Pick a day:
= Demo |
= Tool |
= Exploit
Get the schedule in printable PDF Format
Introducing DEF CON Fireside Hax
These are smaller more intimate talks that don't require audio and video support for a limited audience. For more detailed descriptions view their abstracts on the Speaker page.
Friday, 20:00-22:00
-
Roman Chillout
Oh Noes!—A Role Playing Incident Response Game
Bruce Potter & Robert Potter
-
Octavius 9
D0 N0 H4RM: A Healthcare Security Conversation
Christian "quaddi" Dameff, Jeff "r3plicant" Tully, Kirill Levchenko, Beau Woods, Roberto Suarez, Jay Radcliffe, Joshua Corman & David Nathans
-
Octavius 13
Disrupting the Digital Dystopia or What the hell is happening in computer law?
Nathan White & Nate Cardozo
Saturday, 20:00-22:00
-
Roman Chillout
EFF Fireside Hax (AKA Ask the EFF)
Kurt Opsahl, Nate Cardozo, Jamie Lee Williams, Andrés Arrieta, Katiza Rodriguez, & Nathan 'nash' Sheard
-
Octavius 9
Matt Goerzen, Dr. Jeanna Matthews, & Joan Donovan
-
Octavius 13
Privacy Is Equality—And It's Far from Dead
Sarah St. Vincent
Thursday
10:00
-
101 Track
ThinSIM-based Attacks on Mobile Money Systems
Rowan Phipps
11:00
-
101 Track
Guang Gong
12:00
-
101 Track
Ring 0/-2 Rootkits: Bypassing Defenses
Alexandre Borges
13:00
-
101 Track
A Journey Into Hexagon: Dissecting a Qualcomm Baseband
Seamus Burke
14:00
-
101 Track
Wagging The Tail - Covert Passive Surveillance And How To Make Their Life Difficult
Si & Agent X
15:00
-
101 Track
Whitney Champion & Seth Law
15:30
-
101 Track
Panel
Friday
10:00
-
101 Track
Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework
Joe Rozner
-
Track One
Welcome To DEF CON & Badge Maker Talk
The Dark Tangent
-
Track Two
De-anonymizing Programmers from Source Code and Binaries
Rachel Greenstadt & Dr. Aylin Caliskan
-
Track Three
Securing our Nation's Election Infrastructure
Jeanette Manfra
10:30
-
101 Track
Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework
cont.
-
Track One
Welcome To DEF CON & Badge Maker Talk
cont.
-
Track Two
De-anonymizing Programmers from Source Code and Binaries
cont.
-
Track Three
Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems
m010ch_
11:00
-
101 Track
An Attacker Looks at Docker: Approaching Multi-Container Applications
Wesley McGrew
-
Track One
Rob Joyce
-
Track Two
egypt & William Vu
-
Track Three
Lora Smart Water Meter Security Analysis
Yingtao Zeng, Lin Huang, & Jun Li
12:00
-
101 Track
Morgan ``indrora'' Gangwere
-
Track One
Vulnerable Out of the Box: An Evaluation of Android Carrier Devices
Ryan Johnson & Angelos Stavrou
-
Track Two
Breaking Paser Logic: Take Your Path Normalization Off and Pop 0days Out!
Orange Tsai
-
Track Three
Who Controls the Controllers—Hacking Crestron IoT Automation Systems
Ricky "HeadlessZeke" Lawshae
13:00
-
101 Track
Dissecting the Teddy Ruxpin: Reverse Engineering the Smart Bear
zenofex
-
Track One
Compromising Online Accounts by Cracking Voicemail Systems
Martin Vigo
-
Track Two
Finding Xori: Malware Analysis Triage with Automated Disassembly
Amanda Rousseau & Rich Seymour
-
Track Three
William Martin
13:30
-
101 Track
You can run, but you can't hide. Reverse engineering using X-Ray
George Tarnovsky
-
Track One
Dragnet—Your Social Engineering Sidekick
Truman Kain
-
Track Two
Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller
Feng Xiao, Jianwei Huang, & Peng Liu
-
Track Three
Fasten your seatbelts: We are escaping iOS 11 sandbox!
