What?! Another Early Release Video from DEF CON 26?!
More DEF CON 26 video for you - this time it's all about the Hacker Tracker. Whiney Champion (@shortxstack) and Seth Law (@sethlaw) share the story behind the conference planning/management app they created to help people navigate the world of DEF CON. It's also a cool story about hackers seeing a need and jumping in to fill it with some open source awesomeness.
As always, enjoy and pass it on.
DEF CON 26 Early Release: Covert Passive Surveillance!
Another Early release for your viewing pleasure. This time it’s @SecuritySense and Agent X talking about best practices for detecting and inconveniencing old-fashioned analog shoe-leather surveillance. As always, enjoy and pass it on!
DEF CON 26 Voting Village Report Released!
The Voting Village Report from DEF CON 26 is live now! We hope you’ll take some time to read it in full.
In the Voting Village’s second year, the selection of devices was expanded to more than 30 machines, all but one of which are still in use across the USA right now. We also made a very successful effort to attract election officials to observe, participate and even get training from cybersecurity experts.
The many vulnerabilities discovered are listed in some detail. For example:
"A voting machine that is currently used in 26 states is vulnerable to be remotely hacked via anetwork attack. Because the device in question is a high-speed unit designed to process a high volume of ballots for an entire counties, hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election.
A second critical vulnerability in the same machine was disclosed to the vendor a decade ago, yet that machine, which was used into 2016, still contains the flaw.
Another machine used in 18 states was able to be hacked in only two minutes, while it takes the average voter six minutes to vote.”
While these results are cause for concern, the DEF CON Voting Village also provided Election Day Crisis Communications Protocols with the aim of suggesting clear best practices to mitigate the exploitation of the election infrastructure.
Please share this report widely. The only curative measure for misleading headlines is accurate information, and the security of our democratic process requires that we understand the problem clearly. If you are concerned about the vote tech in your area, get in touch with your local representatives. If they’re not aware of our project, share it with them.
We want to thank the organizers of the Voting Village, the election officials from around the nation who came to learn from our research and the hackers at DEF CON who brought their talent and ingenuity to the task of securing our voting process.
Yet another DEF CON 26 Early Release: Booby Trapping Boxes!
More video from DEF CON 26! 'Booby Trapping Boxes' by Ladar Levison and hon1nbo is a practical talk about high impact, low cost hardening for a chronically insecure world. From the abstract:
"Whether your running servers as a high value target, or simply want to protect your Monero private key, this talk will show you to achieve FIPS 140-2 level 4 security, without the FIPS 140-2 level 4 price tag. Specifically, we'll cover acquisition considerations, physical hardening, firmware mitigation, tamper detection and more."
Enjoy, and pass it on.
DEF CON 26 Early Release: Inside the Fake Science Factory!
More DEF CON 26 video for your perusal: @5uggy, Till Krause and @sveckert deliver a timely and important breakdown of the fake science industrial complex. From the abstract:
"This talk presents the findings and methodology from a team of investigative journalists, hackers and data scientists who delved into the parallel universe of fraudulent pseudo-academic conferences and journals; Fake science factories, twilight companies whose sole purpose is to give studies an air of scientific credibility while cashing in on millions of dollars in the process. Until recently, these fake science factories have remained relatively under the radar, with few outside of academia aware of their presence; but the highly profitable industry is growing significantly and with it, so are the implications. To the public, fake science is indistinguishable from legitimate science, which is facing similar accusations itself. Our findings highlight the prevalence of the pseudo-academic conferences, journals and publications and the damage they can and are doing to society."
Enjoy, and pass it along.
More Early Release Video from DEF CON 26: What the FAX!
More video from DEF CON 26! This time it's the ancient, humble fax machine's turn in the security barrel.
From the abstract:
"What the Fax?! ...We went to work, determined to show that the common fax machine could be compromised via mere access to its fully exposed and unprotected telephone line -- thus completely bypassing all perimeter security protections and shattering to pieces all modern-day security concepts."
As always, please enjoy, be edified and share far and wide.
DEF CON in the News: Voting Village Report Incoming Edition
The team that runs the DEF CON Voting Village has announced that they will release findings from DEF CON 26 next week. The report from last year's Voting Village was widely cited and helped jump-start the conversation about improving election tech security.
There has been controversy, with vote tech manufacturers and some state officials challenging the results and the methodology of the hackathon. TechTarget has an interview with VV's Jake Braun about this year's results and some behind the scenes info about the expanded efforts at this year's Voting Village.
Pictures from DEF CON 26!
The DEF CON 26 official picture feed is live on the media server for your enjoyment! In addition to the standard web-style offering, we’ve got the whole enchilada in tasty torrent flavor for the adventurous and storage-blessed.
We’d like to thank the whole DEF CON Photo Corps for their excellent work. Enjoy, and pass it on.
DEF CON 26 Transparency Report!
The DEF CON 26 transparency report is live on the DEF CON site.
We made a lot of changes this year, and we'd like to thank all the staff and partners who implemented them so smoothly.
If you've got thoughts or suggestions, send them over to firstname.lastname@example.org.
PS: We didn't cause the sandstorm/flooding combo. Almost completely sure.
DEF CON in the News: Voting Village Edition
4 senators sent a bipartisan appeal to @essvote urging the vote-tech firm to engage with the independent security research community. They asked Election Systems and Software to make voting machines available for testing and to share the results to increase transparency.
“Election agencies must be able to make informed decisions about what election equipment will help them conduct secure elections, and independent testing helps both election agencies and vendors.”
This is why we have a Voting Village.
We approve this message.
First Early Release Video from DEF CON 26!
For your first post-DC26 (and pre-DC27!) weekend, here's the first video release - Rob Joyce, Senior Advisor for Cybersecurity Strategy at the NSA giving his presentation 'NSA Talks Cybersecurity'.
From the abstract:
"The National Security Agency (NSA) has authorities for both foreign intelligence and cyber security. This unique position gives NSA insights into the ways networks are exploited and the methods that are effective in defending against threats. Over time, NSA has adapted the focus of its security efforts and continues to evolve with technologies and the adversaries we face. The talk will look back at some of the inflection points that have influenced NSA and US Government cybersecurity efforts and look at what is necessary to stay safe in the new environment."
As always, enjoy and share widely.
Caesars Palace Update
A team from DEF CON management met with Caesars on Tuesday. They are looking into the reports we presented, and we’ll share what we can as those investigations play out.
Here’s an overview of the current policy as shared with us:
1. DND tag on the door too long triggers a security visit.
2. That security visit is supposed to be by hotel security staff who are clearly identifiable as hotel security staff.
3. That visit should be comprised of a visual survey of the main segments of the hotel room, with no fiddling about in personal belongings.
This means that entering rooms and taking a quick look around does not violate the hotel’s policies.
But it also means that reports of opening closed bags, confiscation of personal effects, and reluctance to self-identify and/or allow guests to verify the legitimacy of the security officers all fall well outside of the policy.
Please know we are not letting this go. We are sympathetic to the new terrain major hotels find themselves in, but our main commitment is to our community. We intend to stay on this until we’re satisfied these issues are resolved for next year.
Updates as we get them.
DEF CON 26 is a Wrap!
Just like that, DEF CON 26 is in the books. We want to thank all of you for making such a success of our little hacker party every year - there is truly no community anywhere like the DEF CON community.
The Dark Tangent announced in closing ceremonies that next year we'll be back at Paris/Bally's. Also a bit of Planet Hollywood. Even more space, but less exposure to deadly solar radiation. We're already planning ways to use it all.
This was a big year for us. We doubled the villages. We grew the workshops. We pumped up demo labs and contests, and we even learned how to set up the crazy lightshow required by the mighty Juno Reactor - which you will get to see shortly, since they let us record their set. (Yay Juno Reactor!) Also, we did that thing in Beijing that went so nice we're doing it twice.
We're gonna take everything we learned from this year's crazy expansions, fine-tune things and bring all that new wisdom to DEF CON 27. If you have ideas, email@example.com stands ready to accept them.
Thank you for all that you share with us, all of your enthusiasm and love that animates everything that happens here. Congratulations to everyone who won something, or learned something, or tried something weird and new. Cheers to all our old friends and our brand new ones. We love you, and we can't wait to get together with you next year.
Press from DEF CON 26!
So, while all of you are doing DEF CON, you’re also making news. Here’s a roundup of interesting articles about what the press noticed at DEF CON 26 so far.
Hacking the US Midterms? It’s Child’s play. - BBC
At DEF CON, the Biggest Election Threat Is Lack of Funding - WIRED
Secretaries of State Blast Election Hacking Exercise - Route50
Election Officials’ Concerns Turn to Information Warfare as Hackers Gather in Vegas - CNN
DEF CON 2018: Hacking Medical Protocols to Change Vital Signs - Threatpost
Tesla Plans to Open-source its Vehicle Security Software - Electrek
NSA Brings Nation-state Details to DEF CON - Dark Reading
Music Lineup Update
Tonight's music selection has shifted a little in transit - same great lineup, just in new timeslots. Make sure to share with anyone you think is interested in music and joy.
The new lineup:
21:30 - 22:30 - Skittish and Bus (@Skittishandbus)
22:30 - 23:30 - Zebbler Encanti Experience (@zebbler and @encanti)
23:30 - 00:30 - Miss Jackalope (@djjackalope)
00:30 - 02:00 - Juno Reactor (@junoreactor)
02:00 - 03:00 - s7a73farm (@s7a73farm)
Do You Remember?
I’m the DEF CON bean bag. You might remember me from my appearance on Twitter at DEF CON 25 and such films as ‘I Have No Shape and I Must Scream’, ‘Dial S for Stuffing’ and ‘My Dinner with Andre.’
If you’d like to take me home, drop by the Official Swag area while I last!
There’s a rumor that I might make an appearance at Closing Ceremonies for a few people who’ve been especially awesome.
DEF CON 26 Torrents!
Ready to ingest some more DEF CON 26 media? Go ahead and unhinge your cyber-jaws and fire up our new torrent and magnet links. We’ve got the DEF CON 26 Original Soundtrack, the DEF CON 26 Presentations and the additional material from the Workshops.
Grab a link, guzzle the content and enjoy it at your leisure.
DEF CON 26 Music Soundtrack
magnet:?xt=urn:btih:beedc5c36e8ba3981edfc946fac8c84e304ece9f&dn=DEF CON 26 music&tr=https://tracker.defcon.org/announce
DEF CON 26 Presentations
magnet:?xt=urn:btih:aafec09a5fa1c9fe75d062a1a39c5fa030a83f39&dn=DEF CON 26 presentations&tr=https://tracker.infocon.org/announce
DEF CON 26 Workshops
magnet:?xt=urn:btih:1d78f8158a4a505fbfc25e62c390e50358026aa7&dn=DEF CON 26 workshops&tr=https://tracker.defcon.org/announce
The regular, non-magnetic links are under DEF CON 26 on media.defcon.org.
We now return you to your regularly scheduled programming.
DEF CON 26 CD!
Let’s set the mood, people. Head over to the DEF CON media server for the whole OST Soundtrack to DEF CON 26 in several delicious digital flavors for your downloading pleasure. If you’re BT inclined, there’s a torrent file in there too.
Here’s the stellar lineup of future favorite jams we’ve assembled for you.
Skittish & Bus - OTP
Dual Core - Apex Predator (featuring Tribe One)
T-4-2 - Digital Boyz
ISHI - Diamond Door (Left-Right Remix)
The TroubleShooters - This World
Haaj - Reactor Containment
FWLR & JELO - Even The Noble Shall Fall
MC Frontalot - Colonel, Panic!
MODERNS - Figuratives (DEF CON Edit)
Ascendant - Source Transmission
Mikal kHill - Mouser's Back
Icommitfelonies - Hashdump
Haaj - Gamma Rays
If you run through all of this and it’s still not Thursday morning, please continue pregaming with the DEF CON channel at SOMAFM. http://somafm.com/defcon/.
It’s almost here, luminous humans of the DEF CONiverse. Our reunion is at hand.
DEF CON 26 WiFi Reg is Live!
The DEF CON 26 WiFi Reg page is live, with all the info you need to securely log in to the wireless network on the DEF CON conference areas.
Please read carefully - there's new cert information and there are pretty explicit instructions for your specific OS.
It's not a trap.
DEF CON 26 ATTENDEE REPORTED INCIDENT POLICY
As a followup to my last post we realized that if we were hoping people would emulate our policies at other conferences we may as well release our attendee incident reporting policy as well. The version given to all the DEF CON Goons is the same as below but also includes confidential reporting phone numbers.
ATTENDEE REPORTED INCIDENT POLICY
DEF CON does not tolerate harassment of any kind, be it racial, sexual, physical, political, intellectual, or emotional. Every Goon shall take each report by an attendee seriously, and not dismiss any of them. Never turn an attendee away. It is not a Goon’s duty to judge anything that an attendee says, regardless of opinions of the attendee, the person they’re reporting, or the reported issue itself.
Reported/Observed Harassment or Assault
When an attendee reports harassment or assault to any Goon follow this procedure:
1. Get a second Goon to be with you to listen to the report.
2. Have one goon contact a SOC goon via the SOC Contact Procedures
3. Make a warm hand off with the attendee to the SOC Department.
4. Let the SOC conduct their investigation and handle the incident from there.
5. Be available to answer any questions from the SOC or venue security.
Interaction with Social and Traditional Media
DO NOT SHARE photos or videos. Please let the responding SOC GOONS know if you have any video or pictures, they may end up being evidence, but out of context could cause problems.
During or after an incident, you may be asked to comment on the situation. DO NOT make any comments to reporters, and do not post about the incident on social media. As a Goon, the media will treat anything you say as an official statement from DEF CON. Commenting prematurely before we understand the situation could cause more confusion or reveal identities that should remain confidential so please refrain from speculating and work with SOC / PRESS to help them understand what happened.
Refer all media inquiries to the DEF CON Press Department (firstname.lastname@example.org or send them to the press room)
DEF CON 26 Support Resources!
