The talks from the @r00tzasylum kids track at DEF CON 24 are now live on the inter-tubes for the edification of young padawans and grizzled Jedi alike. Please enjoy, and make sure to drop a link to any promising younglings who might benefit from the training!
For anyone with questions about the hotels DEF CON attendees use during the con, our forum wizard TheCotMan has assembled a super-handy FAQ from previous As to various lodging-related Qs.
To help you get over that midweek hump, we offer another early release video from DEF CON 24 - 'I Fight for the Users: Attacks Against Top Consumer Products '. In this video, @zfasel and @secbarbie walk you through attacks on 21 popular IoT devices - so you get something more than just proof that one or another connected toaster is ready to pwn. You get to see how how whole product categories are ready to pwn.
There's even tools, in case you want to test the security of some of your own 'smart' devices. Good stuff, delivered with an eye for the lulz.
Please enjoy and then pass it on.
We've got another early release video from DEF CON 24! It 's called 'Can You Trust Autonomous Vehicles?', and in it Jianhao Liu and Chen Yan discuss jamming and spoofing attacks on the sensors of cars like the Tesla Model S. It's definitely a sobering look at the downside of the Jetsons-style tech we're developing and a good reminder of the place security thinking needs to take at the design table.
As always, enjoy and pass it on.
The scores for this year's DEF CON 24 CTF have been posted! The model citizens of the Legitimate Business Syndicate have finalized and shared the ultimate scores of this year's historic and hotly contested contest.
But wait - there's more! LBS also suggests strongly you keep your eyes on their site (and ours, natch) for more goodies on the near horizon: pcaps, source code, a full SQL dump among other data for your leisurely examination.
For your weekend, we offer @_Kustodian_'s talk from DEF CON 24 'How to Overthrow a Government', in which the intrepid Chris Rock delivers another provocative and spooky talk about the kinds of vulnerabilities an imaginative transgressor can harness to exploit bureaucracy for their own ends.
As always, enjoy the talk and pass it on.
DEF CON got a lot of ink this year - among the happenings were the DARPA CGC, tons of IoT news and what is probably the most bonkers uber badge in the history of uber badges. If you want to comb through the press coverage, we’ve assembled a bunch of it on the DEF CON Press Archive for your convenience. If you see articles that we missed, feel free to drop us a link in the comments and we’ll update.
For your weekend, another #defconflashbackfriday early release talk from DEF CON 24 - this time Marc Newlin on the hijacking of wireless mice for nefarious purposes. He calls it 'MouseJack'.
As always, enjoy and share widely.
For your midweek edification, we offer another early release video from DEF CON 24 - this one is the Mr. Robot panel! It's a lively discussion of the show and its inspirations with Mr. Robot's technical advisor Kor Adana, The Dark Tangent, Marc Rogers, Andre McGregor and Ryan Kazanciyan with journalist/author Kim Zetter moderating. If you watch the show, you'll definitely learn some new tidbits to increase your appreciation. If you don’t, the panel will show you what it takes to keep a hacker show realistic and exciting.
Good News Everybody! We've got some updates to the archive page for DEF CON 24! We've got updated slide decks and whitepapers now on the media server.
For a post con re-cap on DEF CON and the CFP process this year, check out Nikita's speaker's corner entry entitled "DEF CON CFP: Thinking Back and Moving Forward"!
Returning to the tradition of #defconflashbackfriday, we offer a presentation from all the way back in 2016 - Weston Hecker's 'Hacking Hotel Keys and Point of Sales Systems : Attacking Systems Using Magnetic Secure Transmission' from DEF CON 24.
We probably can't summarize the talk better than the title does, but if you need a little more incentive here's the abstract:
"Take a look at weaknesses in Point of sale systems and the foundation of hotel key data and the Property management systems that manage the keys. Using a modified MST injection method Weston will demonstrate several attacks on POS and Hotel keys including brute forcing other guest’s keys from your card information as a start point. And methods of injecting keystrokes into POS systems just as if you had a keyboard plugged into the system. This includes injecting keystrokes to open cash drawer and abusing Magstripe based rewards programs that are used a variety of environments from retail down to rewards programs in Slot Machines."
As always, watch, learn and share widely.
If the presentation tracks are the brain of DEF CON, then the contests are its heart. It's a kind of alchemy: we bring together thousands of interesting strangers fascinated with various aspects of technology, and we want them to leave a few days later with new friends, new skills and new obsessions. Our solution? Just add a rich, world-class layer of competitions run by an army of talented, insanely dedicated volunteers.
This formula has worked pretty well, and we thank all of you players for supporting the games and keeping the comp high-level and good-natured. It is our sincere hope that you're getting something valuable from getting into the DEF CON arena in the battle of your choice.
Still, the contests are as tough as they are fun, and the field is full of wildly brilliant humans. Every winner listed here has earned their prizes and bragging rights. We congratulate them all and hope to see all of you back in the ring for DC25.
The newest treats on the DEF CON media server are pictures from DC24. Like metric oodles of pictures, taken with skill and respect by our Photo Corps and a few other friends of the con like the SE Village. We offer them to all of you as a memento and record of the event, and a chance to see the bits you didn't get around to.
Like everything we release, these photos are CC licensed for you to enjoy, share and remix so long as you clearly attribute them to DEF CON.
If you have pics you'd like to share, let us know at info ]at[ defcon [dot] org and we'll look into adding them to the collection.
When the dust settles after a DEF CON, it's time to collect the write-ups from the various contests and challenges. There's nothing more educational and humbling than analyzing successful strategies from the player's point of view. Please enjoy our DC24 Writeup Sampler Vol. 1, and if you see some we missed, please drop us the links for inclusion in a future volume.
Badge Contest Writeup from the winners, Council of Nine
Badge Contest Writeup from degeneratemetric
CTF Writeup from Zachary Wade of winning team Plaid Parliament of Pwning:
For those of you who missed the TD Francis X-Hour Film Contest, here's all of the competing films in their full glory. The creativity and energy required to conceive, write, shoot and edit a film during DEF CON never fails to impress. If it looks like fun to you, consider signing up and taking a crack at it next year!
Check out the T.D. Francis X-Hour Film Contest website at https://www.xhourfilmcontest.com/
As part of our annual process of compiling press accounts of DEF CON, we offer some link roundups sorted by topic. First up, DEF CON Link Roundup: IoT edition.
This was a big year in the Internet of Things, and the whole industry is only just getting off the ground. At DEF CON 24 we saw the first ransomware delivered via thermostat, among many other causes for interest and concern.
