Jump to Friday | Saturday | Sunday
Friday
09:00
Virtual
Dark Tangent Welcome on Discord and
Making the DEF CON 29 Badge
Michael Whiteley & Katie Whiteley
Demo
10:00
Track 1
Welcome To DEF CON & Making the DEF CON 29 Badge
Dark Tangent, Michael Whiteley, & Katie Whiteley
Demo
Track 2
Gone Apple Pickin': Red Teaming macOS Environments in 2021
Cedric Owens
Demo
Virtual
HTTP/2: The Sequel is Always Worse
James Kettle
Demo, Tool, Exploit
11:00
Track 2
2021—Our Journey Back To The Future Of Windows Vulnerabilities and the 0-days we brought back with us
Tomer Bar & Eran Segal
Demo, Tool, Exploit
Virtual
Caught you—reveal and exploit IPC logic bugs inside Apple
Zhipeng Huo, Yuebin Sun, & Chuanda Ding
Demo, Exploit
12:00
Track 1
REBOOTING CRITICAL INFRASTRUCTURE PROTECTION
Panel with DEF CON Policy Panel
Track 2
Your House is My House: Use of Offensive Enclaves In Adversarial Operations
Dimitry "Op_Nomad" Snezhkov
Demo, Tool
Virtual
Do you like to read? I know how to take over your Kindle with an e-book
Slava Makkaveev
12:30
Track 2
The Mechanics of Compromising Low Entropy RSA Keys
Austin Allshouse
Virtual
Worming through IDEs
David Dworken
Demo, Exploit
13:00
Track 1
Ransomeware’s Big Year – From Nuisance to “Scourge”?
DEF CON Policy Panel
Track 2
Sleight of ARM: Demystifying Intel Houdini
Brian Hong
Demo
Virtual
eBPF, I thought we were friends!
Guillaume Fournier, Sylvain Afchain, & Sylvain Baubeau
Demo, Tool
14:00
Track 1
MAVSH> Attacking from Above
Sach
Demo, Tool
Track 2
Hacking Humans with AI as a Service
Eugene Lim, Glenice Tan, & Tan Kee Hock
Demo, Tool
Virtual
Rotten code, aging standards, & pwning IPv4 parsing across nearly every mainstream programming language
Kelly Kaoudis & Sick Codes
Demo, Exploit
15:00
Track 1 Track 2 Virtual
UFOs: Misinformation, Disinformation, and the Basic Truth
Richard Thieme AKA neuralcowboy
Abusing SAST tools! When scanners do more than just scanning
Rotem Bar
Demo
ProxyLogon is Just the Tip of the Iceberg, A New Attack Surface on Microsoft Exchange Server!
Orange Tsai
Demo, Exploit
16:00
Track 1
Defending against nation-state (legal) attack: how to build a privacy-protecting service in the era of ubiquitous surveillance
Bill "Woody" Woodcock
Track 2
Bundles of Joy: Breaking macOS via Subverted Applications Bundles
Patrick Wardle
Demo
Virtual
The Unbelievable Insecurity of the Big Data Stack: An Offensive Approach to Analyzing Huge and Complex Big Data Infrastructures
Sheila A. Berta
Demo
17:00
Track 1
Do No harm; Health Panel : Live version
A DEF CON Policy Panel
Track 2
Phantom Attack: Evading System Call Monitoring
Rex Guo & Junyuan Zeng
Demo, Tool, Exploit
Virtual
Warping Reality—creating and countering the next generation of Linux rootkits using eBPF
PatH
Demo, Tool
18:00
Track 1
Do No harm; Health Panel : Live version
A DEF CON Policy Panel
Track 2
Response Smuggling: Pwning HTTP/1.1 Connections
Martin Doyhenard
Demo, Exploit
Virtual
How I use a JSON Deserialization 0day to Steal Your Money On The Blockchain
Hao Xing & Zekai Wu
Demo, Exploit
Saturday
10:00
Track 1
High-Stakes Updates BIOS RCE OMG WTF BBQ
Mickey Shkatov & Jesse Michael
Demo, Tool, Exploit
Track 2
Crossover Episode: The Real-Life Story of the First Mainframe Container Breakout
Ian Coldwater & Chad Rikansrud (Bigendian Smalls)
Demo
Virtual
Privacy Without Monopoly: Paternalism Works Well, But Fails Badly
Cory Doctorow
11:00
Track 2
UPnProxyPot: fake the funk, become a blackhat proxy, MITM their TLS, and scrape the wire
Chad Seaman
Tool
Virtual
Wibbly Wobbly, Timey Wimey – What's Really Inside Apple's U1 Chip
jiska & Alexander Heinrich
Demo, Tool
12:00
Track 1
Racketeer Toolkit. Prototyping Controlled Ransomware Operations
Dimitry "Op_Nomad" Snezhkov
Demo, Tool
Track 2
Time Turner—Hacking RF Attendance Systems (To Be in Two Places at Once)
Vivek Nair
Demo, Tool
Virtual
Bring Your Own Print Driver Vulnerability
Jacob Baines
Tool, Exploit
12:30
Track 1