In my last post about the DEF CON Code of Conduct, I mentioned that I wanted to make sure that the community had all the tools necessary to get involved and report problems when they arise.
In this post, my last before the con, I'll talk about some of the new efforts we are deploying for DEF CON 26. It will be our first year for some of these, so we are looking for feedback. You will notice a theme of transparency, appropriate given the theme of this year's con!
NEW WAYS TO REPORT ISSUES: The DEF CON Support Hotline
You can reach DEF CON staff during normal hours of operation (8am to 4am) to anonymously report any behavior violating our code of conduct or to find an empathic ear by calling +1 (725) 867-7255. Trained community volunteers will be standing by to help any attendees.
You can still report issues by going to any Info Booth or talking to any SOC Goon, but sometimes you may not want to be walking around in person with a problem, and so this year we have added a phone option.
NEW SUPPORT RESOURCES:
We are collaborating with several organizations including Kick at Darkness, The Rape Crisis Center Las Vegas, and the Nevada Coalition to End Domestic and Sexual Violence to provide expert resources for survivors, including dedicated support for LGBTQ+. When you call the Hotline you will reach DEF CON community Goons trained to help in these areas.
NEW WAYS TO IDENTIFY GOONS:
In the past there has been some confusion by attendees with what Goon they were actually talking with.
New for DEF CON 26 Goons should all have visible patches with their nickname on them so it is easier to remember who you talk to about what. The name patches should be attached to the front of the Goon's lanyards and be more visible than the back of a shirt that might be covered by a backpack.
Please use the name on the patch if you have any feedback on Goons, good or bad. Feedback can be sent to email@example.com, written and dropped off at registration, or if serious enough called into the Hotline.
MORE DETAILED TRANSPARENCY REPORT:
Based on the positive community response to our closing ceremony transparency report, we plan to do this every year and hope other conferences do as well.
As people get comfortable reporting issues I expect the numbers to increase, and only by facing these issues head on can we hope to prevent them. It requires courage to speak truth to power, or to report something that is unpleasant in your community, but together we can make things better.
See everyone soon!
The Dark Tangent
DEF CON 26 Hacker Tracker!
A must have for your burner phone - the DEF CON Hacker Tracker puts all the talks, contests, events and parties all in one easy-to-navigate package. It’s available in both android and Apple flavors and it’s free.
Media Treats for DEF CON 26!
Less than 2 weeks to DEF CON 26 - how about a little treat to get you in the mood? Head over to the DEF CON Media Server for a sweet video and a single from DEF CON favorites Skittish and Bus, straight from the DC26 Soundtrack.
Get hyped, fam. We're in the home stretch.
DEF CON Code of Conduct
When I designed the updated DEF CON Code of Conduct in 2015, I had a few goals in mind. Make it simple to understand, express in broad strokes what kind of behavior is not acceptable, and don't be too specific.
I wanted it to act as a template for other conferences, if they chose to do so. It was legally reviewed by our outside law firm and a specialist. In 2018, it's looking like it may get seriously crash tested.
The Code of Conduct assumes people are acting in good faith and not creating intentionally elaborate, dishonest or disingenuous claims of harm. "Ah ha! This is where the bad actors will attack the CoC" you may be thinking.
As a conference of hackers, our CoC is intentionally flexible: like a spoon in the matrix. We describe generally what is not acceptable as opposed to trying to enumerate 42 different bad behaviors.
Besides the CoC, DEF CON has several structural factors that are to our advantage when dealing with people intent on disruption. This is not our first conference, and as such we have a department dedicated to dealing with this problem. We have also had time to plan with hotel and casino security should we need their involvement. We take this issue very seriously and choose to err on the side of removing people, rather than allow them to spoil the conference for those who just want to contribute in a positive way.
Finally, I have always said that DEF CON is what you make of it. I want to make sure our community has all the tools necessary to identify and report unacceptable behavior. Together, we will have all the pieces in place to act quickly and professionally, no matter what the issue is.
The Dark Tangent
Party at DEF CON 26!
Many people love parties. Facts.
If you are one of those party-loving people, this update will fill up your smile tank. The Parties and Meetups Page is LIVE! Use it to learn all about the DC 26 party/meetup scene. Then, when the time is right, party with other partiers. Or meet up with people who share your interests.
Go get your life. It's all the best.
Friends of Bill W at DEF CON 26
For all those Friends of Bill W. looking for a meeting, or just a quiet moment to regroup from the Vegas of it all, we have you covered. There are meetings throughout DEF CON - Noon and five pm Thursday through Saturday and Noon on Sunday. The location is the same as last year, in Office 4 Behind the DEF CON Info Booth.
Stop by and refresh yourself. We'll be here.
Contests and Events at DEF CON 26 posted!
Now that you’ve had a whole day to absorb the epic Village list, we’ve got some more goodies for you. The Contests and Events page is now LIVE, and it’s also quite a bit to take in.
Ranging from the straightforward elegance of the Tin Foil Hat Challenge to the complexity of an Industrial Control Systems CTF competition, there’s contests here for just about any hacker discipline, and every level of skill or experience. Contests are also a great way for the shyer among us to beat the icebreaker blues and get right into some fun with a bunch of likeminded strangers.
The more extroverted attendees can still opt for a Charity Mohawk or the cringetastic glory of Hacker Karaoke.
Block off a little time for pre-con recon and make a plan to make sure you get to sample widely from the smorgasbord of C&E offerings.
Our reunion draws ever closer, fam. Get amped.
So Many Villages!
DEF CON 26 is less than a month away, and the DC26 Villages page is live and ready for your attention! Bring a snack, though - there’s a lot of villages this year. Twenty-eight (28!) villages, covering a pretty staggering array content.
Internet of Things
Crypto and Privacy
Voting Machine Hacking
Mobile Museum of Vintage Technology
CAAD (Competition on Adversarial Attacks and Defenses)
Industrial Control Systems
Chances are there’s a few things in that list you want to level up on.
As always, the Villages are generated by the interest and effort of DEF CON Community members looking to share their interests and obsessions with you. Come through and show them some love and learn something new. If your obsession isn’t represented, maybe it’s time to write up a proposal for DEF CON 27!
Demo Labs for DEF CON 26 Posted!
More DEF CON 26 goodies for your perusal – Demo Labs are Live! You should take a moment to check out the lineup, and set aside some time to visit when you’re at the Con. In addition to being a cool way to see what your fellow hackers are working on, it’s an opportunity to offer your expertise, meet potential collaborators and help push the community forward.
Demo Labs are interactive, so, you know, interact.
Just over a month, people!
DEF CON 26 Workshops!
Another milestone on the Road to DEF CON 26! The workshops page is live on the DEF CON site. Registration is still a ways off - July 8, to be precise, but now is the perfect time to get yourself familiar with the offerings. The spots traditionally fill up pretty quick, so be ready to claim your seat when the light turns green next month, maybe even consider a few backups.
It’s officially summertime in our host hemisphere - the season of DEF CON has begun!
The Entire lineup of DEF CON 26 Talks is Live!
DEF CON family, the time of our reunion approaches. In just a few days, summer arrives in the Northern Hemisphere. The pages of the calendar turn, ever closer to August. Today comes the surest sign - the DEF CON 26 speaker list is live on DEFCON.org.
The wait is over - dig into the list to start your conference planning! We’re proud of the lineup we’ve created this year, and we think whatever your particular itch you’ll find some talks and panels that scratch it for you.
We’d also like to take a moment to thank the undersung heroes of the Selection Committee. They devote crazy amounts of time and energy to working through hundreds and hundreds of proposals to make sure the best ones make it to the top of the pile. They work hard, they make us great and they deserve your appreciation.
It’s almost here, hacker fam. Can you feel it?
DEF CON China Talk Video!
Please enjoy the video of the Keynote presentation from DEF CON China! It's the redoubtable Dan Kaminsky, and his topic is "Bugs Aren't Random: Unifying Building and Breaking in the Modern Age." Many topics are covered, as viewers of previous Kaminsky talks can attest.
We also offer you the estimable and renowned Vito Genovese from the mighty Legitimate Business Syndicate, discussing the lessons taken from five years running the DEF CON CTF contest.
From the abstract:
"This presentation will cover topics about all aspects of CTF organization: the history of CTF, building a cross-functional organizing team that sticks together year after year, developing a game infrastructure that handles the onslaught of attacks from players, and the stories behind some of the most difficult CTF challenges ever built."
As always, enjoy and share the info. Be sure to join us in Vegas for the brand new CTF run by the scrappy upstarts in The Order of the Overflow.
DEF CON 25 Transparency Report!
At the closing ceremonies of DEF CON 25 last year we shared the results of our first public transparency report - an account of the incidents we dealt with throughout the con. The report now has a permanent home on the DEF CON website, and we’ll be updating it after every event.
We’re hoping that this kind of reporting catches on. It’s a good way to know where to concentrate our efforts, to attach more public accountability to the DEF CON Code of Conduct and to familiarize our community with how we handle con-goers’ concerns.
So check it out, and check back after DC 26 to see what went down behind the scenes..
PS whoever brought that one ‘vicious animal’ to the party - Hey. Don’t do that. Jebus.
DEF CON 26 Link Roundup!
The Recon Village is hosting a hackathon at DEF CON 26! If you like the idea of working on an OSINT/Recon tool with fun strangers and copious energy drink consumption, get your info/signup on at the link.
Friendly reminder that the Data Duplication Village has a CFP that's open until June 15th. Which is super soon, so if you're looking to speak there we suggest haste and focus.
The Social Engineering Village has its speaker schedule posted already! The season of the Con is most assuredly on. Check out who's gonna be dropping science on the hacking of humans, and make your plans accordingly.
For those of you who like a little 'pew-pew-pew' in your Vegas adventures, good news! The DEF CON shoot returns for DC26 - and registration is open. You can get the rules, schedule and location over at deviating.net.
Stay tuned as DEF CON 26 continues to coalesce.
DEF CON 26 Entertainment Announcement: Juno Reactor!
DEF CON believes in balance. For all the forebrain overstimulation we provide by day, we provide an antidote at night - a carefully curated beat menu to work out your funky lizard underbrain.
To that end, we are so proud to announce that some of those healing beats will be provided to you by the mighty, mighty Juno Reactor! You know Juno (government name: Ben Watkins) from decades of sonic bad-assery that includes the high-energy proto-trance of his debut ‘Transmissions’, the beat science of 2004’s ‘Labyrinth' and wildly cinematic soundscapes that adorn projects like ‘The Matrix Trilogy’, ‘2017 Gran Tourismo’ and ‘Drive’.
This performance will be hot on the heels of the June release of ‘The Mutant Theater’ - expect serious rhythm and highly interactive stage show that’s been described as ‘Labyrinth meets Barbarella’.
Check out Juno Reactor’s work. Get excited. This is gonna be special.
DEF CON 26 CTF Quals Write Ups!
Now that the DEF CON 26 CTF Quals are complete, here's a roundup of some of the first challenge write-ups to appear in the wild. Please read them, learn from them, and share them. If you don't participate in the CTF yet, let them inspire you to throw your hat into the ring.
"It's a Me" Challenge:
Mario and Racewars:
PoW as a Service:
DEF CON 26 CTF Quals Winners!
Congratulations to Samurai for winning the hotly contested DEF CON 26 CTF Quals! Our thanks also to the luminous humans of Order of the Overflow for putting on such a fun event! Check out the scoreboard for all the rankings!
See all those qualified at the big show- DC26!
Halfway through DEF CON 26 CTF Quals!
You can follow the action at the DEF CON 26 CTF Quals on this convenient scoreboard provided by the fine humans of The Order if the Overflow. So you should.
Images from the Twittersphere: DEF CON China [Beta]!
Our first DEF CON outside the U.S. is in full swing and day one is on the books! The twittersphere has been providing a window into that first day, so get a load of the photos people have been posting from DEF CON China!
DEF CON 26 Homework: Critical Thinking Edition!
More Reading Homework for DEF CON 26!
Another way to keep dystopia at bay: question everything. Widen your information funnel. Examine the framing. Check your sources.
In the spirit of DEF CON 26’s theme “1983: The View from Dystopia’s Edge”, we offer some homework reading with a focus on critical thinking.
First up, the delightful “You are Being Lied To”. It’s compiled by the redoubtable Russ Kick of the legendary first version of disinfo.com, and it’s a sage, provocative collection of bite-size think pieces from all over the cognitive map. The only through line is that many of your assumptions are garbage. Start anywhere, and let it shift your paradigm.
“The Undercover Economist” is Tim Harford’s wry take on the basics of economic theory, with a special emphasis on the strange and counterintuitive ways the tangled forces of the economy affect your daily reality.
The final assignment for today is Walter Lippmann’s ‘Public Opinion’. Written almost a century ago, “Public Opinion” is an eerily incisive and prescient take on the way your opinions are crafted and slipped into your head while your attention is elsewhere. Less dated than you think, and packed with meaty insights for the ‘post-truth’ era. Prepare to question how (and why) you know everything you think you know.
Happy reading! Stay tuned for more assignments in the coming days.
Roundup of DEF CON Updates!
Early bird reg for DEF CON China [beta] has now closed. Online reg remains open for those who prefer it, but please be aware that the standard DEF CON method of paying at the door works just fine.
The passing of one major deadline doesn’t mean you have no reason to stay up all night sweating over a presentation idea. Many of the DEF CON 26 open calls closed May 1, but there are still villages and events still wide open for submissions. For example:
The brand-new Ethics Village (ethicsvillage.org) is accepting talk submissions until June 22.
Car Hacking Village (carhackingvillage.com) is still open.
Hardware hacking village is looking for talks, art and demos. Check their forum thread for more info.
Crypto and Privacy Village is open until June 15 (Cryptovillage.org)
AI Village CFP closes June 15 (https://goo.gl/forms/g50hhGITiOWEbo002)
Follow @defcon for village announcements as we get them!
Got a clever youngling you’re thinking of bringing along to DEF CON 26? Social Engineering Village has SE Capture the Flag contests for kids and teens - Find all the details at social-engineer.com!
CTF Quals Registration for DEF CON 26 is Now Open!
