skip to main content

DEF CON 27 Hacking Conference

Schedule

Schedule

Pick a day:

Thursday
Friday
Saturday
Sunday

= Demo | = Tool | = Exploit

Get the schedule in printable PDF Format

Thursday

10:00

DC101, Paris Theatre

Exploiting Windows Exploit Mitigation for ROP Exploits

Omer Yair

11:00

DC101, Paris Theatre

Breaking Google Home: Exploit It with SQLite (Magellan)

Wenxiang Qian, YuXiang Li, HuiYu Wu

12:00

DC101, Paris Theatre

Are Quantum Computers Really A Threat To Cryptography? A Practical Overview Of Current State-Of-The-Art Techniques With Some Interesting Surprises

Andreas Baumhof

13:00

DC101, Paris Theatre

Intro to Embedded Hacking—How you too can find a decade old bug in widely deployed devices. [REDACTED] Deskphones, a case study.

Philippe Laulheret

14:00

DC101, Paris Theatre

Web2Own: Attacking Desktop Apps From Web Security's Perspective

Junyu Zhou, Ce Qin, Jianing Wang

15:00

DC101, Paris Theatre

DEF CON 101 Panel

Highwiz, Nikita, Will, n00bz, Shaggy, SecBarbie, Tottenkoph

Friday

Friday at 10:00

Track 1

Behind the Scenes of the DEFCON 27 Badge

Joe Grand (Kingpin)
Track 2

Hacking Congress: The Enemy Of My Enemy Is My Friend

Former Rep. Jane Harman, Rep. James Langevin, Jen Ellis, Cris Thomas, Rep. Ted Lieu
Track 3

Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware†

Olivier Bilodeau, Masarah Paquet-Clouston
Track 4

Duplicating Restricted Mechanical Keys

Bill Graydon, Robert Graydon

Friday at 11:00

Track 1

Don't Red-Team AI Like a Chump

Ariel Herbert-Voss
Track 2

The Tor Censorship Arms Race: The Next Chapter

Roger Dingledine
Track 3

All the 4G Modules Could Be Hacked

XiaoHuiHui, Ye Zhang, ZhengHuang
Track 4

Evil eBPF In-Depth: Practical Abuses of an In-Kernel Bytecode Runtime

Jeff Dileo

Friday at 12:00

Track 1

Process Injection Techniques—Gotta Catch Them All

Itzik Kotler, Amit Klein
Track 2

Phreaking Elevators

WillC
Track 3

Infiltrating Corporate Intranet Like NSA _Pre-auth RCE on Leading SSL VPNs

Orange Tsai, Meh Chang
Track 4

API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web

Joshua Maddux

Friday at 13:00

Track 1

HackPac: Hacking Pointer Authentication in iOS User Space

Xiaolong Bai, Min (Spark) Zheng
Track 2

HVACking: Understand the Difference Between Security and Reality!

Douglas McKee, Mark Bereza
Track 3

No Mas—How One Side-Channel Flaw Opens Atm, Pharmacies and Government Secrets Up to Attack

phar
Track 4

More Keys Than A Piano: Finding Secrets In Publicly Exposed Ebs Volumes

xBen "benmap" Morris

Friday at 14:00

Track 1

Harnessing Weapons of Mac Destruction

Patrick Wardle
Track 2

Are Your Child's Records at Risk? The Current State of School Infosec

Bill Demirkapi
Track 3

How Deep Learning Is Revolutionizing Side-Channel Cryptanalysis

Elie Bursztein, Jean Michel Picod
Track 4

Practical Key Search Attacks Against Modern Symmetric Ciphers

Daniel "ufurnace" Crowley, Daniel Pagan

Friday at 15:00

Track 1

MOSE: Using Configuration Management for Evil

Jayson Grace
Track 2

Change the World, cDc Style: Cow tips from the first 35 years

Joseph Menn, Peiter Mudge Zatko, Chris Dildog Rioux, Deth Vegetable, Omega
Track 3

100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans

Jatin Kataria, Rick Housley, Ang Cui
Track 4

Relaying Credentials Has Never Been Easier: How to Easily Bypass the Latest NTLM Relay Mitigations

