brain cells (neurons). EEG activity is represented by different waveforms per second (frequencies) that can be used to diagnose or monitor different health conditions such as epilepsy, sleeping disorders, seizures, Alzheimer disease, among other clinical uses. On the other hand, brain signals are used for many other research and entertainment purposes, such as neurofeedback, arts and neurogaming.

A brief introduction of BCIs (Brain-Computer Interfaces) and EEG will be given in order to understand the risks involved in our brain signals processing, storage and transmission.

Live demos include the visualization of live brain activity, the sniffing of brain signals over TCP/IP as well as flaws in well-known EEG applications when dealing with some corrupted samples of the most widely used EEG file formats (e.g. EDF). This talk is a first approach to demonstrate that many EEG technologies are prone to common network and application attacks.

Finally, best practices and regulatory compliance on digital EEG will be discussed.

BIO: Consultant with passion for different topics in security such as penetration testing, OSINT and fuzzing. Currently working for the security firm IOActive, where he had had the chance to work for a variety of Fortune 500 companies in different countries such as Mexico, USA, UK, South Korea, Netherlands and South Africa.

Co-author of DotDotPwn, a Directory Traversal fuzzer presented at BlackHat USA Arsenal 2011 and Melkor, an ELF file format fuzzer presented in Arsenal in 2014.

He enjoys cyberpunk movies, with dystopian scenarios, Hi-Tech and social decadence.

Sunday, August 9

14:00 - 14:25

Biohacking at home: Pragmatic DNA design, assembly, and transformation

Keoni Gandall

It is predicted that the ability to read/write DNA cheaply at scale will revolutionize biology, but what happens after the DNA has been printed? I will explain the basics of genetic engineering at home and how it can be useful now and in the future. This talk will cover building a basic lab, DNA design and assembly, transformation of actual living organisms, and the relevant safety and security concerns. If time permits, I will talk about open source projects and engineering principles as applied to genetics. I will also briefly explain how this applies to human genome editing, even though I have been referring to the genetic engineering of microbes. This talk should provide you with a better understanding of genetic engineering and how to get started at home or a local hackerspace.

BIO: Keoni Gandall is currently a student at Edison High School as well as an active member of the DIYbio community. Over the past two years, he has worked in the liulab at UCI with in vivo directed evolution systems, at LA Biohackers as a main contributor to their iGEM project, and at home doing independent research & development. In 2013, he won first place at the Broadcom Masters national science fair for creating an Archaea plasmid using his home lab. This is his second year at DEF CON and he is still here to learn, but he is even more excited to share the basics of genetic engineering with the larger hacker community. Keoni is dedicated to the practical development of new biological technologies in the 21st century.

14:30 - 14:55

Genetic engineering - Genetically modifying organisms for fun and profit

Johan Sosa (@johansosa)

Find out how genetically modified organisms are created. This talk for will focus introducing the basics of DIY genetic engineering for the uninitiated. With the knowledge provided in this talk, you can get started on the path to doing citizen science and maybe even making the next great scientific breakthrough (with a lot dedication, discipline, and focus). Learn how a protein that's part a bacterial immune system can be used to edit an organism genes. Find out how a the equivalent of Denial of Service attacks are used to smuggle DNA into yeast cells. Get info on what equipment is needed to get started in the emerging field of synthetic biology.

BIO: Johan's day job is IT security, but at night he's immersed in science. He has been involved with DIY Biology projects for about two years. With help from many, he leads the lab work for the Real Vegan Cheese project. The Real Vegan Cheese project, which won a Gold medal at the 2014 iGEM competition, aims to produce milk proteins via yeast and thus enable a source of cheese that doesn't require animals.

Internet of Things Village

Friday, August 7


The Hand that Rocks the Cradle: Hacking IoT Baby Monitors

Mark Stanislav


Special Presentation



Security of Wireless Home Automation Systems - A World Beside TCP/IP

Tobias Zillner & Sebastian Strobi

Saturday, August 9


Hacking You Fat: The FitBit Aria

Ken Munro & David Lodge


Hacking Satellite TV Receivers

Sofiane Talmat


Advanced SOHO Router Exploitation

Lyon Yang

Sunday, August 9


Pwning IoT with Hardware Attacks

Chase Shultz


Special Presentation