DEF CON Quals CTF 2018 registration is now open! https://register.oooverflow.io
#DEFCONQUALS2018 will be held 00:00 UTC on May 12th for 48 hours. Glory awaits for the brave and the skilled. Get in the arena!
New Soldering Skills Village at DEF CON 26!
Announcing new for DEF CON 26, the Soldering Skills Village! The SSV will focus purely on soldering and making at DEF CON while the HHV will focus on bringing more hardware hacking resources than ever before!
The change-up is beneficial for everyone, it means both villages can get quiet and well-lit spaces. It also means the two volunteer groups can better support the DEF CON community in their own ways. Both villages will maintain an open share of knowledge and volunteers between them. The SSV and HHV will coexist at DEF CON and provide the most that they can to all DEF CON attendees!
Also: Got something you want to show off, teach, or blab on about? Let us know about it! Shoot an email to [email]firstname.lastname@example.org[/email] Now accepting submissions for demos, talks, art, anything hardware you want to show off!
More info at https://www.dchhv.org
Space Announcement for DEF CON 26!
DEF CON 26 is getting close and now is the time to let everyone in on some big changes we've got in store. We've accepted a record number of villages and are growing the number of workshops from last year. To hold all this goodness we are growing to include the Flamingo hotel.
- DEF CON has has accepted more villages than ever before and needs to grow.
- DEF CON is spreading to two hotels, Caesars Palace and the Flamingo.
- This lets us do more stuff + evening pool parties.
For DEF CON 26 we will try something we have never done - Split the con between two hotels! No, not like Paris + Ballys, they are connected. I'm talking Caesars Palace and the Flamingo across the street.
"That's Crazy!" you say. "Why do we need that much space?" you say. Check this out: The number of villages will almost double from last year to about 25. Parties should increase. More contests are under development. DEF CON needs space to support all the awesome projects from the community and I'd really like to throw some pool parties. That is all now possible.
In the next month you will hear more specifics but I want to answer some questions here:
- How will the space be split? The Flamingo will hold some of the "destination" events to relieve pressure off of Caesars Palace. Current planning includes Workshops, DEF CON 101 track, some villages and contests, a chill out space, pool parties, and more once we finish planning.
- Will there be DC TV at the Flamingo? Yes DC TV will be in the Flamingo and as many other hotels as we can wire. A more definitive list soon, but we are building on what we did last year.
- If you ran a village or contest last year you should count on the same or more space you got last year. If you are running a first time event we will work to meet all of your needs. If you want even more space or a dedicated spot at the Flamingo we can work on making that happen.
With the move to Caesars Palace last year we got more space and a different floor plan that helped with some flow, but the broken escalators stole some of those gains. For DEF CON 26 the escalators are fixed and we have a better understanding of how to use the space. With that understanding and the growth of interest in Village and Contests we realized that we are out of space and need to span to a new property. This growth will allow us to accept more contests and villages and try some new stuff while giving existing events some room to breathe.
Online Registration is open for DEF CON China [Beta]!
Online registration for DEF CON China [beta] is LIVE! Follow the link, (using the translate feature in Chrome comes in handy) and save yourself a seat at the first international DEF CON hacking conference!
Of course, you are not required to make use of the online form. The traditional DEF CON method of cash at the door works too. In fact, if you want to pay at the door, cash is the only option for those visiting China for the conference. The price onsite is ¥1088, which is about USD173 at current exchange rates.
The venue for DEF CON China [beta] is the Beijing Kuntai Hotel, which you can book here. (http://www.kuntaihotel.com/en/) Once you have a confirmation from the hotel, you can use that document to help with your Travel Visa Application. (http://www.china-embassy.org/eng/visas/hrsq/)
Thanks to everyone who’s planning to make the trip and participate in this new DEF CON adventure. We’re working hard to put together a great show and we’ll see you in Beijing in just under a month!
Remainder of DEF CON China Speakers are Live, Schedule Updated!
DEF CON China [beta] is almost upon us, and we’re hoping to see lots of you there. To help you make your plans we’ve got a finalized speaker list and schedule! All the presenters are top-shelf and bring a wide variety of technical skill and subject matter expertise - we’re excited about all the final selections.
Triton and Symbolic Execution on GDB
Spreading malware with Google (Nice Quilombo)
Fabian Cuchietti & Gonzalo Sanchez
You Logged Into My Account
Fooling Image Search Engine
Yuanjun Gong, Bin Liang, & Jianjun Huang
Security Research Over the Windows (kernel)
Smart Contract Hacking
Passwords in the Air: Harvesting Wi-Fi Credentials from SmartCfg Provisioning
Changyu Li & Quanpu Cai
DEF CON Groups Panel
Peter Wesley, Tielei Wang, Changsheng Gao, Xinpeng Liu, Jun Li, April C. Wright, & Jayson E. Street
General ways to find and exploit Path Traversal Vulnerabilities on Android APPs
Xiaobo Xiang (Elphet)
The schedule is now live! Read the abstracts, pick your favorites, and get psyched.
Only one month to go until DEF CON China - are you ready?
DEF CON 26 Biohacking Village CFP is Open!
Cyborgs, grinders, human potential optimizers of all kinds, harken! BioHacking Village at DC26 is giving you until June 22 to get your proposals in. As always with CFPs, procrastination isn’t your friend- the more time we have to help turn good proposals into great ones, the better. The relevant data is linked below.
You have your assignment - we look forward to your entries.
DEF CON 26 Biohacking Village CFP
DEF CON 26 CTF Pre Qualifying Events Announced!
The DEF CON 26 CTF is taking shape!
The 2018 pre-qualifying events have been selected! 🎉
The winners of DEFCON 2017, HITCON 2017, CCC 2017, 0CTF 2018, and PlaidCTF 2018 will automatically qualify for DEF CON 2018! This means, so far, PPP, DEFKOR, and pasten --- congrats!
A Prequal event for one of these, 0CTF 2018, kicks off tomorrow - online, jeopardy-style. If you’ve always wanted to try your skills against the best at the DC CTF, this is a good place to start. Assemble your team, sign up and see where it takes you.
Full info: https://oooverflow.io
First Round of Talks for DEF CON China [Beta]!
More Beijing news for you - we are excited to bring you the first round of accepted speakers for DEF CON China!
The first round selections include talks from DEF CON favorites like Zoz, Dan Kaminsky and Jayson Street as well as Chinese researchers like Dr. Tao (Lenx) Wei and Dr. Haixin Duan. Get acquainted with the speakers of Round 1 and watch this space for the announcement of Round 2 selections.
It’s coming together, people. We hope you’re as excited as we are .
First China Workshops are Live!
DEF CON China [beta] is shaping up fast, and we’ve got another exciting content announcement.
Selections for DEF CON China (beta) workshops are well underway. So well underway, in fact, that we already have three of them selected! They are:
UAC 0day, all day!
Practical Malware Analysis: Hands-On
Sam Bowne, Devin Duffy-Halseth, and Dylan Smith
Principals on Leveraging PowerShell for Red Teams
If you’re interested in a deep dive into these subjects, please visit our workshops page for all the details. You’ll also want to bookmark that page and check back frequently, as we’ll be adding more in the coming days.
DEF CON China [Beta] Village Selection has Begun!
May 11 approaches, DEF CON enthusiasts, and we have news! Village selection is underway - we can already confirm the following for DEF CON China [beta].
Lockpicking Village, hosted and run by the lock wizards of The Open Organization of Lockpickers (TOOOL). You could not be in more capable hands, whether you’re learning the ropes or testing your skills.
Car Hacking Village. Get your hands on the state of the art in connected auto security.
RECON Village - For people interested in Open Source Intelligence (OSINT) and its many applications.
The very popular Packet Hacking Village, where you can hone your knowledge of network hacking in all its flavors.
Hardware Hacking Village. Void warranties, break and remake physical tech and smell that sweet solder in the air.
You can learn about these villages and keep track as new ones are added for DEF CON China [beta] at the Villages page.
DEF CON China is beginning to assume its final form - join us in Beijing May 11-13!
DEF CON 26 and China [Beta] News: RECON Village Returns!
Everyone interested in OSINT, Red Teaming and the like can breathe easy - the RECON Village will return for DEF CON 26. For those of you not yet in the know, please enjoy this video of the RECON Village keynote from DEF CON 25 and get excited!
The DEF CON RECON Village will also be joining us for the first Beta DEF CON in China, and their Call for Papers is open right now, so check it out!
DEF CON China [Beta] Site is Live! Calls are open!
DEF CON China [beta], co-hosted by Baidu Security, is happening May 11-13, and we’re moving into high-gear Con mode! In addition to the Call for Papers, we’re also opening up the following Calls:
Contests and Events. Puzzlemasters, game-makers and party-throwers, bring us your best ideas! We want to share the fun side of DEF CON with the world, and if your proposal is selected, we’ll pitch in to make it a reality.
Villages. The hands-on mini-con is a perfect introduction to DEF CON, and we’re looking to you to conceive, plan and run the DEF CON Village we’ve never seen but always needed. Assemble your team, create your proposal and join us in Beijing!
Demo Labs! This is your chance to show off the project you’ve been hacking on, and get attention and feedback from the DEF CON community. Take that open source effort out of the garage and into the spotlight!
You’re still reading - probably because you’re psyched and looking for where you sign up, right? Maybe a DEF CON China website where you can find all the rules, parameters and relevant info? We’ve got that. Head over to https://www.defcon.org/html/defcon-china/dc-cn-index.html, get spun up and then make us proud!
Social Engineering Village CFP is Open for DEF CON 26!
The Social Engineering Village has issued its official Call For Papers for DEF CON 26! That means it's time for those of you adept in the dark arts of persuasion and wetware exploitation to drop everything and get your potential presentation together. You have until April 1 to leave and impression and win the chance to speak to the best SE audience anywhere.
Get on it!
Dark Tangent Attends Signing Ceremony for DEF CON China [Beta]
DEF CON founder The Dark Tangent has been in Beijing finalizing the agreements for DEF CON China [Beta] - it’s already looking very exciting. As you can see in the attached pictures, the look is already starting to take shape.
The signing ceremony included a New Year’s gift of some really beautiful locks from our partners at Baidu. The locks are in an ancient style, symbolizing the long history of security and security culture.
We’re really looking forward to DEF CON China - everyone is working hard and making big plans!
To submit to the DEF CON China [Beta] CFP, check out our submissions page. Let’s make this amazing together.
Packet Hacking Village (Wall of Sheep) and Skytalks CFPs are Open!
DEF CON 26 is getting off to an early start this year, with our own Call for Everything opening in mid January. It Looks like Packet Hacking Village and Skytalks are getting an early start as well, with both opening Calls or Papers in the last week! Check em out!
Packet Hacking Village CFP
DEF CON China [Beta] Call for Papers is Open!
The DEF CON China [Beta} Call for Papers is open! We are seeking presenters with fresh ideas and exciting research to share with the DEF CON community.
The event takes place soon – May 11-13, 2018. We are accepting and reviewing proposals on an expedited schedule, and speaking spaces are limited so please respond quickly. We are happy to work with you to perfect your proposal if it arrives in time.
The rules for submissions are explained in detail on our CFP page, The Chinese translation of these rules will be online very soon.
We look forward to your submissions!
DEF CON China [Beta] dates announced and Call for Papers opening!
DEF CON 神州【Beta】日期发布及征文启事（Call For Papers）
After more than a year investigating the possibility of bringing DEF CON to China I am proud to announce that we are going to do a [Beta] event in Bejing this May 11-13th!
That means everything is on a very short schedule. This week we will be opening the CFP and launching the China [Beta] sub-site with all the information you need to know to attend or to participate. Interested in running your village, contest or event there? We can help make that happen. Want to speak? Get your materials ready!
过了一年多的深入研究，我很荣幸地宣布 DEF CON 将在五月11至13号降临神州， 在北京召开个DEF CON Beta会议 。
这意味着时间相当紧迫。 我们会在这周开启 CFP 及上传DEF CON神州[Beta]的网页。所有以各式方式 参会的资料将会那发布。欢迎各界英雄豪杰参与。若想作个village, 比赛或其他项目，我们能助你一臂之力！或想当演讲嘉宾吗？请收集好资料准备投稿吧！
Social Engineering Village Call for Papers & SECTF Registration are Open!
Attention Social Engineers!
The DEF CON 26 Social Engineering Village SECTF registration is live! According to the SE Village Twitter it's already got over 100 signups, so don't dally if SE is your jam.
The SE Village Call for Papers is also open! If you’ve got a dynamite talk in you for the social engineering space, you have until April 1 to get your stuff together and submit. SE Village is one of the most popular at DEF CON, so don’t delay, and bring your A game!
DEF CON Groups Year in Review
DCG Ambassador Jayson Street gives a New Year's update on what's coming up for DEF CON Groups worldwide. Sharp-eyed viewers will notice he's apparently doing this in an underground DEF CON museum. :) You can (and should) learn more at defcongroups.org.
As always, if you want that hacker-fresh feeling all year long, find a local DEF CON Group and get involved! DCGs are all over the world, Bogota to Kiev to Cape Town. Can't find one? Start one! Check out this brand new post on how to start a group!
Here it is... The Call for Everything!
Can you feel it? That electricity in the air? It’s the machinery of DEF CON 26 coming to life. The lights are blinking, the drives are spinning and the freshly oiled jaws are wide open for content.
Welcome to the Call for Everything! We’re looking for proposals in the following areas: Talks, Workshops, Villages, Contests, Events, Parties, Music, Demo Labs, Press, and Vendors!
The DEF CON 26 Call for Everything page is where to start for your assignment parameters.
A few pointers...
Early is better than perfect: If your proposal is hot but not quite there, we will work with you to get across the finish line.If you wait until the last moment, you’re kinda on your own.
Follow the guidelines: The angelic volunteers who evaluate the entries have a lot of work to do, and your courtesy in following the format makes their lives easier.
Most importantly, think big. There are a lot of security conferences, but only one of them is DEF CON. Submit accordingly.