Min (Spark) Zheng & Xiaolong Bai
14:00
-
101 Track
UEFI Exploitation for the Masses
Mickey Shkatov & Jesse Michael
-
Track One
GOD MODE UNLOCKED: Hardware Backdoors in [redacted] x86 CPUs
Christopher Domas
-
Track Two
4G—Who is paying your cellular phone bill?
Dr. Silke Holtmanns & Isha Singh
-
Track Three
Michael Ossmann & Dominic Spill
15:00
-
101 Track
Weaponizing Unicode: Homographs Beyond IDNs
The Tarquin
-
Track One
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Gabriel Ryan
-
Track Two
Alfonso García Alguacil & Alejo Murillo Moya
-
Track Three
Privacy Infrastructure, Challenges and Opportunities
yawnbox
16:00
-
101 Track
Automated Discovery of Deserialization Gadget Chains
Ian Haken
-
Track One
Your Peripheral Has Planted Malware—An Exploit of NXP SOCs Vulnerability
Yuwei Zheng, Shaokun Cao, Yunding Jian, & Mingchuang Qun
-
Track Two
Practical & Improved Wifi MitM with Mana
singe
-
Track Three
_delta_zero & Azeem Aqil
17:00
-
101 Track
Steven Danneman
-
Track One
I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine
Alex Levinson & Dan Borges
-
Track Two
The L0pht Testimony, 20 Years Later (and Other Things You Were Afraid to Ask)
Elinor Mills, DilDog, Joe Grand (Kingpin), Space Rogue, Mudge, Silicosis, John Tan & Weld Pond
-
Track Three
Reverse Engineering, hacking documentary series
Michael Lee Nirenberg & Dave Buchwald
Saturday
10:00
-
101 Track
Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems
Marina Krotofil & Jos Wetzels
-
Track One
It WISN't Me, Attacking Industrial Wireless Mesh Networks
Erwin Paternotte & Mattijs van Ommeren
-
Track Two
Dr. Jeanna N. Matthews, Nathan Adams, & Jerome Greco
-
Track Three
You may have paid more than you imagine—Replay Attacks on Ethereum Smart Contracts
Zhenxuan Bai, Yuwei Zheng, Senhua Wang, & Kunzhe Chai
11:00
-
101 Track
Hacking PLCs and Causing Havoc on Critical Infrastructures
Thiago Alves
-
Track One
Exploiting Active Directory Administrator Insecurities
Sean Metcalf
-
Track Two
Compression Oracle Attacks on VPN Networks
Nafeez
-
Track Three
Jailbreaking the 3DS through 7 years of hardening
smea
12:00
-
101 Track
Building Absurd Christmas Light Shows
Rob Joyce
-
Track One
Tineola: Taking a Bite Out of Enterprise Blockchain
Stark Riedesel & Parsia Hakimian
-
Track Two
You'd better secure your BLE devices or we'll kick your butts !
Damien "virtualabs" Cauquil
-
Track Three
Ridealong Adventures—Critical Issues with Police Body Cameras
Josh Mitchell
13:00
-
101 Track
One Step Ahead of Cheaters—Instrumenting Android Emulators
Nevermoe
-
Track One
In Soviet Russia Smartcard Hacks You
Eric Sesterhenn
-
Track Two
Reaping and breaking keys at scale: when crypto meets big data
Yolan Romailler & Nils Amiet
-
Track Three
Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era
Andrea Marcelli
13:30
-
101 Track
House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries
Sanat Sharma
-
Track One
The ring 0 façade: awakening the processor's inner demons
Christopher Domas
-
Track Two
Detecting Blue Team Research Through Targeted Ads
0x200b
-
Track Three
Infecting The Embedded Supply Chain
Zach & Alex
14:00
-
101 Track
Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices
Dennis Giese
-
Track One
SMBetray—Backdooring and breaking signatures
William Martin
-
Track Two
Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones
Eduardo Izycki & Rodrigo Colli
-
Track Three
Playing Malware Injection with Exploit thoughts
Sheng-Hao Ma
14:30
-
101 Track
Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices
Cont.
-
Track One
SMBetray—Backdooring and breaking signatures
Cont.