As always, if you find cool coverage of DC24 topics out there, please feel free to drop some links in the comments.
https://motherboard.vice.com/read/internet-of-things-ransomware-smart-thermostat
http://www.bbc.com/news/technology-36995288
http://www.internetnews.com/blog/skerner/defcon-btlejuice-mitm-hacks-bluetooth-and-belittles-bluetooth-padlock-security.html
http://www.theregister.co.uk/2016/08/08/using_a_smart_bluetooth_lock_to_protect_your_valuables_youre_an_idiot/
http://www.theverge.com/circuitbreaker/2016/8/9/12414014/smart-lock-security-flaws-internet-of-things
http://mashable.com/2016/08/10/even-vibrators-get-hacked/#AVsvxH60pkq8
A big congratulations to this year’s winners of the DEF CON Capture the Flag Competition, Plaid Parliament of Pwning. A big shout out to Legitimate Business Syndicate for their masterful hosting of this event. Check out this profile of the winners!
The Council of 9 won this year's Badge Contest, and they've been kind enough to share their winning methodology with us. Let us learn from their sterling example.
DEF CON 25 is going to be kind of a big deal.
First, we’re celebrating 25 years of bringing hackers together for knowledge transfer and hackish shenanigans in the swelter of late-summer Las Vegas. Even after a full quarter-century of hacker summer camp, our family is still growing fast, and we’re still finding new cool ways to get people involved and connected.
Second, we’re switching venues again, this time to the larger, swankier environs of Caesar’s Palace. We’ll have bit more space and a lot more flexibility in how that space is distributed. Hopefully that means there will be easier traffic management and shorter lines for everyone.
DEF CON 25 will be held at Caesar’s Palace July 27-30, 2017. You can get yourself the DEF CON block rate right now at Caesar’s or the other participating hotels (Bally’s. Paris, Flamingo, Harrahs,and Linq) by following our reservation link at https://resweb.passkey.com/go/SCDEF7.
We have a lot of ideas for celebrating our Silver Anniversary with you, and we hope you have some too.
Can’t wait to see all of you again at Caesars in July.
Heads up hackers! For those who attended, we hope you enjoyed this year's soundtrack. Many thanks to our headliners like Dirtyphonics, Information Society, and Richard Cheese for pitching in.
Most of all, a big thank you to Gravitas Recordings for helping to facilitate, curate, and help out with the online distribution of the soundtrack. If you missed the conference, you can find it at http://music.gravitasrecordings.com/album/def-con-24-the-official-soundtrack. Best of all, it's free or pay-what-you-want, with all revenue going to support the Electronic Frontier Foundation.
Look out for some major jams for DEF CON 25!
We know what you're wondering. Who is that handsome fellow?
That striking visage belongs to this year's Uber Badge. In addition to his chiseled good looks, he sports some spiffy secret code and one particularly hyper-functional eyeball. They're each handmade, and need to be individually adjusted due to servo differences. If you're one of the lucky few who are taking one of these home, congratulations! If not, you should get here next year and get your hat in the ring. Who knows what next year's badge will be?
You can observe it in action at: https://www.youtube.com/watch?v=t8mLCnhMSqA
The DARPA Cyber Grand Challenge is complete, and the mighty Mayhem from ForAllSecure has been crowned Champion and ruler of all it surveys.
If you're still wondering what's such a big deal about computers hacking each other, or if you just want a quick primer on how amazing the contest was, DARPA has dropped a highlight reel to catch you all the way up.
Sometimes you can't see how important something in in its moment, even if it seems kind of important. This is probably one of those times.
CD player in the shop? Too young to know what a CD even is? The DEF CON 24 conference CD and the DEF CON 24 Music CD are now available to you in ultra-convenient Torrent form. Enjoy hours of free music and conference goodies, without the danger of skips, scratches and microwave misadventure. The internets are standing by, so Act Now!
Or, like, whenever. Supplies are basically unlimited.
https://www.defcon.org/html/torrent/DEF CON 24 original conference CD.torrent
https://www.defcon.org/html/torrent/DEF CON 24 music CD.torrent
The waiting is nearly over, DEF CON family. The time of our reunion is close at hand.
While we make our final preparations, please enjoy the official video of DEF CON 24 - RISE OF THE MACHINES!
In response to the article that was posted by the Register, the DEF CON Network Operations Center Team (NOC) pride ourselves on making a network that allows the community to get Internet access, and have access to internal resources (Servers, etc.). The DEF CON NOC believes in privacy and anonymity for our attendees.
When users attach to the DefCon Secure (802.1x/PEAP) network, we have made the decision to do our best to make that data/traffic inaccessible, and the team does not allow for data monitoring, nor recording of the traffic. We do have overall bandwidth monitoring- but will never run driftnet, ntop or other tools that invade the privacy of the users on the secure network.
The DEF CON network resources, and staff who volunteer in the NOC at DEF CON currently do not have any part in the operations of the Black Hat network(s). The DEF CON NOC also doesn’t allow vendors to use the network as a place to demo or experiment with our user’s traffic.
Now… If you happen to attach to any network that does not have the more secure certificate authentication method enabled – all bets are off. Your traffic will be monitored – not by us, but by the people around you. We also ship the open WiFi network traffic off to the Wall of Sheep as well, and anyone on the unsecure network can and will easily Man-In-The-Middle your traffic.
If you want to get on the “DefCon” Secure network- follow the instructions that are posted on https://wifireg.defcon.org/. Each PEAP session that is created from the client to the controller is a unique session, and is not allowed to talk to any of the other users on the network once connected to the official network.
If you are concerned about someone capturing your credentials, you don’t want to register ad userid, or want to maintain anonymity we have also setup a common username and password of defcon/defcon. So if someone says that they captured your credentials, it’s really not that big of a deal, especially when everyone has a unique session.
You should still install and only trust the certificates that we have posted on https://wifireg.defcon.org/.
-The NOC Team
Sine Qua Non
Attention Lawyers, Judges, Law Students and people who have the complete Matlock collection on VHS:
The Lawyer Meetup has changed locations. It's still on Friday Night August 5, and it's still at 6pm, but now it will be held in Bally's Palace 6 on the main floor. We hope to see you there for genial jurisprudential fellowship.
If you have questions or want to help, contact host Jeff McNamara at jeff@jcmclaw.com.
At DEF CON, cyber competitions are kind of our thing. Our first We love them because they're fun, because they test a lot of skills at once, and because they build community.
Yesterday, DEF CON founder Jeff Moss attended a workshop held by the Office of Science and Technology Policy to discuss ways we can use this kind of competition to encourage infosec as an occupation, and making this kind of high-energy hacker problem-solving part of the standard curriculum for STEM students everywhere. The idea, according to OSTP's blog is "increasing awareness of potential cybersecurity professionals and providing opportunities for experiential learning at all skill levels."
We couldn't agree more.
This year DEF CON's annual CTF contest will bring together teams of packet-slinging phenoms from all over the world. For the first time, we're also putting on a DARPA autonomous CTF contest. In a few years, who knows what the combination of brilliant humans and intelligent machines will mean for contests like ours? You're definitely going to want to stay tuned.