Tor .onion Links for DEF CON Sites!
I am proud to announce the v3 .onion address for DEF CON:
defcon.org main web site:
Tor announced a major update to their .onion services at DEF CON 26, version 3 that greatly improves the stability and resistance of .onion sites. In order to visit a v3 .onion site you must use a newer version of Tor, or the "experimental" branch of the Tor Browser Bundle (TBB) available here [https://www.torproject.org/projects/torbrowser.html.en#downloads-alpha].
Read more about this next generation of onion services here [https://blog.torproject.org/tors-fall-harvest-next-generation-onion-services]
- The Dark Tangent
Building the DEF CON CTF, Part 4!
The mighty @Vito_lbs from Legitimate Business Syndicate just published the fourth and final post of the "Building DEF CON CTF" series on the LBS blog. You should read it if you have any interest in Capture the Flag, but it's especially illuminating if you have any interest in what it takes to run the whole show.
If you think you've got a great idea for the next DEF CON CTF, you still have until the end of the year to get a proposal in to us - the info you need is at https://www.defcon.org/html/links/dc-ctf-cfo.html
2018 is right around the corner, people. Preparations are underway.
DEF CON In the News! Election Security Bill Introduced!
The bipartisan Election Security bill introduced in the US Senate yesterday introduces new guidelines for information sharing, cyber security guidelines and even includes a bug bounty program.
Read the full text of the proposed legislation dubbed the “Secure Elections Act”.
DEF CON 26 Hardware Hacking Village News!
Get excited, hacker family! In honor of its tenth anniversary as a DEF CON attraction, Hardware Hacking Village is retooling for DEF CON 26 with all kinds of new energy! There's a new Soldering Skills Village, a new focus for HHV Classic and tons of new resources.
We couldn't be more excited to see all the upgrades in person! Follow @DC_HHV on Twitter and check out their website for more details on all the changes coming for next year!
DEF CON 26 Homework Assignments Roll On!
We've given you a lot of reading so far, so here's an assignment that can be completed in under two hours - The 2006 Alfonso Cuarón film 'Children of Men'.
The movie fits the theme of 1983 by being a thoughtful and moving study of hope and resistance in the face of calamity and misrule. It also features a bunch of stellar performances and some crazy precision camera work (keep your eyes peeled for the long, unbroken takes).
'Children of Men' fits our theme in other ways, too - the set design could hardly be more in line with our DC26 style guide. Concrete skies, graffiti, neglected brutalist edifices everywhere - it's probably as close to a match as you're going to find so feel free to take inspiration from it.
Watch this space for more assignments!
DEF CON in the News!
The DEF CON Voting Village co-hosted an event with the University of Chicago's Harris School of Public Policy to highlight cyber vulnerabilities in our elections infrastructure. At the event, Noah Praetz, Director of Elections with the Cook County, IL Clerk's office issued "2020 Vision" a plan that details ways federal, state, and local government can work together to improve the security posture of U.S. voting infrastructure. You can read the plan here: https://www.defcon.org/images/defcon-25/Election Security White Paper_Praetz_12062017.pdf
DEF CON in the News!
Here's the full video of a hearing of the House Subcommittee on Information Technology regarding the Cybersecurity of Voting Machines. One of the testifiers was Matt Blaze, security superhero and DEF CON Voting Village organizer. It's a good read for anyone who wants to be thoroughly grounded on the state of election security and the plan for moving forward.
"The results of the Voting Village were summarized in detail in a report. It is notable that participants, who did not have any previous special expertise in voting machines or access to any proprietary information or source code, were very quickly able to find ways to compromise every piece of equipment in the Village by the end of the weekend. Depending on the individual model of machine, participants found ways to load malicious software, gain access to administrator passwords, compromise recorded votes and audit logs, or cause equipment to fail. In most cases, these attacks could be carried out from the ordinary interfaces that are exposed to voters and precinct poll workers. The first machine was compromised by a participant within 90 minutes of the doors opening."
You can read the full report from the Voting Village.
And a transcript of Matt's remarks
DEF CON 26: The Homework Continues!
The heart of the DEF CON 26 theme is the concept of the counterfuture. The counterfuture is the open-source alternative to totalitarian dystopia; a world where we use tech and ingenuity for empowerment and connection rather than isolation and control.
In the spirit of the counterfuture, we offer book two in our pre-con homework series: ‘Cryptonomicon’ by Neal Stephenson. It’s a bit of an epic, so you’ll want to pencil in some real reading time. The story concerns two historical inflection points, WWlI and the eve of the 21st century. In both eras, Crypto and savvy are all that protect us from a spreading and despotic darkness. In both, hackers (of various kinds)are the carriers of the counterfuture.
Enjoy, and stay tuned for more assignments.
DEF CON 26 Call for CTF Organizers Reminder!
Friendly reminder to all of you Capture the Flag rock stars - there’s still time to put your stamp on the Super Bowl of CTFs at DEF CON 26!
We’re looking for a team with big ideas and the skills to execute under pressure. A team that wants to push the limits and create challenges that people talk about for years.
If that’s you, read the requirements at https://www.defcon.org/html/links/dc-ctf-cfo.html and get in touch. We look forward to seeing what you’ve got.
DEF CON 26: The Homework Begins!
In keeping with the DC tradition of releasing a list of books, movies and other cultural products to help you get into the headspace of our theme, we offer the first suggested reading assignment: 'Little Brother' by digital-age soothsayer and frequent DEF CON speaker Cory Doctorow.
Don't let the YA trappings trip you up - the book contains a toothsome examination and critique of the dangers of the police state and the role that hackers, makers and like-minded troublemakers can play in turning the tide.
It's also fun. Share your thoughts with us in the comments and stay tuned to this space for your next assignment.
Happy Thanksgiving from DEF CON!
DEF CON in the News: Confessions of a First Time Speaker
For your Thursday enjoyment, we have a fun look into the experience of a first time speaker at DEF CON 25 this year. The take away? You won’t talk at DEF CON if you don’t pony up and submit! Spoiler Alert: Persist!
You can view the author, Jim Nitterauer’s talk regarding DNS Privacy on our YouTube channel:
DEF CON 25 - Jim Nitterauer - DNS: Devious Name Services Destroying Privacy & Anonymity w/o consent
As always, enjoy and pass it on!
Packet Hacking Village Videos Have Hit YouTube!
Our mission to monopolize your spare mind-cycles continues with 22 talks from this year’s very popular Packet Hacking Village. It’s a lot, we know, but we have faith in you. Enjoy, learn a lot of fun new network shenanigans and make sure to share what you learn.
Live now on YouTube, Main Speaking Track Talks from DEF CON 25!
Maybe don’t make a lot of weekend plans. For this Throwback Thursday is we have a playlist of 53 main track talks from DEF CON 25. No matter your interests, you’re definitely going to run out of weekend before you run out of talks to watch. (This math does make some assumptions about sleep and general life maintenance - be safe out there). Go ahead and bask in that monitor glow, get yourself some knowledge and don’t forget to pass it on.
More Assorted Talks from DEF CON 25!
Another set of talks in the AFK vein for your edification. Hacking wind farms, the DEF CON 101 panel, hacking the human genome - it’s a nice assortment of subjects. A bouquet, if you will.
HighWiz, Malware Unicorn, Niki7a, Roamer, Wiseacre, Shaggy - DEF CON 101 Panel
Inbar Raz, Eden Schochat - From One Country, One Floppy to Startup Nation
Jason Hernandez, Sam Richards, Jerod MacDonald-Evoy Tracking Spies in the Skies
John Sotos - Genetic Diseases to Guide Digital Hacks of the Human Genome
Matt Wixey - See no evil, hear no evil: Hacking invisibly & silently with light & sound
Octane - Untrustworthy Hardware and How to Fix It
Snide Owen - Phone system testing and other fun tricks
Whitney Merrill, Terrell McSweeny - Tick, Tick, Tick Boom You're Dead: Tech & the FTC
Jason Staggs - Breaking Wind: Adventures Hacking Wind Farm Control Networks
Enjoy, embiggen, and pass it on.
BioHacking Village Talks are Live on YouTube!
More videos for your edification and enlightenment from the DEF CON 25 BioHacking Village. If you’ve spent any time with the BHV, you know the kind of cutting edge information they bring to the conference. If you haven’t, there’s no better time than right now. Biotech is moving fast and the singularity waits for no one.
As ever, pass it on.
Caesars Room Block expanded for DEF CON 26!
Good news, everyone! We’ve managed to get a bunch more rooms at Caesars Palace into our special rate block. If you’re planning to attend DEF CON 26 and want some of those sweet, sweet onsite lodgings at a substantial discount, the time for action is upon you.
To register at Caesars with our room rate, use the link https://aws.passkey.com/gt/212381033?gtid=281c2a2f3267f177478f6cb65cf90b8b
This link will also get you the discount at several nearby affiliated hotels. While supplies last.
Recon Village Video from DEF CON 25!
Today’s video release is 15 presentations from a new village on the block - Recon Village. Something for anyone interested in any flavor of Open Source Intelligence, Threat Intelligence, Reconnaissance and Red Teaming.
Tyler Rorabaugh - DFIR Automation Orchestration Tools For OSINT Recon
Tracy Maleeff - Into the Bird's Nest: A Comprehensive Look at Twitter
Winner Announcement Prize Distribution
Simon Roses - OSINT Tactics on Source Code and Developers
Shane MacDougal - Keynote: Seeing is Believing The Future of Recon
Mikhail Sasonkin - Up Close and Personal: Keeping an Eye On Mobile
Leah Figueroa - FERPA: Only Grades Are Safe; OSINT In Higher Education
Kunal Aggarwal - DataSploit Open Source Assistant for OSINT
Jason Haddix - Domain Discovery:Expanding Your Scope Like A Boss
Inbar Raz - Do Tinder Bots Dream of Electric Toys
Guillermo Buendia, Yael Esquivel - How To Obtain 100 Facebooks a Day
Dakota Nelson -Total Recoll
Anthony Russell - Building Google For Criminal Enterprises
Andrew Hay - An Introduction to Graph Theory for OSINT
Abhijeth Dugginapeddi - Recon and Bug Bounties What A Great Love Story
Take one down and pass ‘em around. Sharing is caring.
Live on YouTube, Car Hacking Village Video from DEF CON 25!
Let’s start the video release week off strong with ten talks from the DEF CON 25 Car Hacking Village! AUTOSAR, GPS Integrity, SDR Relay Attacks - there’s a lot to keep your brain occupied in here. Also, as a bonus, there’s also an auto-hacking related talk from the main track on low-budget auto hacking.
Mickey Shkatov, Jesse Michael, Oleksandr Bazhaniuk - Driving down the rabbit hole
Weston Hecker - Grand Theft Radio Stopping SDR Relay Attacks
Vlad Gostomelsky - GPS System Integrity
Tim b1tbane, Mitch Johnson, ehntoo - That's No Car Its a Network
Sheila Ayelen Berta, Claudio Caracciolo - The Bicho
Sameer Dixit, Vlad Gostomelsky - Abusing Smart Cars with QR Codes
Montalbano, Gillispie, Connett - Attacking Wireless Interfaces
Jeffrey Quesnelle - An Introduction to AUTOSAR Secure Onboard
Woodbury, Haltmeyer - Linux Stack Based V2X Framework
Badge Life: DEFCON Unofficial Badges Panel
Corey Theun - Heavy Truck and Electronic Logging Devices
Enjoy, and remember to pass ‘em on. More shortly.
Assorted Video Tales from DEF CON 25!
Today’s DEF CON 25 video releases are a variety of novel presentations that take us away from the keyboard and workstation and into the wider world.
Kevin Sacco - Tales of A Healthcare Hacker
Rhett Greenhagen - Skip Tracing For Fun and Profit
J0n J4rv1s - Surveillance Capitalism Will Continue til Morale Improves
Gus Fritschie, Evan Teitelman - Backdooring the Lottery and Other Security Tales
Svea Eckert, Andreas Dewes - Dark Data
Chris Sumner - Rage Against the Weaponized AI Propaganda Machine
Ryan Lackey - Cypherpunks History
Yan Shoshitaishvili - 25 Years of Program Analysis
Manfred - Twenty Years of MMORPG Hacking: Better Graphics, Same Exploits
Pass it on, and watch this space.
Wifi Village Talks are Live on YouTube
The DEF CON 25 video release train rolls on today with 11 talks from the Wifi Village. From suitcase repeater builds to replace attacks on home security networks, there’s something there for everyone.
Woody, Tim Kuester - GODUMPiNG packet sniffing the Gotenna
Vivek Ramachandran, Nishant Sharma, Ashish Bhangale- Deceptacon
Robert Ghilduta - Designing An Automatic Gain Control
Nick Delewski - Failsafe: Yet Another SimpliSafe Attack Vector
Matt Blaze - Sigint for the rest of us
Eric Escobar - SecureWorks: SDR Replay Attacks On Home Security Systems
Balint Seeber - Hacking Some More of the Wireless World
Andrew Strutt - Suitcase Repeater Build for UHF 70cm
Andrew Strutt - POCSAG Amateur Pager Network
Alexander Zakarov - Large Scale Wireless Monitoring: KISMET Packet Sniffer
Aardvark, Darkmatter - WIGLE Like You Mean It Maximizing Your Wardriving
Enjoy, share and stay tuned!
The Voting Machine Hacking village talks from DEF CON 25 are on YouTube!
Hackers owning all the machines at the DEF CON 25 Voting Machine Hacking Village has gotten a lot of press, but the Village also had a roster of talks on the subject from experts like Matt Blaze and Gen. Douglas Lute. The need to reconsider the security of election systems is one of the biggest ideas to come out of DC25, and this playlist is a good way to get yourself up to speed on the state of ballot security.
Jake Braun - Securing the Election Office: A Local Response
Joseph Hall, David Jefferson - Common Misconceptions and False Parallels
Matt Blaze - How did we get here? A history of Voting Technology
Mary Brady, Josh Franklin - The State of US Voting System Security
Joseph Hall - Election Hacking: Legal Considerations from the Civil Side
Harri Hursti - Brief history of election machine hacking
General Douglas Lute - National Security Implications of Voting Attacks
Barbara Simons, David Jefferson - Election Systems: More Than the Booth
As always, pass it on. Share the knowledge.