-
Track Two
Maggie Mayhem
-
Track Three
Fire & Ice: Making and Breaking macOS Firewalls
Patrick Wardle
15:00
-
101 Track
Project Interceptor: avoiding counter-drone systems with nanodrones
David Melendez Cano
-
Track One
All your math are belong to us
sghctoma
-
Track Two
Reverse Engineering Windows Defender's Emulator
Alexei Bulazel
-
Track Three
Ladar Levison & hon1nbo
16:00
-
101 Track
Daniel "unicornFurnace" Crowley, Mauro Paredes, & Jen "savagejen" Savage
-
Track One
80 to 0 in under 5 seconds: Falsifying a medical patient's vitals
Douglas McKee
-
Track Two
All your family secrets belong to us—Worrisome security issues in tracker apps
Dr. Siegfried Rasthofer, Stephan Huber, & Dr. Steven Arzt
-
Track Three
Inside the Fake Science Factory
Dr Cindy Poppins (AKA Svea Eckert), Dr Dade Murphy (AKA Suggy), & Professor Dr Edgar Munchhausen (AKA Till Krause)
17:00
-
101 Track
Closed
-
Track One
The Road to Resilience: How Real Hacking Redeems this Damnable Profession
Richard Thieme
-
Track Two
Relocation Bonus: Attacking the Windows Loader Makes Analysts Switch Careers
Nick Cano
-
Track Three
Inside the Fake Science Factory
Cont.
Sunday
10:00
-
101 Track
The Mouse is Mightier than the Sword
Patrick Wardle
-
Track One
Rock appround the clock: Tracking malware developers by Android "AAPT" timezone disclosure bug
Sheila A. Berta & Sergio De Los Santos
-
Track Two
Defending the 2018 Midterm Elections from Foreign Adversaries
Joshua M Franklin & Kevin Franklin
-
Track Three
For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems
Leigh-Anne Galloway & Tim Yunusov
11:00
-
101 Track
Searching for the Light: Adventures with OpticSpy
Joe Grand
-
Track One
Josep Pi Rodriguez
-
Track Two
Daniel Zolnikov
-
Track Three
Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits
zerosum0x0
12:00
-
101 Track
Breaking Smart Speakers: We are Listening to You
Wu HuiYu & Qian Wenxiang
-
Track One
Last mile authentication problem: Exploiting the missing link in end-to-end secure communication
Thanh Bui & Siddharth Rao
-
Track Two
Attacking the macOS Kernel Graphics Driver
Yu Wang
-
Track Three
Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities
Matt Knight & Ryan Speers
13:00
-
101 Track
Trouble in the tubes: How internet routing security breaks down and how you can do it at home
Lane Broadbent
-
Track One
Slava Makkaveev
-
Track Two
Micro-Renovator: Bringing Processor Firmware up to Code
Matt King
-
Track Three
barcOwned—Popping shells with your cereal box
Michael West & magicspacekiwi (Colin Campbell)
13:30
-
101 Track
Trouble in the tubes: How internet routing security breaks down and how you can do it at home
Cont.
-
Track One
Asura: A huge PCAP file analyzer for anomaly packets detection using massive multithreading
Ruo Ando
-
Track Two
Lost and Found Certificates: dealing with residual certificates for pre-owned domains
Ian Foster & Dylan Ayrey
-
Track Three
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking
ldionmarcil
14:00
-
101 Track
Betrayed by the keyboard: How what you type can give you away
Matt Wixey
-
Track One
Your Watch Can Watch You! Gear Up for the Broken Privilege Pitfalls in the Samsung Gear Smartwatch
Dongsung Kim & Hyoung-Kee Choi
-
Track Two
Hacking BLE Bicycle Locks for Fun and a Small Profit
Vincent Tan
-
Track Three
One bite and all your dreams will come true: Analyzing and Attacking Apple Kernel Drivers
Xiaolong Bai & Min (Spark) Zheng
15:00
-
101 Track
CLOSED
-
Track One
Brent White (B1TK1LL3R), Jeff Moss (The Dark Tangent), Jayson E. Street, S0ups, Tim Roberts (byt3boy), Casey Bourbonnais, & April Wright
-
Track Two
Yaniv Balmas & Eyal Itkin
-
Track Three
Maksim Shudrak
16:30
-
101 Track
CLOSED
-
Track One
The Dark Tangent
-
Track Two
CLOSED
-
Track Three
CLOSED