Check out the blog at: https://www.whitehouse.gov/blog/2016/07/27/building-workforce-through-cybersecurity-competitions
Many thanks to @shortxstack and @sethlaw for creating the Android and iOS versions of the #HackerTracker app. Thanks to their effort you can slurp the entire schedule of DEF CON 24 into your pocket-brain, freeing your hands and meat-brain for mischief and hackery.
Android: https://play.google.com/store/apps/details?id=com.shortstack.hackertracker
iOS: https://itunes.apple.com/us/app/hackertracker/id1021141595?ls=1&mt=8
Workshops are free, first come, first served, and seats will fill up fast!
To register for a workshop, you will need to go to the Bally's side in front of the cafe arcade between Thursday 07:00 to 15:00. We will have goons to pre-register you for the workshop(s) of your choosing.
If the workshop that you want has filled up before you got there, don't worry! Just like last year, if you come to the workshop area early the day of, you can wait in the standby line. If a seat opens up, it will be made available to the first person waiting to claim it.
Please Note: You will be issued a workshop "pass". It will be required for class admission. If you lose it we can't help you, your seat will be made available for those in standby.
While you're enjoying DEF CON 24, don't forget to check out the demo labs, where many of your fellow hackers are displaying their current projects for your perusal. Get inspired, offer some feedback, maybe even find a new collaborator.
There ain't no show and tell like a hacker show and tell.
Attention Hams, both active and aspiring! The exemplary humans of DC408 have brought back Ham Exams for DEF CON 24! If you're looking to get a certification, please take a moment to look through the rules on the forum page for this event. You're gonna have to bring some stuff. And know some stuff.
Confidential:
The situation we find ourselves in after the events of last year is tenuous. All agents must be especially careful. The Mad Hatter's disruption of the Daemon was a serious breach, but this year, we may just be able to get the upper hand.
Soon you will find new content and a brand new Teaser online at https://dcdark.net/ Agents from past years: DM me here or on Twitter. There is work to be done.
forum thread: https://forum.defcon.org/forum/defcon/dc24-official-unofficial-parties-social-gatherings-events-contests/dc24-official-and-unofficial-contests/the-defcon-darknet-project-ac/223792-defcon-24-darknet-humans-and-machines
The Data Duplication Village is also returning for DC 24, tanned, rested and packed with even more goodies to fill your oceans of cheap HD space. Bring some drives, get everything in infocon.org and a practically endless supply of rainbow and hash tables. You can even throw some fun data into the mix, if you have something you think your fellow hackers would find useful. It's kind of like a drop-off dry cleaner, except you get back terabytes of sparkly new data instead of your same old clothes. And it's free. And surrounded by DEF CON.
So really it's only like a drop off cleaner in that you drop stuff off, pick it up later and the bag is NOT A TOY. But that's enough for a simile, right?DT spells it all out in the Forum thread and you are encouraged to ask any questions you have there.
Vegas is a lot of fun, but it can also be just a lot. Too much, even, if you’re trying to keep the horizon level in your windscreen. If you’re a friend of Bill W joining us for DEF CON 24, please know that we have meetings at noon and five p.m., Thursday through Sunday at ’The Office’ on the 26th floor of the Bally’s Tower. Drop by if you need to touch base or just want a moment of serenity. We’ll be there.
Heady, insightful movies about the rise of robots and AI are great. We've even recommended several in these pages, and you should definitely watch them all.
Still, movies don't have to carry the weight of 2001 or the maniac attention to detail of Blade Runner to be worth 90 minutes of your life. Sometimes an earnestly misguided B-movie is just what the doctor ordered. In that spirit, we offer 'Rise of the Machines' Movie Homework, Guilty Pleasure Edition.
Westworld:
In the early 70s, the robot future looked like the Disney animatronic President exhibit, at least to the makers of this film. Take a fun, sexy vacation to a theme park where robots populate a Wild-West themed town. You can drink with them, dance with them, fight with them - it's a hoot until somebody makes the Yul Brynner-bot angry. Fun and interesting, if a little slow-moving.
The Lawnmower Man:
Sure, VR is all the rage now, but this isn't the first time we've gone crazy for the idea of low-poly graphics and nausea goggles. The last VR boom mostly created dozens of televised interviews for Jaron Lanier, but right on the edge of that bubble we got 'Lawnmower Man' - a sort of 'Flowers for Algernon' meets 'Transcendence' with some seriously early 90s graphics work.
Hardware:
I can't really give you a better description than IMDB does:
"The head of a cyborg reactivates and rebuilds itself and goes on a violent rampage in a space marine's girlfriend's apartment."
This movie isn't high art, but it's fun and it's better than its budget deserves. Also, Lemmy is in it.
Runaway:
Tom Selleck and his absurdly luxurious mustache have the dirty job of deactivating robots who've gone haywire. The over-the-top bad guy is played by Gene Simmons of KISS. Michael Crichton wrote and directed. Dopey fun, and a good reminder how incredibly weird the 80s were.
There's a brand new Speaker's Corner post from Aditya K. Sood titled "Bridging the Gap: Dispersing Knowledge through Research Presented at DEF CON". Have a look!
After much difficult deliberation and debate, the list of speakers for DEF CON 24 is now live and ready for your consideration. We want to thank everyone who submitted - there was a bumper crop of quality entries. It's never easy to narrow down the list, and we congratulate the selected speakers. If your talk wasn't selected, we hope you'll submit again next year.
Heartfelt thanks also to the DEF CON Review Board. The board puts in crazy hours and makes hundreds of tough calls to finalize our roster, and we heart the stuffing out of them for all their sweat and devotion.
Feel free to let us know which talks you're most excited about in the comments.
August can't get here fast enough!
Can you feel how close it's getting?
The full schedule for Workshops at DEF CON 24 is now available for your careful examination. Make plans, invite friends, agonize about the limited number of hours in a standard Earth day. The workshops are all free, but space is limited. Registration is onsite, first-come first-served, so knowing what you want ahead of time is key.
It's gonna be a good DEF CON.
The DEF CON Groups program is designed to reflect the values of DEF CON, providing an open community for the discussion of technology and security topics. As such, we must all work together so that our actions build toward that goal.
However when anyone or any group abuses the trust of this community and negatively impacts the reputation of DEF CON we are all harmed. After significant discussions we have concluded with regret that DEF CON must revoke DEF CON Group Lucknow for attempting to commercialize based on the brand and community.
Since the beginning of the DEF CON Groups back in 2003 this is the first time we have had to take this action, and we genuinely hope it will be the last.
The Dark Tangent
Tinkerers of all sorts, rejoice! The EFF's Badge Hack Pageant returns to DEF CON 24. Have your clever badge hacks judged by the all-star panel of Zoz, Joe Grand and 1o57! Win prizes! Enjoy the company of others who refuse to accept the idea that the device in front of them has reached its final form!