More on the way.
DEF CON 25 Social Engineer Village Talks on YouTube!
The wise hacker never underestimates the human factor - unlike machines and code humans are eager to be fooled and notoriously difficult to patch. To help expand your horizons in this crucial skillset we present a bunch of talks from the DEF CON 25 Social Engineering Village.
Yaiza Rubio, Félix Brezo - Heavy Diving For Credentials
Tyler Rosonke - Social Engineering With Web Analytics
Robert Wood - Thematic Social Engineering
Jayson E. Street - Strategies on Securing Your Banks and Enterprises
Helen Thackray - Hackers Gonna Hack , But Do They Know Why?
Fahey Owens - Beyond Phishing – Building & Sustaining a Corporate SE Program
Chris Hadnagy - SE vs Predator: Using SE In Ways I Never Thought
Brent White, Tim Roberts - Skills For A Red Teamer
Billy Boatright - Nor Lose The Common Touch
Michele Fincher - Are You Killing Your Security Program?
Keith Conway, Cameron Craig - Change Agents How to Effect Change in Corporate Culture
John Nye - The Human Factor Why Are We So Bad at Security
As always, take some knowledge, share some knowledge.
Many more videos on the way.
ICS Village Talks from DEF CON 25 on YouTube!
Today’s DEF CON 25 videos come from the Industrial Controls Systems (ICS) Village, where we learn about the security challenges confronting the nervous system of modern life.
For the low, low price of time and attention you get:
Thomas Brandsetter - InSecurity in Building Automation
Joe Weiss - Cyber Security Issues with Level 0 through 1 Devices
Chris Sistrunk - What's the DFIRence for ICS
Bryson Bort, Atlas - Grid Insecurity and How to Really Fix This Shit
Blake Johnson Dissecting Industrial Wireless Implementations
Arnaud Soullié - Fun with Modbus 0x5a Nothing New Still Relevant?
Settle yourself in and get hip to the ICS news. Be the hit of every cocktail party with all your new ideas about DFIR and Modbus!
Pass it on and stay tuned for more.
DEF CON 25 Privacy Talks on YouTube!
Another batch of DEF CON 25 talks for your weekend perusal, this time focused on Privacy and pulled from the main speaking track at DEF CON. For those you who can’t get enough presentations on this subject, rest assured that the presentations from the DEF CON 25 Crypto and Privacy Village will follow next week.
Cooper Quintin and Kashmir Hill - The Internet Already Knows I’m Pregnant
Jim Nitterauer - DNS: Devious Name Services Destroying Privacy & Anonymity w/o consent
Peyton Engel - Learning about Government Surveillance Software
Roger Dingledine - Next Generation Tor Onion Services
Richard Thieme - When Privacy Goes Poof! Why It's Gone and Never Coming Back
Tess Schrodinger - Total Recall Implanting Passwords in Cognitive Memory
Weston Hecker - Opt Out or Deauth Trying! AntiTracking Bots & Keystroke Injection
Block out some time, get yourself some hot cocoa and enjoy. As always, spread the love and share the content.
More to come. Stay tuned.
IoT Talk Videos from DEF CON 25!
Hacktober begins. The unleashing of the videos from DEF CON 25 has been initiated.
Today, we have a themed playlist of 15 IoT-centered videos, from the main tracks and the IoT Village alike. Prepare to have your commitment to workplace productivity tested. Enjoy them, be mentally embiggened by them, and share them widely before the DVR botnets swamp us all.
Watch this space for more playlists. It’s all happening.
Happy Hacktober to all.
DEF CON 25 Voting Machine Hacking Village Report Released!
Today at a Washington DC event hosted by the Atlantic Council, the long-awaited DEF CON 25 Voting Village Report was released. You can even watch the presentation live on CSPAN 2 - The Dark Tangent is headlining the event!
During the weekend of DEF CON 25, every single device in the Voting Village was compromised. The report we’re releasing today gives a glimpse into how much we were able to discover in only a few days. Any committed threat actor would devote vastly more time and resources, and we believe that democratic governments must treat the security of election systems with the same rigor and investment as they do their borders.
We entered into this experiment as a non-partisan public service, believing that discussion about solutions has to start with a realistic assessment of what needs fixing. The DEF CON community has a lot of talent in that kind of work, and we saw a way we could contribute.
We would like to thank everyone who joined us in the Voting Village to test the machines, everyone who collaborated on the report, the Atlantic Council for helping us share the results and the Library of Congress for granting an easement of the DMCA provisions that would have blocked this research. This project is a great example of government making room for independent researchers to bring their talents to an issue that matters to all of us. Here’s hoping there will be more success stories like this one.
LegitBS Blog on Running CTF for DEF CON!
Vito from the Legitimate Business Syndicate has started blogging about the experience of running the past five (stellar) DEF CON CTF Contests.
Recommended read for anyone interested in CTF, especially anyone considering responding to our call for CTF Organizers. LBS is top-shelf, and if you’re going to learn, they’re the kind of teachers you want.
DEF CON Capture the Flag Call for Organizers!
After five years of exemplary stewardship of the DEF CON CTF, the shadowy masterminds of the Legitimate Business Syndicate are ready to retire to the shore house. However, whenever life closes a door, hackers jimmy open a window. LegitBS will be missed, but for someone out there a giant opportunity has just opened up.
We know some of you have genius ideas for making your own mark on the world’s premiere CTF competition, we want your proposal. In return for your fresh blood and fanatical devotion, we offer eternal geek glory and a place in the pantheon next to LegitBS, DDTEK, Kenshoto and the all theheroes who have made this contest their own.
There’s a lot you’ll need to know to submit, and you can read all about it on our CTFCFO page.
For inspiration, check out this Mega-panel of previous CTF organizers from DEF CONs past, courtesy of DEF CON 25.
If you’re ready to graduate from the combat arena to the control room, get your ideas together and let’s make some magic. Valhalla awaits.
DEF CON in the news: High Sierra edition
Frequent DEF CON speaker and OSX security guru Patrick Wardle drops some 0day on the eve of Apple’s macOS rollout. 0day with plaintext password exfiltration.
A little more of Patrick’s excellent work from DEF CON 25 - his presentation on OSX Fruitfly.
DEF CON 25 News Roundup: Voting Machines Edition
The #votingvillage we introduced at DEF CON 25 is still in the News - mainly because it’s being cited as one of the driving forces behind a growing shift in attitudes about the security of ballot machines.
In Virginia, the State Board of Elections voted to decertify it’s touchscreen voting machines in time for the November gubernatorial election, and one of the reasons given was the discoveries at DEF CON. We’re hoping for increased focus on security and accountability in our voting systems, and we are pleased to see the subject getting broader attention.
There’s also a very informative episode about DEF CON by the fine people who do all the ‘How Stuff Works’ podcasts. The first half is devoted to a thorough explanation of DC history and the second half is an interview with the wonderful Shannon Morse (@Snubs) about her experiences there as a human and in her professional capacities as a vendor and journalist. It’s from their TechStuff series and it’s worth a listen, especially if you’re new to the community.
The DEF CON 25 Soundtrack Raises Funds for the EFF!
In case you didn't know, the DEF CON 25 Soundtrack is available on Bandcamp as a 'pay-what-you-want' item. All proceeds go directly to keep the exemplary humans at the EFF fighting for the users. So for a modest donation you get dope music from DC25 performers and that warm feeling that only comes from selfless do-goodery.
The DEF CON A&E Team also auctioned off an artist badge for $321. Add that to the current Bandcamp sales of $423.37 and our donation match and you get a current payout to EFF of $1506.
"But the EFF does so much!" you say. "Surely I can still contribute to push that number higher?"
To which we respond, "Yes. Yes you can."
Click that link. Get some tunes. Relive the sounds of DEF CON 25 and toss a little change in the bucket to help the EFF keep cyberspace free.
Do it today, and then make sure to pass it on.
Early Release Video: Patrick Wardle's "Offensive Malware Analysis"
Ease into your weekend with another DEF CON 25 early release video! This time it's Patrick Wardle's presentation "Offensive Malware Analysis: Dissecting OSX FruitFly via a Custom C&C Server". It's a quick talk, but there's lots to chew on here.
As always, enjoy and pass it on.
Cyber Grand Challenge Analysis
from DEF CON 24
Take a deep dive into the DEF CON 24 Cyber Grand Challenge with this video from DARPAtv, because what's cooler than autonomous supercomputers battling for supremacy? Clear a little time (it's a bit over 2 hours of analysis) and get yourself educated.
Early Release Video - DC to DEF CON
Now we take you way back to July 2017 for a leisurely Q&A with two impressively clued-in congresspeople; Rep. James Langevin from Rhode Island and Rep. Will Hurd from Texas.
Ever wondered if there was such thing as a “hacker-friendly” member of Congress? We found some and convinced them to come to DEF CON so you can meet them too! In this first-of-its-kind DEF CON session, two of the most hacker-friendly Congress critters will join DEF CON for an engaging and interactive session with the security research community.
Join the Atlantic Council’s Cyber Statecraft Initiative for a candid discussion with Representatives Will Hurd (R-TX) and James Langevin (D-RI). The two Congressmen share their thoughts on the latest developments in cybersecurity policymaking on the Hill, exchange ideas, and maybe even answer some of the Congressmen’s questions.
As always, enjoy and pass it on.
DEF CON 25 Link Roundup!
Check out a few of the wrap ups and reviews From DEF CON 25!
DEF CON 25 Social engineer Village Wrap Up
Packet hacking Village Presentation Slides
Hacker Warehouse coverage of the DEF CON 25 Voting machine hacking Village
Early Release Videos: Plore - Popping a Smart Gun, & Max Bazaliy - Jailbreaking Apple Watch
Another couple of DEF CON 25 early release videos to brighten up your midweek, in which Plore shows you how 15 bucks and some hacker ingenuity can turn a fancy smart gun back into a regular old dumb gun.
We also have Max Bazaliy's brief but info-dense presentation about the Apple Watch. Max walks through the Watch's vulnerabilities and methods of exploitation and closes with a demo of a jailbreak.
As always, enjoy and pass it on.
Caesars Rooms Going Fast for DEF CON 26!
We don't usually make this announcement anywhere near this early in the pre-con season, but the DEF CON room block for DC26 is already about half-full. Crazy, right?
Those of you interested in the reduced rates we get at the con-affiliated hotels can slide over to https://aws.passkey.com/go/SCDEF8 for the most current info, and keep an eye out for any updates, should more rooms become available.
Harrahs: $64 Sun-Thur, $94 Fri-Sat, $15 resort fee
Ballys: $84 Sun-Thur, $127 Fri-Sat, $19 resort fee
Caesars: $151 Sun-Thur, $171 Fri-Sat, $22 resort fee
Flamingo: $87 Sun-Thur, $127 Fri-Sat, $17 resort fee
Linq: $69 Sun-Thur, $99 Fri-Sat, $17 resort fee
Paris: $133 Sun-Thur, $156 Fri-Sat, $19 resort fee
Complimentary self and valet parking at all properties!
Media Server Treats: Updated Materials and Film Contest Video!
More goodies for you on the DEF CON Media Server. The #DEFCON presentations and workshop materials have been updated and the torrents have been regenerated. The old ones are officially deprecated.
The films from the T.D. Francis X-Hour Film Contest, including the winner, are also there for your viewing pleasure.
Enjoy, and pass it on!
Another DEF CON 25 Early Release Video: Open Source Safe Cracking Robots with Nathan Seidle
Settle in and watch a $200 open source robot crack a combination safe. Learn how and why, sure, but also watch a robot crack a safe.
Early release Video! Elie Bursztein - How We Created the First SHA 1 Collision
Today we bring you another Early Release Talk from DEF CON 25! This time it's a more nuts-and-bolts crypto talk about the creation of the first SHA-1 collision. In this talk, Elie Bursztein delves into the challenges faced from developing a meaningful payload, to scaling the computation to that massive scale, to solving unexpected cryptanalytic challenges.
As ever, enjoy and share the love. Pass it on.
Media Server Treats: Capture the Flag Edition!
More goodies from DEF CON 25 have arrived on the Media Server! This time it's vast quantities of Infoz from the CTF competition. We've got results, services, scorebots and captures, all lovingly hand-compressed by DT for maximum potency. Please enjoy the caps in both team and organizer flavors.
In addition to the individual files in the CTF folder, we have prepared the whole enchilada in handy torrent format. As always, seeding is greatly appreciated. The data must flow.
Media Server Treats: Closing Ceremonies Slideshow Photos are Live!
Population of the DEF CON Media Server with DC25 goodies continues: the pictures from the closing ceremonies slide show are now live. Stay tuned - the entire output of the DEF CON Photo Corps will be available for slurpage in handy torrent format soon. Pictures, PCAPs, videos - maybe crack open a fresh hard drive and settle in. The data will flow.
Early Release Video from DEF CON 25!
Early release video from DEF CON 25 - Garry Kasparov's presentation 'The Brain's Last Stand'. As always, enjoy and make sure to pass it on!
Contest Results from DEF CON 25!
Congratulations to this year's contest winners! The level of competition at DEF CON is serious, whether it's the DC CTF or the Tin Foil Hat Contest, there are many very clever, very resourceful humans vying for the honors, and we salute you.
The contest results page represents the current state of our knowledge. We'll update as additional info comes in - do not despair if you don't see the event you're looking for just yet.
We also salute all those who competed but did not taste victory this year. The distance between observer and competitor is much greater than the one between competitor and victor, and DEF CON 26 will be here sooner than you know.
Receipts, Presentations, and More, on media.defcon.org!
This year, you'll find all that juicy data on the DEF CON media server (media.defcon.org) and you can connect at your leisure and leech to your heart's content with no silly plastic doodads to hunt down of when you're loading out your hotel room.