Marina Simakov, Yaron Zinar

Friday at 16:00

Track 1

Please Inject Me, a x64 Code Injection

Alon Weinberg
Track 2

I Know What You Did Last Summer: 3 Years of Wireless Monitoring at DEF CON

d4rkm4tter (Mike Spicer)
Track 3

Surveillance Detection Scout—Your Lookout on Autopilot

Truman Kain
Track 4

The JOP ROCKET: A Supremely Wicked Tool for JOP Gadget Discovery, or What to Do If ROP Is Too Easy

Dr. Bramwell Brizendine, Dr. Joshua Stroschien

Friday at 16:30

Track 1

Poking the S in SD cards

Nicolas Oberli
Track 2

Can You Track Me Now? Why The Phone Companies Are Such A Privacy Disaster

U.S. Senator Ron Wyden
Track 3

Breaking The Back End! It Is Not Always A Bug. Sometimes, It Is Just Bad Design!

Gregory Pickett
Track 4

Re: What's up Johnny?—Covert Content Attacks on Email End-to-End Encryption

Jens Müller

Friday at 20:00

Firesides Lounge

D0 N0 H4RM: A Healthcare Security Conversation

Christian "quaddi" Dameff, Jeff "r3plicant" Tully MD, Suzanne Schwartz MD, Marie Moe PhD, Billy Rios, Jay Radcliffe

Friday at 22:15

Firesides Lounge

Panel: DEF CON Groups

Brent White / B1TK1LL3R, Jayson E. Street, Darington, April Wright, Tim Roberts (byt3boy), Casey Bourbonnais, s0ups

Saturday

Saturday at 10:00

Track 1

Weaponizing Hypervisors to Fight and Beat Car and Medical Devices Attacks

Ali Islam, Dan Regalado (DanuX)
Track 2

Rise of the Hypebots: Scripting Streetwear

finalphoenix
Track 3

Information Security in the Public Interest

Bruce Schneier
Track 4

EDR Is Coming; Hide Yo Sh!t

Michael Leibowitz, Topher Timzen

Saturday at 11:00

Track 1

Your Car is My Car

Jmaxxz
Track 2

HAKC THE POLICE

Bill Swearingen
Track 3

Hacking Your Thoughts—Batman Forever meets Black Mirror

Katherine Pratt/GattaKat
Track 4

Meticulously Modern Mobile Manipulations

Leon Jacobs

Saturday at 12:00

Track 1

How You Can Buy AT&T, T-Mobile, and Sprint Real-Time Location Data on the Black Market

Joseph Cox
Track 2

Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming

Damien Cauquil (virtualabs)
Track 3

Why You Should Fear Your "mundane" Office Equipment

Daniel Romero, Mario Rivas
Track 4

Zombie Ant Farm: Practical Tips for Playing Hide and Seek with Linux EDRs

Dimitry Snezhkov

Saturday at 13:00

Track 1

RACE—Minimal Rights and ACE for Active Directory Dominance

Nikhil Mittal
Track 2

GSM: We Can Hear Everyone Now!

Campbell Murray, Eoin Buckley, James Kulikowski
Track 3

Tag-side attacks against NFC

Christopher Wade
Track 4

SSO Wars: The Token Menace

Alvaro MuÒoz, Oleksandr Mirosh

Saturday at 14:00

Track 1

SELECT code_execution FROM * USING SQLite;—Gaining code execution using a malicious SQLite database

Omer Gull
Track 2

I'm on your phone, listening—Attacking VoIP Configuration Interfaces

Stephan Huber, Philipp Roskosch
Track 3

Zero bugs found? Hold my Beer AFL! How To Improve Coverage-Guided Fuzzing and Find New 0days in Tough Targets

Maksim Shudrak
Track 4

Next Generation Process Emulation with Binee

Kyle Gwinnup, John Holowczak

Saturday at 15:00

Track 1

Get Off the Kernel if You Canít Drive

Jesse Michael, Mickey Shkatov
Track 2

Reverse-Engineering 4g Hotspots for Fun, Bugs and Net Financial Loss

g richter
Track 3

State of DNS Rebinding—Attack & Prevention Techniques and the Singularity of Origin