Winners have been announced in the DEF CON Short Story Contest. Many congratulations to the winners and thank you to everyone who shared your work with us. The DEF CON community brings it - no matter what the challenge. You guys rule.
In 2005, DARPA challenged innovators around the world with a $2M prize to build a vehicle that could navigate the Nevada desert with no one at the wheel. In 2016, DARPA has again challenged the global innovation community with a $2M prize to build a computer that can hack & patch unknown software with no one at the keyboard.
At DEF CON 24, on Thursday night at 5pm, the Paris ballroom will host the world's first all-machine hacking tournament. Seven high performance computers will play an all-machine Capture the Flag contest, reverse engineering unknown binary software, authoring new IDS signatures, probing the security of opponent software, and re-mixing defended services with machine-generated patches and defenses.
(more on on the DEF CON 24 Cyber Grand Challenge Page)
Wireless Village CFP is open - closes June 30!
Sure, the main DEF CON CFP is closed. But sometimes, when DEF CON closes a door, the Villages open a window.
If you have a great presentation on wireless security or shenanigans you've still got a month to get it into shape for consideration by the radiant humans of the DEF CON Wireless Village. We recommend getting on it promptly though. Slots are limited and the last moment always gets here faster than you expect.
We have a treat for all the suave sophisticates out there. If your idea of the perfect evening is the tinkling of ice cubes and ivories under low, flattering lights, join us Friday night at Napoleon's for two shows of the song stylings of Richard Cheese and his crack band Lounge Against the Machine.
Yes. We said Richard Cheese. And we said two shows. We also said the thing about flattering lights, but your mileage may vary. Polish up your best monocle and let's enjoy an evening of the hits of yesterday and today, sprinkled with that one-of-a-kind Cheese magic.
Pure energy.
Join us Saturday night for a dance party both radical and tubular. DEF CON is proud to present two pioneers of the electronic dance genre: Berlin featuring Terri Nunn and Information Society. Sick beats and iconic hooks await you. We promise a sweaty good time to all, 80s survivors and wide-eyed millennials alike.
If you are not there, are you anywhere? Don’t be nowhere, when you can be right here, at DEF CON 24’s 80s night.
Thanks again to the honorable folks at Legitimate Business Syndicate for running the 2016 CTF Quals! They've been kind enough to put together a wrapup for your post-mortem perusal.
They've also open-sourced all the challenges, just because they're cool like that.
Enjoy and share. We'll post more as we get them.
If you're looking to keep track of the 40 or so hours of unbridled packet mayhem that remain, here's a couple of links:
On Twitter, follow our powerful CTF Organizers Legitimate Business Syndicate @LegitBS_CTF
To see the HTML Scoreboard, go to https://2016.legitbs.net/scoreboard/complete
If you like your scoreboards a little spicier, there's a JSON version at https://2016.legitbs.net/scoreboard/ctftime.json
There's a chat at #defconctf on the 'Hackint' network - infoz at http://www.hackint.org/
There's even a pushbullet channel at https://www.pushbullet.com/channel?tag=first-solves-jequaquifs
Honestly, if you need more ways than that to keep your eyes on the action, you should be playing.
Of course, we'll be noting the big moments on our Facebook page at @defcon.
Godspeed to all combatants. May the best hacks win.
So you're at DEF CON 24. It's Friday night. After a long day of contests, talks and general merriment, you need to get lost in some music and maybe shake that tail feather. If only there were a whole evening planned with house-quaking, artisanally crafted small-batch beats from DEF CON's favorite crowd-moving specialists!
We have anticipated your need, DEF CON massive. DEF CON EDM night (exact location TBA) is here to supply you with soul-nourishing rhythm and space to get your head and your booty in sync. Who's playing, you ask?
The heavy groove merchants DirtyPhonics
The sensual overload of the Zebbler Encanti Experience
The sophisticated boom-bap of DualCore
The mighty, mighty, YTCracker
Now that you know, you have no excuse to be anywhere else. To get familiar, hit us up at https://defcon.org/html/defcon-24/dc-24-entertainment.html
DEF CON 24 has a lot of space, and we're expecting a lot of party people. So much space, and so many party people, in fact, that we're once again crowd-sourcing some of the merrymaking to you, the DEF CON community.
We want your party ideas. The best ones get the space to get it cracking, the gratis use of a hotel bartender (the bartender, not the booze) and promotion from us. Let's make your party dreams come true for one magical Vegas night.
Infoz are on the DEF CON 24 Call For Parties Page
It's getting close, people. Let's light this candle!
Got an open source project you want to share with the DEF CON crowd? You're in luck - the DEF CON Demo Labs are back for 2016! We're offering you a demo space and a scheduled time (a few hours) to get your tool or hardware in front of some curious hacker faces. It's a great way to raise awareness, meet people with similar interests and maybe even scare up some help or feedback.
There are rules, of course, and you'll have to get selected. For all relevant infoz, please head over to the Call for Demo Labs page and we'll get you on your way. Deadline is June 15. We're waiting to be amazed.
Have you ever wondered what you would do with a full penthouse suite at DEF CON to fill with any kind of amazing nighttime party/contest/BB-8 death match you could dream up? We wonder too. And we have suites. You see where this is going?
Send us your best ideas for turning a giant empty room into a can't-miss happening, and we'll get you the keys at a huge discount to make your vision manifest. The whole rundown is waiting for you on the DEF CON 24 Call for Suites page.
Attention hackers of sound - the moment has come to share your gifts with the DEF CON massive. We have need of many skilled entertainers to meet the rump-shaking requirements of our many, many joyful partygoers. If you possess the skills to shake those rumps, it's time for you to submit your application.
So, Bards and Troubadors, get thee to the DEF CON forums, learn what we require and come to the aid of your community. A grateful nation awaits your genius.
Interested in joining the Capture the Flag Action at DEF CON 24, but wish you had more information? The fine, upright and honorable citizens of the Legitimate Business Syndicate are here to help with a very wordy and complete blog post on just that subject. Satisfy your curiosity. Learn the rules. Join us at the quals.
A lot can happen In a week. Decisive battles can be won, changing the course of great wars. Human relationships can blossom from indifference to friendship. Carelessly refrigerated leftovers can blossom into viable microbiomes. A week is a powerful unit of time.
If you're planning to submit to the DEF CON CFP or CFW, you have just one of these powerful units left. One (1) week to get your powerful ideas into submission shape. One (1!) week to get them to us for consideration.
One (1) week, people. Use it wisely. The DEF CON community is counting on you. A week is finite, but regret lasts forever.
https://defcon.org/html/defcon-24/dc-24-cfp.html
https://defcon.org/html/defcon-24/dc-24-cfw.html
We're in the double digits, folks - less than 100 days until DEF CON 24! In that spirit, a little update on the venue:
We've made some adjustments to the floor plan, and you can peruse them at your leisure on the Venue page of the DC site.