Anything you might have formerly found on the Con CD, as well as anything we post in the future in the way of Video, Audio, and updates to presentations will be there, so keep your eyes peeled!
DEF CON 25 Receipt
Torrents for Presentation and Workshop Materials:
https://media.defcon.org/DEF CON 25/DEF CON 25 presentations.torrent
https://media.defcon.org/DEF CON 25/DEF CON 25 workshops.torrent
Congrats DEF CON 25 CTF Winners, PPP!
Congratulations to Plaid Parliament of Pwning for their historic win at this year's CTF and a heartfelt thank you to the stand-up folks at Legitimate Business Syndicate for five years of fantastic contests.
You can read the final scores and sift through all their juicy data on the LBS blog:
Thanks for a Great DEF CON 25!
Another DEF CON is in the books. 25 years, and still exciting and expanding. Still staffed and attended by a community of volunteers and enthusiasts who are passionate about improving our shared digital world. You can't really ask for a better anniversary present than that.
Thanks to everyone who brought their energy and curiosity to Caesars this year, to every one of you who took the time to teach something, to every one who brought something to share, and to everyone who made it easy for people new to the scene to find a home.
We hope to see all of you back at Caesars for DEF CON 26! We're gonna get on planning that the minute the dust is cleared from this one. Stay tuned for content updates, contest results and the rest of the press coverage.
As always, we are insanely proud of the DEF CON community.
We love you, and we look forward to doing all this with you again soon.
Mid-Con Press Roundup
DEF CON marches on, Thursday and Friday are in the books. Caesars is still here, Vegas is still hot. For the curious, here's a sampling of the press from DC25 so far, to give you an idea what the world outside this casino is thinking about our beloved hacker party.
Cnet - Everything looks like a hack when you're paranoid at DEF CON.
Cnet does a good job of reminding everyone to take a deep breath and carry on.
Kasparov talks calculated odds, AI, and cybersecurity
Cool Q&A with the brilliant and highly entertaining Kasparov.
It's shockingly easy for hackers to remotely scan and clone your work security badge
Why DEF CON still matters 25 years later
Well, technically 24 years later. But we're glad to still matter.
The First Apple Watch Jailbreak Has Been Demonstrated At Def Con 25
Hackers Will Be Breaking Into Voting Machines This Weekend
Watch this space for more press reaction to DEF CON 25.
#VotingVillage is a hit!
For a rookie, the Voting Machine Hacking Village is off to a very impressive start: consider the following tweets:
90 min after doors open: Complete remote control on the operating system level of the Winvote voting terminal (including election data).
On the e-pollbook front: internal data structure already discovered and reverse engineered within an hour. #VotingVillage
The Voting Village has a bunch of machine makes and models to try your hand at, including Sequoia AVC Edge, ES&S iVotronic, Diebold TSX, Winvote, and Diebold Expresspoll 4000. More importantly, there's a chance to make a little history here. The integrity of voting systems is a live issue in the world's news, and there are a lot of eyes on our little experiment. If your idea of fun includes a little paradigm-shifting, the VotingVillage is open all DEF CON.
In Memoriam, the DEF CON Conference CD
Let's face it: this change has been looming on the horizon for a long time. When we started putting a compact disc full of slide decks and files into the DEF CON goodie bag, it was a perfectly good idea. In those days, 750 megabytes was a decent amount of storage. More importantly, optical discs were still a thing. Readers shipped with all the computers and we all had cool CD wallets and racks and whatnot.
The world has changed, and CDs are now a weird novelty item from the hazy past like Pet Rocks and Cassingles.
This year, you'll find all that juicy data on the DEF CON media server (media.defcon.org) and you can connect at your leisure and leech to your heart's content with no silly plastic doodads to hunt down of when you're loading out your hotel room.
We will miss the Conference CD. We had good times together. We will toast to your memory, and pour out a little data in your honor. See you on the flip side, old friend.
Torrents for Presentation and Workshop Materials:
https://media.defcon.org/DEF CON 25/DEF CON 25 presentations.torrent
https://media.defcon.org/DEF CON 25/DEF CON 25 workshops.torrent
DEFCON 25 Pre-con Link Roundup
It’s very nearly on, DEF CON fam! As many of you are already in the city getting situated, here’s a few helpful links to get your mind right for the impending festivities.
Parking information: Vegas parking is a little different every year - here’s the thread about it on the DEF CON forums.
For that matter, you can use the DEF CON forums to check out information about any of the stuff going on here.
In case you didn’t know, there’s an official app for DEF CON called HackerTracker, available in iOS and Android flavors. Open source and created with love by members of the community, and full of stuff like maps and schedules to help you navigate.
For those of you in Paris and Bally’s, good news! You get DEF CON TV! 4 channels, no waiting.
For the latest in presentation info and such, hit up the DC25-specific media server at dc25-media.defcon.org on the internal DEF CON 25 network.
To keep up to date on the latest of the late-breaking news, follow the main twitter feed @defcon, the DEF CON info booth @dcib and Facebook.com/defcon. Pictures and such also going up at @wearedefcon on Instagram.
And most importantly, registration opens Thursday at 6am. See you there!
Announcing the DEF CON 25 Official Soundtrack
The Official DEF CON soundrack has dropped!The Official DEF CON soundrack has dropped! If you're here in Vegas, you'll get it on a CD with your registration pack, but if not, fear not, you can have it too!
14 tracks of hacker-centric tunes by so many fantastic artists, like:
Skittish and Bus, Laughing Mantis, Information Society, Zebbler Encanti Experience, JG And The Robots, Bioassay, Moderns, Left-Right, Ninjula, Richard Cheese and Lounge Against The Machine, The TroubleShooters, MC Frontalot, Lavos, Dual Core
It's available for free on media.defcon.org in a handy torrent, or if you're feeling benevolent, in a pay what you want format to benefit the EFF.
T.D. Francis X-Hour film contest signups are open!
The time has come...
Sign up now for the 2017 T.D. Francis X-Hour film contest!
Friends of Bill W. at DEF CON 25.
Vegas is a lot of fun, but it can also be just a lot. Too much, even, if you’re trying to keep the horizon level in your windscreen. If you’re a friend of Bill W joining us for DEF CON 25, please know that we have meetings at noon and five p.m., Thursday through Sunday in “Office 4A”, on the promenade level. Drop by if you need to touch base or just want a moment of serenity. We’ll be there.
(See info booth next to office 4 on the map, if you’re having trouble finding “Office 4A”)
DEF CON 25 Data Duplication Village!
Data Duplication Village is back for DEF CON 25, so don't forget to bring up to 3 6TB drives if you want to download the whole enchilada. This year's goodies are:
6TB drive 1-3: Updated archive of infocon.org plus other "direct from DT" content
6TB drive 2-3: freerainbowtables.com hash tables (#1-2)
6TB drive 3-3: GSM A5/1 hash tables plus remaining freerainbowtables.com data (#2-2)
There's a handy schedule to follow and you can drop off and pick up just like dry cleaning.
For more info you can check out dcddv.org and the forum thread
DEF CON 25 Entertainment Lineup!
Curious who's gonna be rocking the house in the wee hours of DEF CON 25? Here's a handy guide to the MainStage performers for all three nights! Enjoy, plot your entertainment journey and pass it on.
Just a little over a week! W00T!
*Richard Cheese and Lounge Against the Machine are performing in the Chill-Out Area, the rest of these performers are on the main stage.
Full-spectrum psychedelic bassquake - ZEE is back!
Saturday Night, y'all!
Zebbler Encanti Experience (aka “ZEE”) is what happens when Pixel Wizard and Techno Badger meet in the woods and decide to short circuit neural pathways of the nearby mushroom pickers with nothing short of bassquakes (9.0 on the scale of awesome) and complete visual reality replacement (somewhat too awesome and terrifying to be numbered anything in particular).
That historic meeting in the woods is the underpinning of the very garments that ZEE now wear at every event they perform. The mere loosening of a button of their coats' pockets opens up a wormhole of psychedelic visions and sub-sonic rattles. But Zebbler Encanti Experience do more than that. They open their minds fully to each and every dance floor and ask you to Get In There!
Richard Cheese and Lounge Against the Machine are BACK for DEF CON 25!
Friday, in the Chillout area, please to enjoy the nearly-too-swanky-to-function sounds of returning DEF CON performers (and DEF CON Soundtrack contributors!) Richard Cheese and Lounge Against the Machine!
America's loudest lounge singer Richard Cheese performs swingin' Vegas versions of rock and rap songs, "swankifying" popular Top40 hits into retro vocal standards. Imagine Sinatra singing Radiohead, and you've got Richard Cheese & Lounge Against The Machine.
The aforementioned DEF CON soundtrack is included with admission at DEF CON 25 or by donating to the EFF (url coming soon).
DEF CON 25 Friday Headliner: Reel Big Fish!
For your DEF CON After Dark enjoyment, we present Friday's headliners, Reel Big Fish! They're fresh from their Beer Run Tour and ready to bring their trademark SoCal skank to the DEF CON masses.
In case you're not familiar, a bio snippet: "Reel Big Fish were one of the legions of Southern California ska-punk bands to edge into the mainstream following the mid-'90s success of No Doubt and Sublime. Like most of their peers, they were distinguished by their hyperkinetic stage shows, juvenile humor, ironic covers of new wave pop songs, and metallic shards of ska."
Sounds fun, yes? Yes.
DEF CON 25 Village Spotlight: ICS VIllage
A small group of SCADA Ninjas are traveling around the globe, spreading the word of SCADA. Unless you are already operating a secret nuclear enrichment facility in your basement or an ACME factory production line, then this is your best chance to get a kick-start into the world of Industrial Control Systems. We are bringing a number of real-world industrial devices from different vendors for you to look, feel and mess around with.
We bring you a safe, yet realistic environment where you can learn on how to assess, enhance, and defend your Industrial Environment. We bring you real components such as Programmable Logic Controllers (PLC), Human Machine Interfaces (HMI), Remote Telemetry Units (RTU), Actuators, etc. to simulate a realistic environment by using commonly components throughout different industrial sectors.
You will be able to connect your machine towards the different industrial components and networks and try to assess these ICS devices with common security scanners, network sniffers to sniff the industrial traffic, and more! In addition to previous years there is a workshop dedicated to ICS 101 and 201. Afterwards there will be an additional but optional challenge to test your newly acquired skills.
Follow @ICS_Village or have a look at www.ics-village.rocks.
New for DEF CON 25:
Voting Machine Hacking Village!
"Just like everything else, it's time for hackers to come in and tell you what's possible and what's not."
-The Dark Tangent
Judging from the headlines, it's a good time to figure out how secure our electronic voting machines are. What better way, we thought, to find out what's real and what's hype than getting a bunch of real voting machines into the hands of thousands of hackers? We happen to know where to find a lot of hackers onthe last weekend in July, so we created the Voting Machine Hacking Village. We're bringing a bunch of voting machines and encouraging people to see what's possible. Let's test the physical security, try attacks at a distance, dump the BIOS, all of it. Knowing is half the battle, people. Let's do our part to add to the base of knowledge.
Read all about it:
Voting Machine Hacking Village on the DEF CON Forums
DEF CON 25 Schedule is Live!
The DEF CON 25 Speaker Schedule is now LIVE! Please consult this schedule for all of your planning needs. For those of you who like to maximize efficiency, it can be paired with a venue map for optimal route planning and GPS programming.
We don't know about you, but we're getting pretty excited about this thing.
Web version: https://www.defcon.org/html/defcon-25/dc-25-schedule.html
PDF version: https://www.defcon.org/images/defcon-25/dc-25-schedule.pdf
Lawyer Meetup at DEF CON 25!
Attention all lawyers, law students, and judges: The DEF CON Lawyer Meetup is BACK! We'll be meeting Saturday the 29th at 6pm in the Counsel Boardroom on the Promenade Level. Join us for conversation and merriment, followed by dinner for those interested in extending the experience.
See you there!
Important Call for Parties Update!
Luxury problem: It turns out that we have a little more free night-time space than we anticipated.
Luxury solution: Turn it over to DEF CON community for some more parties. Got an idea for a fun, open-to-everyone party you’d like to throw? Get at us at email@example.com right away. We’ll work with the best ideas to allocate floor space and get the party launched.
You have your assignment. We look forward to your kick-butt ideas.
DEF CON 25 Demo Labs are Live!
DEF CON Demo Labs are back, and everything you need to know about them is waiting for you at the DEMO Labs Page! It's a heavy lineup of cool, open tools for all kinds of audiences, from testers to defenders to crypto enthusiasts. Bring your curiosity and questions and let's see what grows out of the interaction!
Workshops Reg Opens July 5th!
As hard as it might be to believe, we are less than a month away from DEF CON 25 - can you feel it in the air?
For those of you who are interested in the Workshops, we have some registration info. Online registration for workshops opens July 5 at 3pm PDT. First come, first served, so bookmark https://www.defcon.org/html/defcon-25/dc-25-workshops.html and set an alarm.
See you soon!
Meet the CFP Review Board!
Meet the team of renegade super geniuses that work for months to pick the best talks for DEF CON. We love them, and you should too. It's a crazy hard job reviewing hundreds of highly technical proposals, providing meaningful feedback and picking the best ones. This year they'll be rocking special CFP Review Board badges at DEF CON, so if you see them let them know we appreciate what they do.
The Speaker List is Complete!
You know how we know it’s almost DEF CON? The Southwest is having a heat wave, that ancient tweet about the Feds (allegedly) not appreciating the ‘Spot the Fed’ contest is back and the interwebz are buzzing with burner phone chat.
Also, the speaker list is complete! Get yourself over to the speaker page and learn what wondrous presentations DEF CON 25 has in store for you! We think it’s gonna be a great year, and we want to thank everyone who submitted, both selected and not.
Extra special shout out to the unsung heroes of the CFP Selection team, who labor mightily to pull together the best possible lineup, and to provide the kind of feedback that makes everyone better.
Check out the lineup, plan accordingly, and go ahead and get psyched. DEF CON approaches.
A DEF CON 25 Announcement
No DEF CON 25 Mystery Challenge or badge contest.