Gerald Doussot, Roger Meyer
Track 4

.NET Malware Threats: Internals And Reversing

Alexandre Borges

Saturday at 16:00

Track 1

Reverse Engineering 17+ Cars in Less Than 10 Minutes

Brent Stone
Track 2

NOC NOC. Who's there? All. All who? All the things you wanted to know about the DEF CON NOC and we won't tell you about

The DEF CON NOC
Track 3

Confessions of an Nespresso Money Mule: Free Stuff & Triangulation Fraud

Nina Kollars, Kitty Hegemon
Track 4

Vacuum Cleaning SecurityóPinky and the Brain Edition

jiska, clou (Fabian Ullrich)

Saturday at 16:30

Track 1

Unpacking Pkgs: A Look Inside Macos Installer Packages And Common Security Flaws

Andy Grant
Track 2

NOC NOC. Who's there? All. All who? All the things you wanted to know about the DEF CON NOC and we won't tell you about

(cont) The DEF CON NOC
Track 3

Go NULL Yourself or: How I Learned to Start Worrying While Getting Fined for Otherís Auto Infractions

droogie
Track 4

Apache Solr Injection

Michael Stepankin

Saturday at 20:00

Firesides Lounge

Meet the EFF—Meetup Panel

Kurt Opsahl, Camille Fischer, Bennett Cyphers, Nathan 'nash' Sheard, Shahid Buttar

Saturday at 22:15

Firesides Lounge

We Hacked Twitter... And the World Lost Their Sh*t Over It!

Mike Godfrey, Matthew Carr

Sunday

Sunday at 10:00

Track 1

Backdooring Hardware Devices By Injecting Malicious Payloads On Microcontrollers

Sheila Ayelen Berta
Track 2

Adventures In Smart Buttplug Penetration (testing)

smea
Track 3

Hacking WebAssembly Games with Binary Instrumentation

Jack Baker
Track 4

Your Secret Files Are Mine: Bug Finding And Exploit Techniques On File Transfer App Of All Top Android Vendors

Xiangqian Zhang, Huiming Liu

Sunday at 11:00

Track 1

The ABC of Next-Gen Shellcoding

Hadrien Barral, RÈmi GÈraud-Stewart, Georges-Axel Jaloyan
Track 2

SDR Against Smart TVs: URL and Channel Injection Attacks

Pedro Cabrera Camara
Track 3

Exploiting Qualcomm WLAN and Modem Over The Air

Xiling Gong, Peter Pi
Track 4

Say Cheese—How I Ransomwared Your DSLR Camera

Eyal Itkin

Sunday at 12:00

Track 1

I'm In Your Cloud... Pwning Your Azure Environement

Dirk-jan Mollema
Track 2

Malproxying: Leave Your Malware at Home

Hila Cohen, Amit Waisel
Track 3

HTTP Desync Attacks: Smashing into the Cell Next Door

albinowax
Track 4

Help Me, Vulnerabilities. You're My Only Hope

Jacob Baines

Sunday at 13:00

Track 1

[ MI CASA-SU CASA ] My 192.168.1.1 is Your 192.168.1.1

Elliott Thompson
Track 2

Sound Effects: Exploring Acoustic Cyber-weapons

Matt Wixey
Track 3

Owning The Cloud Through Server-Side Request Forgery

Ben Sadeghipour, Cody Brocious (Daeken)
Track 4

Want Strong Isolation? Just Reset Your Processor

Anish Athalye

Sunday at 14:00

Track 1

Firmware Slap: Automating Discovery of Exploitable Vulnerabilities in Firmware

Christopher Roberts
Track 2

Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks

Brad Dixon
Track 3

The Ether Wars: Exploits, counter-exploits and honeypots on Ethereum

Bernhard Mueller, Daniel Luca
Track 4

Contests Awards Ceremony

Contests & Events

Sunday at 16:00

Paris Ballroom

Closing Ceremonies

The Dark Tangent & Goons