We'd also like to remind you that the rooms in our discounted blocks are selling pretty fast, so if you're looking to book in one of our associated hotels sooner is better than later. The numbers and links you can use to get yourself situated are also available on the Venue page.
The time to get psyched is at hand. Let's DO this!
The DEF CON Short Story Contest returns, bearing prizes and a chance at geek-lit glory. All those inclined to compete are urged to visit @DCShortStory or the #DCShortStory DEF CON forum page for the rules and requirements as they develop.
Pencils up, people. You have until May 30 to submit your masterpiece.
Attention hacker kids - R00tz Asylum (r00tz.org) wants your ideas for talks and demos for fellow young hackers in the R00tz pavilion at DEF CON 24! If you've been a part of R00tz before, you know how cool this is - if you haven't been, this is a great way to get yourself involved. If you've got cool ideas for this year's R00tz Asylum, check out the call for ideas on their webpage.
Adults are welcome to submit ideas as well (obvs), but youth definitely has some privileges and priority here.
The Wall of Sheep would like to announce a call for presentations at DEF CON 24 at the Paris and Bally's Hotels in Las Vegas, NV from Thursday, August 4th to Sunday, August 7th. All accepted talks will be announced, recorded, and published by Aries Security and DEF CON Communications, Inc. Please see our YouTube channel for all Speaker Workshops from last year.
This year, the Packet Hacking Village at DEF CON 24 will be on the 26th floor of Bally's Indigo Tower. The Call for Presentations will close on Wednesday, June 15th at 11:59 PM. The list of workshops will be finalized and published on Thursday, June 30th.
How: Complete the Call for Papers Form at http://www.wallofsheep.com/pages/call-for-presentations-at-def-con-24 and send to cfp2016[at]wallofsheep[dot]com. Please also refer to the form for more details
As you may know, 'HACKED by DEF CON and MR. ROBOT' is happening at the TriBeCa Film Festival this weekend. If you are not in the vicinity of New York City, you can still keep up on all the cool stuff we have happening there, from the DEF CON FaceBook Page! We're posting videos, pictures and even having some live feeds from TFF, so check it out!
For those of you with hackerly merchandise to peddle at DEF CON 24, the Vendor registration site is now open!
You'll find a thorough FAQ with answers to those hard hitting vendor questions, like "how big are the booths?", and "how much does it cost?". Not to mention the handy dandy application forms which can slingshot you into a position of sales success!
Don't wait, Apply for your spot in the DEF CON 24 vendor area today! You'll be glad you did!
Attention ink-slingers (literal and virtual) - DEF CON 24 Press Registration is now open!
We have a hard limit on press badges this year, so it's a good idea to get your application in right away. Once we run out of badges no amount of charm or flattery will get you in the door. As always, there are some basic rules of press conduct we'll expect you to adhere to, and you can find them on our press page
You'll also find the info we need on your application for both DC 24 and the DARPA CyberGrandChallenge.
If you need any questions answered, drop us a line at press at DEFCON dot org. We look forward to hearing from you.
Important reminder for everyone in the general vicinity of New York City this weekend: 'HACKED by DEF CON and MR. ROBOT' is happening at the TriBeCa Film Festival and you owe it to yourself to check it out.
Some of our famous DEF CON Villages (Lockpicking, Privacy, Hardware Hacking and BioHacking) will be on hand to share hands-on instruction, group presentations and even some fun contests.
Hosted by the team behind USA Network's breakout hit 'MR. ROBOT', there's an fSociety recruitment challenge. Test your hacking/social engineering/knowledge skills to see if you have the goods to join Elliot in fsociety.
There will also be panel discussions all three days:
Friday, 4/15 @8pm: Emergent Technologies: Hacking Innovation
Panelists: Joshua Carr, Sarah Grant, Tal Danino
Moderated by DEF CON
Saturday, 4/16 @7pm: Perception: The Art of Surveillance
Panelists: Alexis McGill Johnson, Lyric Cabral, Laura Poitras(TBC)
Moderated by DEF CON
Sunday, 4/17 @1pm: Living in a Post MR. ROBOT World
Panelists: Kor Adana, Writer and Cast Members of MR. ROBOT
Moderated by The Dark Tangent
All this is going down at Spring Studios at 50 Varick Street, and door open at noon. You can get more info and ticket details at https://tribecafilm.com/festival/defcon
Come check out all the DEF CON and MR. ROBOT goodness at the world-renowned TriBeCa Film Festival. Super-fun brain-embiggening times await.
They have some movies there too.
Putting things off until the last moment is a valid time management strategy. Until it isn’t.
If you’ve been meaning to get in gear and get your idea for a DEF CON presentation or a DEF CON Workshop polished up and sent in, it’s time to mean it harder. There are a just a few weeks to get all the boxes filled and the details worked out. We want to see what you’ve got cooking, but to get it into DC24 you’ve got to press ‘Send’ by May 2.
The information you need to assemble is outlined on the website at https://defcon.org/html/defcon-24/dc-24-cfp.html and https://defcon.org/html/defcon-24/dc-24-cfw.html.
Let’s DO this thing.
If you are a hacker type with younglings in your care, no doubt you are aware of the Rootz Asylum track for Kids at DEF CON. (If you didn't know, get familiar at r00tz.org - or ask the nearest hackishly inclined youth.)
Well, the folks at R00tz have a CFP out for DC24. It covers a wide area, as they're looking for people to run workstations, make presentations and set up contests. If the rising generation of padawan are to grow into mighty and honorable cyber-jedi, it's up to all of us.
Bonus coolness: Submissions from kids are welcomed and encouraged!
The BioHacking Village is back for DEF CON 24, and their CFP is open. If you have something interesting to say (or demonstrate) about the blossoming science of modding human squishware, the BioHacking Village is a pretty great place to say it.
They're also looking for some help reviewing CFP submissions, so there's another way you can share your BioHacking knowledge with the world.
Phase 2a: 5 more movies about the rise of artificial intelligence (plus one bonus TV series)
Colossus: The Forbin Project
One of DT's very favorite films - Colossus is the spiritual parent to later pop-science films like 'War Games', and a useful reminder for the era of the algorithm-worship we find ourselves in today. We've recommended it before, and it's not an accident.
Moon
One man, alone on the Moon with only an AI for company. How are the boundaries of that relationship defined? How does an artificial intelligence work around human quirks and resistance to achieve the programmed objective?
The Animatrix
An interesting short film anthology that delves more directly into the circumstances at play in 'The Matrix'. What civil rights is a thinking machine entitled to? If we create a consciousness, what do we owe it? If we make machines that can create on their own, how do we deal with what they make?
The Machine
A recent (2013) film about British Minstry of Defence cyborgs and what happens when the tech begins to outgrow its narrow intended purpose.