Curious Codes, the company that was designing the DEF CON 25 badges, notified us they are no longer working on any challenges or badges for DEF CON.
A combination of design and planning delays combined with a last minute unforeseen personal circumstance made their production impossible.
WHAT DOES THIS MEAN FOR DEF CON?
No special badges or challenge and no mystery challenge
SO NOW WHAT?
We've gone with a DEF CON 25 anniversary theme with the badges and have worked around the clock to get them designed and ordered. Not to fear, we are hackers, it will work out. Everyone will have badges, they just won't have crypto, secret embedded robotics, or radioactive compounds. I'll talk more about the joy of conference badges in a later post.
WAIT, THERE WAS GOING TO BE ANOTHER MYSTERY CHALLENGE?!?
Yes, L0st had planned to do a special DC 25 challenge to break everyone's minds.
Stay tuned for more info on #badgelife, we are planning a badge meet up for all those who enjoy building and collecting conference or contest specific badges of all kinds.
Village Spotlight - Crypto and Privacy Village Edition!
Privacy is important to everyone, both in terms of the abstract legal right to secure our information and the concrete availability of tools and means to keep that data secure. In this age of near-ubiquitous surveillance, it's a good idea to keep your security knowledge sharp.
To that end, the Crypto and Privacy Village is back with a full roster of presentations, contests and workshops to level up your privacy game. Follow them @cryptovillage, or get the full rundown at cryptovillage.org.
Better Know a Contest: Hair Farmer Edition!
The DEF CON Beard and Mustache Contest is back - time to break out the various oils, waxes and industrial fertilizers that keep you looking so profoundly beardy. There are prizes to be won! Join us at 'the intersection of facial hair and hacker culture'.
Beardless, but interested in competing? Please know that there is a freestyle category that actively encourages the creation and display of faux, ersatz and/or fictive facial hair arrangements. Fanciful and improbable designs welcome.
DEF CON 25 Contest Update! SOHOpelessly Broken Router List Released!
The 0Day Device List is now LIVE! Dig into these IoT devices and then demonstrate your exploits at the IoT Village for cool prizes and raucous applause!
Village Spotlight: Packet Hacking Village
Once upon a time, the Wall of Sheep was mostly a bunch of paper plates stapled to a wall, shaming DEF CON attendees for bad security practices. It has grown into a whole village full of packet shenanigans with its own speaker track, contests and even workshops.
There’s loads of information on their wallofsheep.com, including the speakers they’ve so far selected for DC25. There’s a lot to take in, so it pays to get familiar in advance. The Packet Hacking Village has enough going on to satisfy all packet ninjas, from Padawan to full-blown Jedi. Visit their site, follow them on Twitter @wallofsheep and get your chops in order. The mischief starts next month.
'Better Know a Contest’: Crash and Compile Edition
Crash and Compile is part drinking game, part programming contest. The ratio, of course, is yours to determine, but there are prizes for both the solving of programming problems and the drinking of drinks.
There are more rules than this,naturally, and you can find them at crashandcompile.com. They are the kind of rules that go like this: something happens, people take a drink. Also something doesn’t happen, or fails to happen as expected, and people take a drink. You get the picture, we think.
There are also ways to participate if you want to code without the drinking, or drink without the coding, or just distract the people trying to do both.There are prizes, and booze, and the satisfaction of proving that your skills can’t be thwarted by a little casual imbibing.
Follow the organizers on Twitter @crashandcompile and if this seems like your kind of party, get started on the training montage. We’ll see you there!
DEF CON 20 Documentary on USB with updated material!
Still working on convincing someone you like to come with you to DEF CON? Sharing the essence of something as big and complex as DC isn't easy. We've got your back.
This sleek little USB key contains enough info to give a taste of DEF CON's magic. You get:
Jason Scott's terrific DEF CON documentary and a ton of out takes and soundtrack tunes
Videos of DC 20's Hacker Jeopardy and Hacker Pyramid
Music from the artists that played DEF CON 20 Pictures from all over DC20
All the DEF CON programs in PDF format
All the entries from the DC20 Short Story Contest.
When your hand your friend this little bundle of goodies, you're giving them all the data they need to get a real feel for DEF CON. Cool, right?
DEF CON 25 Speaker round 2!
Round 2 of the DEF CON 25 Speaker Selections is LIVE! Get into our speaker page and soak in all the updates. Clear some space in the old noggin for the science we're gonna drop in there. Visualize your ideal route.
How We Created The First SHA-1 Collision And What It Means For Hash Security
Abusing Certificate Transparency Logs
Breaking the x86 Instruction Set
Secure Tokin' and Doobiekeys: How To Roll Your Own Counterfeit Hardware Security Devices
Joe FitzPatrick & Michael Leibowitz
MEATPISTOL, A Modular Malware Implant Framework
FuzzyNop & ceyx
Radio Exploitation 101: Characterizing, Contextualizing, and Applying Wireless Attack Methods
Matt Knight & Marc Newlin
Cisco Catalyst Exploitation
"Tick, Tick, Tick. Boom! You're Dead." — Tech & the FTC
Whitney Merrill & Terrell McSweeny
An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
Andy Robbins & Will Schroeder
Man in the NFC
Haoqi Shan & Jian Yuan
Porosity: A Decompiler For Blockchain-Based Smart Contracts Bytecode
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
Assembly Language is Too High Level
Most importantly, get amped! It's next month, people!
More speaker updates to come. Stay tuned.
DEF CON 25 Sticker Packs now Available!
Got a device with visibly unadorned surface area? Don't worry - DEF CON is here to help you do the right thing. Hide your laptop's shiny silver shame with our stylish, durable DEF CON 25 stickers! There's five in the pack: you get a DC25 logo and four variations of our popular 'Disobey' sticker.
It's almost summer here in the Northern Hemisphere - make sure your gadgets are beach-ready. Get these fine stickers (and all kinds of other DEF CON goodies) at our eBay store, while supplies last.
DEF CON 25 Vendor Applications are Closing Soon!
If you're still hoping to be a vendor at DEF CON 25, you need to to get over to defconvendors.com with all deliberate speed. The space is limited,and the deadline for submissions is June 1.
Don't miss your chance to share your products with thousands of members of the DEF CON community at Caesars Palace in July.
First Round of DEF CON 25 Speakers are Live!
The time has come, worthy citizens of DEF CON! Our first round of speaker selections, piping hot and ready for your delectation. It's going to be a big year, and it's a good time to start planning your con. We'd love to hear which talks you're most interested in so far. Stay tuned to this channel for additional speaker updates in the days to come.
DEF CON in the Media: Mar Talks Art and DEF CON on PBS!
We put a lot of effort into the atmosphere of DEF CON. We bring in musicians and artists that set a tone of high-energy creative inspiration. One of our favorite artists is Mar Williams - you’ve seen Mar's bold and evocative work in the halls, in the programs, on your swag. That style and energy are a large part of the DEF CON image in recent years, and we’re very proud of Mar.
Mar recently shared some thoughts about the creative process and some ideas about the connections between hacking and art with an interviewer at PBS. Check it out and let it inspire you to just start something creative and see where it takes you.
If you find that you really like Mar's style and you need some more of it in your life, Mar has a Patreon account you can check out at https://www.patreon.com/spux.
YouTube version: https://m.youtube.com/watch?v=Ud-l6u9HzVY
You can also find this video (and an enormous quantity of other cool stuff) on the DEF CON Media Server’s Documentary Section. https://media.defcon.org/Hacking Related Documentaries/
Village Spotlight: BioHacking Village!
From the BioHacking Village website at defconbiohackingvillage.org:
"The DEF CON Biohacking Village is a multi-day biotechnology conference focused on breakthrough DIY, grinder, transhumanist, medical technology, and information security along with its related communities in the open source ecosystem. There have been multiple instances of DIYBio overcoming conventional science. We want to celebrate the biohacker movement with a compendium of talks, demonstrations, and a medical device hackathon.
The 2017 BioHacking Village theme is Medical Industry Disrupt. The Medical Industry is one of the last to be touched by technology. We have placed doctors and the study of medicine on an altar for years; the time of ivory towers, pedestals, and information isolation has come to an end. Biohackers are working on projects that have traditionally been kept in the labs of the medical institutions. We are moving science forward by working on DIY projects that matter and use citizen science to solve the economic problems that are caused by privatizing medicine and the resources for research."
If this sounds like your jam, or you just want to dip a toe in the DIYBio pool, you can find out more at defconbiohackingvillage.org, by following @DC_BHV or checking out their space on the DEF CON Forums.
Better Know a Contest - Film Contest Edition!
The TD Francis X-Hour Film Contest is back! Think you've got the skills to conceive, script and shoot a short film in the midst of the DEF CON madness? Do you enjoy fun, prizes and awesome Contest shirts? Sign up, meet some basic requirements,and make your masterpiece.
Full details are on the Film Contest Website (xhourfilmcontest.com), but the basics are:
• You get the full and final rules and the topic when you pick up your reg Packet onsite.
• You can film in the venue so long as you're wearing your brightly colored Contest tees.
• Up to 5 crew - actors and extras aren't counted as crew.
Win prizes like a Seattle Film Institute scholarship and human badges to DEF CON 26, and get your film shown at DEF CON 25. Thank DEF CON through your Oscar tears a surprisingly short time later.*
Slots are limited, so if you want shot at DEF CON Film glory, get over to xhourfilmcontest.com right away and begin your journey.
*your mileage may vary, but you definitely can't rule it out.
DEF CON 25 Village Spotlight: Tamper-Evident Village!
Tamper-evident tech may not be the flashiest security are out there, but it's a fascinating way to get your hands dirty in some ground-level physical security. The wily hacker who masters this space must know methods and techniques for defeating a wide variety of real-world seals, all the while stepping so lightly as to remove all evidence of their passing.
The Tamper-Evident Village brings a ton of different seals for you to practice on, helpful humans to point you in the right direction and even a few contests to test your skills.
Join us in the Tamper Evident Village and level up your physical security skill set!
Tuesday Feature: Better Know a Contest!
We're spotlighting some of the contests of DEF CON 25, to help you map your time and maybe get some practice in. Today's Featured Contest: COINDROIDS!
Coindroids is sort of an RPG, set in a post-humanity Earth where only financial services droids remain, battling each other through the ruins for upgrades and survival. Money is the goal, both as a symbol of power and the weapon from which power is derived.
The game is played within the blockchain, and each block represents a round. To attack, you send defcoin to the attack address. To defend, you send defcoin to a 'block' address to raise your shield. Gain experience, level up, purchase new and more powerful armaments and upgrades and claw your way up the leaderboard. Rule the Cryptocurrency wasteland.
For a thorough explanation of the game's inner workings, check out the coindroids github: https://coindroids.github.io/Coindroids-Documentation/#introduction
Sign up and get some reps in at the Coindroids website: def.coindroids.com
Flashback Friday: DEF CON the Documentary!
For today's #defconflashbackfriday, we offer the DEF CON documentary we commissioned for DEF CON's 20th anniversary. It's a great way to get a feel for what DEF CON is about and the amazing community that makes it happen.
If you've always wanted to come to DEF CON but wished you knew more about what to expect, set aside some time this weekend to watch the video and get up to speed. If it seems like your cup of tea, we'd love to have you join us for our 25th Anniversary Celebration at Caesars Palace.
We'll save you a spot.
Congrats to DEF CON 25 CTF Qualifying Teams!
We'd like to congratulate these qualifiers for DEF CON 25's CTF contest:
Team Rocket ☠️
Excellent work, and may fortune smile on you in Las Vegas this July. We'd also like to thank the shadowy masterminds of the Legitimate Business Syndicate for putting together another great contest. Feels good, doesn't it? The spring is turning to summer, the table is set for the DEF CON CTF and we're in the home stretch of the countdown to DC25. Feel free to get amped.
DEF CON 25 CFP Reminder!
Closes Monday May 1!
If you're waiting until the last minute to submit your presentation, you should know that we are officially in last minute territory right now. The window closes Monday, so if you want to see your talk in contention make good use of the remaining time! The moment of truth is upon you, so clear out some space and get your submission in order.
Let's get your cool ideas up where they belong.
The information you need is here:
DEF CON 25 Crypto & Privacy Village CFP is OPEN!
Cypherpunks, start your engines! Crypto and Privacy Village is returning for DEF CON 25 and they're looking for speakers. If you've got some good stuff to share with the Crypto community, point yourself over to cfp.cryptovillage.org and get your submit on! We're looking forwards to seeing what you've been working on.
DEF CON 25 Vendor Registration is OPEN!
If you have geek-friendly wares you'd like to get in front of tens of thousands of clued-up, engaged and highly caffeinated DEF CON types, might we suggest the vendor area at DEF CON 25? For that audience, you really can't beat it. Smart people with an interest in hacker stuff is literally all we got.
As always, vendor table space is limited, and will get claimed pretty quickly. Its a good idea to get your application in early to ensure your spot. The information you need to apply is available at defconvendors.com. Registration closes on June 1st, 2017, so don't delay.
DEF CON in the News: Smithsonian Edition
The 2016 DARPA Cyber Grand Challenge was kind of a big deal. It was an autonomous, all AI Capture the Flag contest with millions of dollars in prize money. The systems competing were built by teams from all over the country, all of them building the road as they travelled. The teams that made it to the hotly contested final round are all full of straight-up wizards. We're proud of how great the contest turned out, and of all the brilliant humans who made it happen.
When the smoke cleared, For All Secure's Mayhem was the last bot standing. In addition to the millions in prize dollars, the eternal bragging rights and the very stylish DEF CON Black Badge, Mayhem now has a place in official history at the Smithsonian.
Recap and tons of info also available here:
Swag Alert: Jack's Back!
The popular Jack v2 Pirate Electronics Kit has returned to the DEF CON eBay store! Don't miss your chance to get the finest in blinky swag (from the High German 'blinkenschwag'). The last batch sold out almost immediately, so if Jack seems like your jam, get thee to eBay!
DEF CON 25 Call for Demo Labs is Open!