Hack the hackers: Leaking data over SSL/TLS
Ionut Cernica
Demo, Exploit
Track 2
A new class of DNS vulnerabilities affecting many DNS-as-Service platforms
Shir Tamari & Ami Luttwak
Demo
13:00
Track 1
PINATA: PIN Automatic Try Attack
Salvador Mendoza
Demo
Track 2
Defeating Physical Intrusion Detection Alarm Wires
Bill Graydon
Tool
Virtual
TEMPEST radio station
Paz Hameiri
Tool
14:00
Track 1
SPARROW: A Novel Covert Communication Scheme Exploiting Broadcast Signals in LTE, 5G & Beyond
Reza Soosahabi & Chuck McAuley
Demo, Exploit
Track 2
Over-the-air remote code execution on the DEF CON 27 badge via Near Field Magnetic Inductance or World’s first NFMI exploitation, sorta or OTARCEDC27NFMIOMGWTFBBQ
Seth Kintigh
Demo, Tool, Exploit
Virtual
Sneak into buildings with KNXnet/IP
Claire Vacherot
Demo
15:00
Track 1
Hacking G Suite: The Power of Dark Apps Script Magic
Matthew Bryant
Tool
Track 2
Central bank digital currency, threats and vulnerabilities
Ian Vitek
Exploit
Virtual
Breaking Secure Bootloaders
Christopher Wade
Demo, Tool, Exploit
16:00
Track 1
New Phishing Attacks Exploiting OAuth Authentication Flows
Jenko Hwong
Demo, Tool
Track 2
PunkSPIDER and IOStation: Making a Mess All Over the Internet
_hyp3ri0n aka Alejandro Caceres & Jason Hopper
Demo, Tool
Virtual
Adventures in MitM-land: Using Machine-in-the-Middle to Attack Active Directory Authentication Schemes
Sagi Sheinfeld, Eyal Karni, & Yaron Zinar
Demo
17:00
Track 1
You're Doing IoT RNG
Dan "AltF4" Petro & Allan "DwangoAC" Cecil
Track 2
Hacking the Apple AirTags
Thomas Roth
Demo, Tool
Virtual
Don't Dare to Exploit—An Attack Surface Tour of SharePoint Server
Yuhao Weng, Steven Seeley, & Zhiniang Peng
Demo, Exploit
18:00
Track 1
HACKERS INTO THE UN? Engaging in the cyber discussions on war & peace
DEF CON Policy Panel
Track 2
Offensive Golang Bonanza: Writing Golang Malware
Ben Kurtz
Demo, Tool, Exploit
Virtual
Vulnerability Exchange: One Domain Account For More Than Exchange Server RCE
Tianze Ding
Demo, Tool, Exploit
Sunday
10:00
Track 1
A Discussion with Agent X
Agent X
Track 2
Hi! I'm DOMAIN\Steve, please let me access VLAN2
Justin Perdok
Demo, Tool, Exploit
Virtual
Taking Apart and Taking Over ICS & SCADA Ecosystems: A Case Study of Mitsubishi Electric
Mars Cheng
Selmon Yang
Demo, Tool
11:00
Track 1
The PACS-man Comes For Us All: We May Be Vaccinated, but Physical Access Control Still Sucks
Babak Javadi, Nick Draffen, Eric Betts, & Anze Jensterle
Demo, Tool, Exploit
Track 2
Glitching RISC-V chips: MTVEC corruption for hardening ISA
Adam 'pi3' Zabrocki & Alex Matrosov
Demo, Exploit
Virtual
Fuzzing Linux with Xen
Tamas K Lengyel
Demo, Tool, Exploit
12:00
Track 1
DoS: Denial of Shopping – Analyzing and Exploiting (Physical) Shopping Cart Immobilization Systems
Joseph Gabay
Track 2
No Key? No PIN? No Combo? No Problem! P0wning ATMs For Fun and Profit
Roy Davis
Demo
Virtual
Breaking TrustZone-M: Privilege Escalation on LPC55S69
Laura Abbott & Rick Altherr
Demo, Exploit
13:00
Track 1
Extension-Land: exploits and rootkits in your browser extensions
Barak Sternberg
Demo, Tool, Exploit
Track 2
Why does my security camera scream like a Banshee? Signal analysis and RE of a proprietary audio-data encoding protocol
Rion Carter
Demo, Tool
Virtual
Timeless Timing Attacks
Tom Van Goethem & Mathy Vanhoef
Demo, Tool, Exploit
14:00
Track 1
Robots with lasers and cameras (but no security): Liberating your vacuum from the cloud
Dennis Giese
Tool, Exploit
Track 2
Old MacDonald Had a Barcode, E-I-E-I CAR
Richard Henderson
Demo
Virtual
Instrument and Find Out: Writing Parasitic Tracers for High(-Level) Languages
Jeff Dileo
Demo, Tool
14:30
Virtual
The Agricultural Data Arms Race: Exploiting a Tractor Load of Vulnerabilities In The Global Food Supply Chain.
Sick Codes
Demo, Exploit
15:00
Virtual
Discord Closing Ceremonies
Dark Tangent & DEF CON Goons
16:00
Track 1
DEF CON Closing Ceremonies, Black Badge Ceremonies
with Dark Tangent & DEF CON Goons