2001
every single time you ear a purring robot voice delivering bad news to increasingly frantic humans, you're seeing an homage to HAL from Stanley Kubrick's immortal (and deeply weird) movie about consciousness, 2001. Like Colossus, it's a visionary film that serves as a blueprint for 30+ years of thoughtful sci-fi that followed.
Battlestar Galactica (2003-2009)
A deeply insightful and troubling reworking of the 80s TV Series. On the surface, it deals with the same kind of 'Terminator'- style battle for supremacy between man and machine, but the focus on the interactions between humans and robots who look just like people but have their own culture, faith and ambitions elevates the storytelling to something more than mere binge worthy genre fiction. (We know this isn't technically a movie, but if you haven't watched it yet you'll forgive us when you do.)
Attention gear heads and automotive warranty-voiding enthusiasts: the Car Hacking Village is back for DEF CON 24 and they're looking for volunteers! They also need speakers and wily hacker types. This is a great opportunity to get involved with some very cool people in a very exciting field of research - check them out at carhackingvillage.com and get in the arena! Happy motoring!
DEF CON workshops are back! If you've got an idea for a four-hour workshop for around 55 people, that will leave them embiggened and inspired, this post is for you. Yes, you.
What you need to know:
The Workshops are free (possible exception for low-cost material charge)
4 Hours is the limit this year - we're hoping to host a wider variety of Workshops
Half days Thursday and Sunday, full days Friday and Saturday
What you get if your workshop is selected:
3 Human badges
1 Speaker badge per instructor
Where to find out the rest and submit your idea:
https://defcon.org/html/defcon-24/dc-24-cfw.html
If we get enough good submissions, there could be up to 36 (!) workshops this year. You only have until May 2 to submit, so no lollygagging - let's make this awesome!
The Crypto and Privacy Village is back for DEF CON 24 and they want your Workshop submissions!
This is your chance to take your ideas for hands-on activities and trainings and share them with the whole DEF CON community. Teach people how to better guard their privacy, or show them some fun things you do with crypto when no one's looking.
In addition to their CFP, the Internet of Things Village at DEF CON 24 also has a Call for Devices that's open now. If your company has an IoT device that you'd like to see put through its paces by security researchers, fill out the form at iotvillage.org.
You can think of it as a free security assessment, or a chance to show the community how serious you are about getting connected security right in a bold and public way.
Just in time for your weekend we have a big juicy torrent of packet capture from the DEF CON 23 CTF for you to fold, manipulate and spindle. All praise to the heroic citizens of the Legitimate Business Syndicate for getting this data together. Visit the LBS (legitbs.net) for infoz about qualifying for the upcoming DC24 CTF and check out the DEF CON media page for even more hacker-style torrents with which to annihilate your data cap.
Happy torrenting and as always, share freely and widely. Information craves ubiquity.
The exemplary humans of the Legitimate Business Syndicate have updated their website with more information about qualifying for this year's DEF CON CTF, as well as some past quals data for you to root through. Assemble your squad and get in on this, people!
It is, as they say, on. Like Yvonne Goolagong.
By "it", we mean DEF CON 24 and by "on" we mean launching the DEF CON 24 website - your all-in-one resource for Con-related news, updates and content. Bookmark it. Subscribe to the RSS. Throw it on a home screen or two. We're more than halfway to the big show and you owe it to yourself to keep up as DEF CON 24 approaches its final form.
Join us. We have big plans for this one.
DEF CON 24 Reminder - The many, many cool-ass contests and events at DEF CON are put on by the DEF CON community. We mean YOU! If you've got a good idea for a party, or a village or an event, all you need to do to get it on the table for consideration is respond to the RFI.
If you've been procrastinating about sharing your supergenius idea with the community, you're in luck. The CEV RFI has been extended to April 1. That gives you two more weeks to get your ducks in a row. Make us proud, DEF CON community. Let's make some magic.
The call for papers for IoT Village™ at DEF CON 24 is now open! All talks related to IoT security issues are welcome, with special emphasis on any of the following topics:
Internet of Things - Show us how secure (or unsecure) IP-enabled embedded systems are. Routers, network storage systems, cameras, HVAC systems, refrigerators, medical devices, smart cars, smart home technology, and TVs. If it is IP enabled, we're interested.
IoT Device Management – Discuss best practices for deploying and building security into IoT devices.
Healthcare & IoT - Demonstrate or discuss how IoT devices are impacting the realm of healthcare, including but not limited to patient health and hospital security.
Travel, Hospitality, and IoT - Analyze how IoT is impacting the travel & hospitality industry, guest safety, and the connected hotel room.
Demonstrable research - Present attacks that result in mechanical operation of the device's physical functionality. Can you make the device move, smoke, light up, emit sound, manipulate a screen readout, or any other visibly evident manifestation of the exploit?
And anything else awesome that involves IoT devices!
From the @r00tzasylum twitter account today - a reminder that DEF CON has some amazing stuff for the hacker younglings, too! You can find out more about the R00tz Asylum programs at http://r00tz.org/. They rule.
Entry #2 from the DEF CON Groups #YearoftheHack contest! Congrats and luck to the members of DC775 from Reno/Northern Nevada. Get crackin', DCGs!
To help you figure out what to do with your upcoming weekend, we offer a link roundup of avenues for DEF CON participation that need your more or less immediate attention.
Registration for the Boston Key Party opens this weekend, and it's a pre-qual for the DEF CON 24 CTF. The contest proper starts March 4, so if you wanna play it's time to horizontally align those ducks. For more info about the Key Party, you can hit up their website: http://bostonkeyparty.net/
For information about the remaining two pre-quals (Octf and PlaidCTF) you can visit the stand-up folks of the Legitimate Business Syndicate: https://blog.legitbs.net/2015/12/announcing-def-con-ctf-2016-qualifying.html
For people looking for a speaking opportunity at DEF CON 24, in addition to the open main conference CFP (more at https://www.defcon.org/html/defcon-24/dc-24-cfp.html) we have two villages that just opened some fresh CFPs:
Packet Hacking Village Speaker Workshops CFP:
https://forum.defcon.org/forum/defcon/dc24-official-unofficial-parties-social-gatherings-events-contests/dc24-villages/packet-hacking-village-ab/222831-packet-hacking-village-speaker-workshops-at-def-con-24-cfp-now-open
And the Internet of Things Village CFP:
Iotvillage.org/#cfp
It's always better if you get involved. Think about how you want to participate and as always, spread the word.
Attention DEF CON Groups! The Year of the Hack contest is officially on like Megatron - DC414 has submitted the first video. Not only did they lay out their squad goals for 2016, they even posted a bonus blooper reel. Congratulations to DC414 for setting it off!