DEF CON Demo Labs are BACK! If you’ve got an open source project (tool or hardware) that you want to get in front of a huge, clued-in and interested audience, you’re gonna want to check out our Demo Labs page. Whether you’re looking for feedback, help or just getting the word out, we can offer you a 2-4 hour dedicated time slot to share at DEF CON 25. And one badge, if your project makes the cut, obvi. Get your info on the DL page and get your proposal in before June 1, and let’s make some demo magic!
Next DEF CON 25 CTF Qualifying Event is Approaching!
Friendly DEF CON 25 CTF reminder: The next qualifying event is PlaidCTF, an online jeopardy-style contest that's a mere 10 days away! You can get more infoz at plaidctf.com, but it's time to #getonit. Fortune favors the bold.
Call for Contests, Events, and Villages is Closed!
The Call for Contests/Events/Parties is now closed. If you submitted a proposal, expect a response soon. If you just want to know what kind of delights are in store for DEF CON 25 attendees, watch this space.
It's getting closer, people. Feel free to get amped.
Press Registration is Open for DEF CON 25!
Friendly reminder to our friends in the fourth estate: Press Registration for DEF CON 25 is now officially OPEN! Spaces are limited, and speedy application improves your chances. The information you need to get your ducks properly aligned is on the DEF CON Press page. We've made some changes to streamline the process, so it's worth your time to check that out.
We look forward to hearing from you. It's gonna be a big year.
Sign Up for DEF CON 25 CTF Quals!
Attention CTF enthusiasts everywhere: Registration is open for the DEF CON 25 CTF competition! Please report to the web establishment of our friends and trusted associates at the Legitimate Business Syndicate for further instruction.
You can't win if you don't play, and you can't play if you don't register. Let DO THIS, shall we?
Social Engineer Village SECTF Applications Open!
Can you talk a skinny dog off a meat truck? Do 419 scammers get off the phone owing you money? If you've got the steely nerve and Social Engineering skill to play in the big leagues, you should know that the SECTF is accepting applications for DEF CON 25. Get in the ring and show off your superpowers!
DEF CON 25 Secret Stash: March Edition
This month's profoundly rad design is here to hacker up your spring wardrobe! Dozens of DEF CON and hacker culture references packed together in the inimitable style of our own Mar Williams. Can you identify them all?
Limited edition, only available in the Secret Stash, so get yourself fresh while you can!
We're Working on Great Things for DC25!
One of the fun perks of staying in the host hotel at DEF CON is access to live, streaming talk content from the comfort of your room. DEF CON TV can really come in handy when a talk is over capacity, or when you need a little breather from the Vegas of it all.
This year, we’re hoping to expand the offering of DEF CON TV beyond the main venue. If you're staying in any of the partner hotels, you’ll not only get our D.C. Group rate, but you get DCTV as well! Huzzah! We’ll keep you informed via social media and the DEF CON 25 website when we have the green light.
Our block rate is sold out at Caesars, but you can still grab it at
We suggest you book promptly to ensure the preferred pricing - these will fill up quickly.
DEF CON 25 CTF Qualifying event, 0OPS CTF this Weekend!
The next stop on the road to DEF CON 25 CTF glory is this weekend's 0OPS CTF. It's a wide open, jeopardy-style event you can learn about at https://ctf.0ops.net. Everybody gets an exciting sleepless weekend of network combat, but the winner gets a spot at the Big Show at DC25. Spring has sprung and the procrastinator's window is slowly closing. Gather your stoutest warriors and get your name in the arena, or forever wish you had tested yourself against the best.
Details and the full quals schedule are at legitbs.net.
DEF CON 25 Call for Entertainers is Now Live!
Are you an entertainer? A singer of songs, a shredder of licks, a spinner of beats? Have you the skills to keep the sweaty masses in a rumpus till the breaking of dawn? If so, DEF CON has urgent need of your talents.
The DEF CON 25 Call for Entertainers is now live. Fill out the form, prove you have the goods, rock faces off at DEF CON's 25th Anniversary shindig. It's that simple. You've got til June 1 to get our attention.
DEF CON 25 Call for Papers Reminder!
Pro Tip: if you want to give your CFP submission its best chance, don't wait for the last minute! Get it in early so that reviewers have a chance to give you feedback. If you have a good idea that needs some refinement, we're happy to help you get it right.
DEF CON 25 BioHacking Village CFP is Open!
This CFP announce is for lifehackers; not the ones who have a really good todo list app, but the ones who hack life. The DEF CON 25 Biohacking Village is looking for your presentation ideas. Grinders, transhumanists and DIY biotech geeks of every description are encouraged to apply.
The Biohacking Village theme for 2017 is Medical Industry Disrupt, so special consideration goes to pitches that aim to revolutionize the practice of medicine. You have until May 28th to get your submissions in. We're looking forward to seeing what you're up to.
For all the details, go to defconbiohackingvillage.com
DEF CON 25 Site is Now Live!
It’s happening, luminous humans of DEF CON. The hour of our reunion draws closer. All the signs say so. The seasons change, the CFPs begin to sprout, and this year’s DEF CON website goes live.
That’s right - the DEF CON 25 website lives! Burn its address into your heart, your mind, and your browser of choice. As the conference approaches, we’ll fill the site with all the info you need to maximize your DEF CON preparations. Get amped, people. DEF CON’s 25th Anniversary is closer than ever.
Call for Reviewers Closing Soon
Your response to our call for reviewers was much bigger than we expected, so we’re closing it down Monday. Thanks to everyone who offered to help - we’ll be getting in touch with those who’ve been selected. We’ll keep the applications we received on file, and we’ll open this call back up before DEF CON 26.
If you’re still looking for volunteer reviewer opportunities, we encourage you to get in touch with the villages - most of them also field a large number of proposals that might be a perfect match to your expertise.
Thanks to the DEF CON community for always responding to our requests with so much love and enthusiasm. You rule.
Call for Contests, Events, Villages, & Parties is now Open!
DEF CON 25 approaches. It more than approaches. DEF CON 25 looms. It hovers just beyond the near horizon, waiting to be awesome.
One key element of this awesome is all the superfun hackertainment we deliver in the form of Contests, Events, Villages and Parties. And the key element to pulling that together is YOU. All of that fun is 100% community-driven.
Every year we ask the DEF CON community for their best ideas for CON amusements, and we make the best ideas happen. This year, our 25th Anniversary year, we're hoping you're ready to respond and really step things up. Dig deep. Dream big. Seize this moment.
Everything you need to know to put your proposal together is on our CEV page. Go there, get amped, and submit your killer idea.
Let's get epic, people.
Reminder: DEF CON CFP Review Board AMA on Reddit Tonight!
Friendly reminder: If you've got any questions about the process of becoming a DEF CON speaker, don't miss the AMA today! Get yourself over to /r/defcon at 6pm PST today and get 'em answered by the DEF CON 25 CFP Review Board.
Get tips on what they're looking for, help with how to present your proposal and general encouragement to bring your ideas to the DEF CON community. Be there.
Next Quals Event for DEF CON 25 CTF Coming Up!
If you're a packet ninja on a quest for CTF immortality at DEF CON 25, you need to keep your eyes on the qualification schedule. No quals, no glory.
The next qualifying event is the online Jeopardy-style Bostonkey.party, happening this very week (Feb 25-27)! You can find info about this and all the remaining events in the schedule at legitbs.net, the online home of the shadowy masterminds hosting this year's CTF.
We're expecting big things from you.
DEF CON CFP Review Board AMA on Reddit next Week!
The DEF CON 25 CFP Review Board will be hosting an AMA Wednesday, Feb 22 at 6pm PST. Bring your questions and get yourself up to speed. Meet the team that does the selecting, and learn tips that will give you an edge in getting your talk accepted.
Join us in /r/defcon next Wednesday!
Specialized Reviewers wanted
for DEF CON 25 CFP!
We're seeking specialized CFP Reviewers to join our DEF CON 25 CFP board this year. We have a fairly well rounded board, but we could use a few more to the team. Specifically, we'd like those more specialized in: Cryptography, Malware, Post-exploitation, Reverse Engineering, and Forensics. So if you can open a can of whoop ass with those skills, please apply.
All you have to do is write a cover letter telling us how you've been involved in the DEF CON community, what skills you can bring to the table, and where to find your resume. Please be aware being on the review board is a hard volunteer job. To review you need to spend hours reading submissions and providing feedback. There will be hundreds of emails, so you have to be committed. The reward, however, is having a hand in making DEF CON 25 amazing and the eternal gratitude of hackers all over the world. Which is nice.
Send your entries to firstname.lastname@example.org if you want in.
DEF CON Jackets on Sale!
Pro Tip: DEF CON's eBay store has a 50 dollar price drop on some very stylish waterproof soft-shell jackets! Now there's no excuse for spending one more day in the same boring, skull-free outerwear. Fight the elements and crush the mid-winter blahs with style. Check 'em out !
Jeff Moss Named Commissoner on GSCSC!
We're excited to announce that our founder, Jeff Moss, has been named a Commissioner of the brand new Global Commission on the Stability of Cyberspace! The Commission, which will debut at the Munich Security Conference, aims to safeguard the peaceful use of the Internet as volatility and threats from state-level conflict increase.
Jeff joins a team of security and policy luminaries Chaired by Marina Kaljurand, former Foreign Minister of Estonia. The Co-Chairs are former US Secretary of Homeland Security Michael Chertoff and former Deputy National Security Adviser of India Latha Reddy. You can learn more about the GCSC and its mission at cyberstability.org
DEF CON 25 Call for Papers and Call For Workshops are Open!
Luminous humans of the DEF CON community, we interrupt your slow news week to bring you this urgent message:
We realize that's kind of two messages. The common thread is that the machinery of DEF CON 25 awakes from its fitful rest, and it hungers. It hungers for your talk submissions as well as your workshop ideas.
To expedite the annual feeding of this beast, we've created a CFP index page that includes all of the many ways you can submit your work for consideration.
The time is upon us, people. The deadlines will arrive faster than you think. Get your stuff together, whip it into shape and get it in. We are only going to turn 25 once, and we want you to be a part of it.
DEF CON Speaker In the News
In 2013, the FBI wanted access to Edward Snowden's encrypted email. Faced with a request for Lavabit's SSL key, founder Ladar Levison instead closed the service. Over 400,000 customers lost access to their accounts. Levison's hardline stance on customer privacy earned him praise from the security community.
Today the service is on the verge of relaunching. It's got brand new architecture, new features and soon, end-to-end encryption.
You can read Kim Zetter's interview with Levison on the Intercept.
For additional background , watch Levison and Stephen Watt discussing Lavabit at DEF CON 22.
DEF CON In the Media: Coded Web Series
The trailer for 'Coded', a new hacker-focused series from Freethink Media, has tons of shots from DEF CON 23. It also contains interview footage with Ladar Levison and Nico Sell. We've only seen the trailer, but It looks promising. Here's the promo blurb: "The data war is in full swing. Foreign governments are hacking major corporations, major corporations are collecting massive amounts of consumer data, and the NSA is listening to all of them. With malevolent hackers on one side and oppressive regimes on the other, data security is as important to the global economy and human rights as free speech and the rule of law. Join us as we profile a new generation of programmers helping consumers and companies alike protect their financial information, their identities, and their freedom."
DEF CON 25 January Secret Stash Reminder!
Gentle reminder: The Secret Stash is back with more DEF CON 25 boss-level swag! Both the tee and the sticker are custom, exclusive artwork available only from the Stash. Get your 2017 look together with a versatile tee - fresh for all situations, from the boardroom to your secret lair.
Caesars is Sold Out, But Options Abound!
The early birds have captured all of the on-site worms: Caesars Palace is sold out for DEF CON 25.
Be of good cheer, however. You can still get our discounted room rate at the following nearby properties:
DEF CON 25 is gonna be kind of a big deal, and we want you there. We suggest getting on that reservation post haste. The link for the DEF CON discount is https://resweb.passkey.com/go/SCDEF7 and the time for action is now.
Jennifer Granick receives Palmer Prize!
Congrats to @Granick!
Hacker lawyer extraordinaire, Director of Civil Liberties for the Stanford Center for Internet and Society and possible secret superhero Jennifer Granick just won the Palmer Prize! The prize, awarded for work that sheds light on the interplay of civil liberties and State security is for her upcoming book "American Spies: Modern Surveillance, Why You Should Care, and What to Do About It". We can't wait to read it.
Jennifer is also a frequent and popular speaker at DEF CON. To give those unfamiliar an idea why her work and ideas are so valued by the hacker community, take a look at her most recent DEF CON presentation. It's entitled "Slouching Towards Utopia; The State of the Internet Dream" from DEF CON 24.
As always, enjoy and pass it on.
DEF CON 25 CTF Quals Update!!
Attention all seekers of CTF glory - the qualification season is underway! The solid citizens of the Legitimate Business Syndicate have posted the information you need to get involved on their website at legitbs.net.
If you've got the goods, get in the arena. There's nothing between your squad and Capture the Flag supremacy but air, opportunity and the best players on Earth. Get you some.
DEF CON 24 SE Village Video Playlist!
Today's treat - a YouTube playlist chock full of SE goodness from the Social Engineering Village at DEF CON 24! All the presentations and a bonus live recording of the Social Engineering podcast. There is much to be learned here, so block off some time.
As always, take what you can use and pass it on. The best defense against the dark arts of SE is exposure and education.
DEF CON 25 Secret Stash for January!
The Secret Stash is back with more DEF CON 25 boss-level swag. Both the tee and the sticker are custom, exclusive artwork available only from the Stash. Get your 2017 look together with a versatile tee - fresh for all situations, from the boardroom to your secret lair.
DEF CON Groups in 2017!
Happy New Year, DEF CON community! Jayson Street, our DEF CON Groups Ambassador, has some year-end words for everybody from his tastefully appointed secret bunker.
Get amped, radiant humans of DEF CON. 2017 is our Silver Anniversary and big things are in the plan.
As always, if you're not in a DEF CON group, consider joining one. If you can't find one nearby, consider starting one! The infoz are all available at defcongroups.org.