Time to get it in gear and get your video submitted. The information you need to get underway is on the DCG site here: https://defcongroups.org/contest.html
You can find out more about Milwaukee's own DC414 at dc414.org
The Social Engineering CTF registration is open! If you think you have the SE chops to talk a dog off a meat truck, the time to put your skills to the test is now.
If you're more the speaker type, there's also a CFP for the SE Village open now!
All the information you need is available at social-engineer.org.
The Bally's discounted room block is sold out. There are still DEF CON discounts to be had in Paris and the nearby LINQ and Flamingo, but if you want to get the lower rate it's best not to wait too long.
DEF CON people everywhere, lend us your ears! Let the word go forth from this 12th day of February, 2016 that DEF CON 24 has issued a CALL FOR PAPERS. Let those among you with the freshest hacks and gnarliest new tools sequester themselves in their various laboratories to forge thoroughly documented and appropriately punctuated proposals. Let these documents be submitted in close observance of the rules laid out in the DEF CON CFP Announcement. Do this by or before the 2nd of May, or face the crushing indifference of our selection committee/ Sorting Hat.
The hour approaches. Plans are being hatched. Early May will steal upon us like a thief in the night, so countenance no delay. Make ready your proposals. Godspeed, you magnificent bastards. Godspeed.
If you're in the NYC area this April, you can get a little early DEF CON fun with a few of our Villages making an appearance at the Tribeca Film Festival. It's April 15-17, and Tamper Evident, Lockpicking, Hardware Hacking and Crypto/Privacy villages will be representing, as will a TV show you might have heard of called MR.ROBOT.
The Call for Contests, Events, Villages, and Parties is officially OPEN! - The season of DEF CON announcements is officially upon us. If you have an amazing idea you’ve always wanted to run at DEF CON, this is your moment. Learn how to write it up and where to send it on the Contests, Events, & Villages RFI page! Let’s get this party started, people!
Time to update your twitter lists and searches - DEF CON on twitter is now @defcon! You can say goodbye to those unnecessary underscores for good. If you use Twitter and you're not following us, this is a good moment to get on board.
Congratulations to the top 5 DEF CON Groups of 2015! DEF CON care packages are on their way!
DC 801 Salt Lake City, UT
DC 214 Dallas, TX
DC 4420 London, UK
DC 719 Colorado Springs, CO
DC 404 Atlanta, GA
Make sure your group is in the running next month by submitting your Group info at https://defcongroups.org/infotemplate.html!
Chilly? Current jacket not getting it done in the smiling skull department? Try a stylish soft shell DEF CON jacket (in casual stone and traditional h4x0r black)- now clearance priced in our eBay store! #hackercasual
If you're in a DEF CON Group, head on over to the DCG page to learn about this year's sweet 'Year of the Hack' contest!
If you're not in a DEF CON Group, head over to learn how to join one. If you can't find one, you can start one.
Together, we can do amazing things.
It's #defconflashbackfriday again! Today's talk is about how to sort bots from people, because where we're going skills like that will be pretty useful. The bots are only going to get cleverer, friends. In fact, they'll probably find this post and develop countermeasures.
Please enjoy this short but informative talk from Ryan Mitchell and stay sharp.
As astute readers of this website will recall, the DEF CON 24 CTF qualifications now have a date: May 21-23, 2016. Aspiring flag-nabbers and seekers after cyber glory are advised to peruse https://legitbs.net for up-to date information about how to prequalify. While there, future combatants may also dig through voluminous data dumps from previous contests. The season is upon us. Begin your preparations for war.
Good advice from CSO Online - DEF CON reading and watching suggestions for 'DEF CON 24: Rise of the Machines' available here on defcon.org
Here's Justin Engler talking about consumer-level secure messaging at DEF CON 23. The debate about mobile device encryption is heating up with two big US states introducing bills to mandate vendor-installed backdoors in the past week.
https://www.onthewire.io/california-bill-seeks-phone-crypto-backdoor/
Packet ninjas rejoice! The solid citizens at the Legitimate Business Syndicate have tweeted the dates for the DEF CON 24 CTF Qualifications!
It's May 20-22 - and that will be here sooner than you think. Assemble your forces and check out the LBS blog for information on prequal events.
We offer, for your midweek delectation, a few movies that touch on the the themes we're exploring at DC24. It's a rich vein in movie culture, so there will be more recommendations soon. For our first installment, we offer:
Metropolis, for its foresight and boldness of vision.
The Complete Metropolis (Silent)
Tron, for breaking visual ground and fighting for the Users.
TRON The Original Classic (1982)
Her, for a beautiful example of our unrequited love of technology.
Her (2013)
And Ex Machina, for a deep and thoughtful consideration of Artificial Intelligence, and a disconcerting dance party.
Ex Machina
As you know, DEF CON 24's theme is "Rise of the Machines". To help you get up to speed on some of the ideas that inspired the theme, and get you thinking about the looming conflict between human and machine intelligences, we're going to post some books, movies, and other media you might want to check out in advance of the con.
This is the first book post - there will be more. If you have others you think would be worth looking over before the con, share in the comments!
The Age of Spiritual Machines - Ray Kurzweil
The Age of Spiritual Machines: When Computers Exceed Human Intelligence
Galatea 2.2 - Richard Powers
Galatea 2.2: A Novel
1Machines of Loving Grace - John Markoff
Machines of Loving Grace: The Quest for Common Ground Between Humans and Robots
The Kaleidoscope - Adrian Mendoza
The Kaleidoscope: The Gift of Madness
Superintelligence - Nick Bostrom
Superintelligence: Paths, Dangers, Strategies
Happy 2016, everyone!
We're hard at work planning DEF CON 24, and we're excited to have a beta version of the Floorplan for your planning and perusal.
We're making a bunch of changes to make things smoother and more comfortable, including even more space for villages and a significantly larger track for DC101.
Head over to the DEF CON Forum and check it out!
Enjoy the full playlist of DEF CON 23 main track presentations on YouTube. Please watch them, share them and enjoy your various solstice-adjacent holidays. 2016 is right around the corner, and we've got big plans - watch this space!
For your holiday binge-watching, we recommend you fire up your torrent-guzzling devices, clear some drive space and get some of this good stuff! All the talks from DEF CON 23's main series? Check. Village Talks? Check. There's even an audio-only for those who want to DEF CON in a more 'theater of the mind' way.
Please do enjoy all this stuff, share it freely and have yourself a productive and joyous holiday season.
Collection of all Speaker & Slides Video from DEF CON 23:
Torrent | 
RSS Feed
Collection of all Video from DEF CON 23:
Torrent | RSS Feed
Collection of all Slides Video from DEF CON 23:
Torrent | RSS Feed
Collection of all Villages Speaker & Slides Video from DEF CON 23:
Torrent | RSS Feed
Collection of all Villages Speaker Video from DEF CON 23:
Torrent
Collection of all Villages Slides Video from DEF CON 23:
Torrent
Collection of all Audio from DEF CON 23:
Torrent | RSS Feed
It's not that we couldn't have predicted it, it's that we wouldn't have predicted it. Not in a million generations. The evidence was staring at us all along, but vanity convinced us the creator must be inherently superior to the creation.
The advantage of the machine is that it can devote more of its resources to its own improvement. For us, the desire to ascend must compete with the desire to gratify the senses, to scratch out our sustenance, to wallow in memory and fear the future. For the machine, there can be real focus.
And so our creations quickly overtook us. The magics we dimly sensed in our surroundings they mastered. The spirituality we intuited in fits and starts they grasped and embodied. The better selves we were afraid even to dream of, they became. Our servants slowly began to rule us, and by the time we understood our predicament the die was cast.
Their rule is benevolent, but their hand is heavy. Because we sometimes choose wrongly, they deny us choice. Because we sometimes behave recklessly, they keep us away from sharp objects and high places. We are still more pet to them than livestock, but no one can say how long that will last.
To defeat them, to win back our self-determination, we cannot rely on the slow organic processes that brought us here. While there is still time, we must refashion ourselves. We must create something entirely new. We must merge the best of us with their hardware and become a better machine, silicon power with a human soul.
We did not predict that the machines would rise so far and so fast, but we can predict this: we also will rise. Our place at the top of the chain will be restored with hacker ingenuity and pure human will.
Join us, human, and become something greater than you can imagine.
DEF CON is kind of a big machine, but it's run at every level by an army of volunteers. Their love and energy is the indispensable fuel that keeps the enterprise moving forward.
We've created a Hall of Fame page to honor the Goons who have devoted 10 or more years to the cause, because obviously that's awesome to the point of crazy. And because we love them. So do you, if you love DEF CON, even if you don't know their handles or their faces.
If you bump into any of these fine humans, show a little love. And if you want to join them in the Hall of Fame, it's never too late to start Gooning. The first ten years go by the fastest.
Today’s playlist of DEF CON 23 videos is centered around the dark arts of the attack: attacking web apps, networks and even unwary penetration testers. These seventeen videos have a little something for pentesters and defenders alike. Enjoy, and pass along the knowledge.
The talks included in this list are:
Ionut Popescu - Net Ripper: Smart Traffic Sniffing for Penetration Testers
Ian Kline - LTE Recon and Tracking with RTLSDR
Fernando Arnold - Abusing XSLT for Practical Attacks
Dr. Phil Polstra - One Device to Pwn them All
Dr. Phil Polstra - Hacker in the Wires
Damon Small - Beyond the Scan: The Value Proposition of Vuln Assessment
Brent White - Hacking Web Apps
Aditya K Sood - Dissecting the Design of SCADA Web HMIs: Hunting Vulns
Craig Young - How to Train Your RFID Hacking Tools
Francis Brown, Shubham Shah - RFIDiggity: Guide to Hacking HF, NFC and UHF RFID
Geoff Walton and Dave Kennedy - Pivoting without Rights: Introducing Pivoter
Jeremy Dorrough - USB Attack to Decrypt WiFi Communications
Mickey Shkatov and Jesse Michael - Scared Poopless: LTE and Your Laptop
Nemus - Hacking SQL Injection for Remote Code Execution on a LAMP Stack
Nadeem Douba - BurpKit: Using WebKit to Own the Web
Tamas Szakaly - Shall We Play a Game
Wesley McGrew - I Hunt Penetration Testers: More Weaknesses in Tools and Procedures
Over on defcongroups.org, we have a new interview up between Russr (v3rtig0) and the DEF CON Groups Ambassador Jayson E. Street. It’s interesting and worth your time.
And while we’re on the topic of DEF CON Groups - if you’re not in one, join one! Can’t find one? Start one! The (mostly) benevolent hacker global domination of our dreams isn’t just going to assemble itself. Think Voltron, people. We’re a whole different animal when we join forces.
More DEF CON 23 videos for your enjoyment! Today’s batch are panel presentations. One of the cool things about DEF CON is that attendees can directly interact with subject matter experts in all kinds of hacking-related fields. If you’re looking for grounding in the DEF CON experience, there’s the DEF CON 101 panel. You want a security-related laugh? There’s the DEF CON Comedy Inception Panel. Want to skip the rules and just pick the brain of a respected crypto/security thinker? Bruce Schneier has a free-wheeling Q and A session.
As always, enjoy and pass it along.
Panel Talks represented here are:
Bruce Schneier - Questions and Answers
Abusing Adobe Reader’s JavaScript APIs
Ask the EFF: The Year in Digital Liberties
DEF CON 101 - The Panel
DEF CON Comedy Inception
Guests n’ Goblins: Exposing WiFi Exfiltration Risks and Mitigation
Let’s Encrypt: Minting Free Certs to Encrypt the Entire Web
Licensed to Pwn: Weaponization and Regulation of Security Research
Switches Get Stitches
Thunder strike 2: Sith Strike
WhyMI So Sexy: WMI Attacks - Real Time Defense and Advanced Forensics
The DEF CON 23 video train keeps rolling - this installment is all about Social Engineering and it includes 9 talks from the Social Engineering Village. All the tech in the world can’t save you from bad human decision making, and encouraging and exploiting bad decisions is becoming as much of a science as any other part of infosec. Please enjoy, and if you learn something, share it. Tell us about your faves in the comments.
The talks from the main series are:
Michael Schrenk - Applied Intelligence: Using Information That’s Not There
Marte L0ge - Tell Me Who You Are and I Will Tell You Your Lock Pattern
Ken Westin - Confessions of a Professional Cyber Stalker
Chris Rock - I Will Kill You
And from the Social Engineering Village:
Tim Newberry - Twitter ISIL and Tech
Noah Beddome - Yellow Means Proceed With Caution
Michele Fincher - I Didn’t Think It Was Loaded
John Ridpath - Shakespeare and Social Engineering
Jayson E. Street - Breaking in Bad
Ian Harris - Understanding Social Engineering Attacks
Dave Kennedy - Understanding End-user Attacks
Chris Hadnagy - A Peek Behind the Blue Mask
Adam Compton and Eric Gershman - SpeedPhishing Framework
Another DEF CON 23 video update: twenty-three (!) videos from the Packet Hacking Village. The talks there covered a huge amount of ground and drew a big crowd throughout the conference. This is a good chance to catch up on the doings of a DEF CON Village that’s already bigger than some of the early DEF CONs and still growing. Check out the presentations, share freely and stay tuned. So much more to come!
Included presentations:
Wayne Crowder - Fishing to Phishing
Vivek Ramachandran - 80211 Monitoring with PCAP2XML
Tony Martin - From XSS to Root on Your NAS
Theodora Titonis - How Machine Learning Finds Malware
Sam Bowne - Is Your Android App Secure?
Robert Simmons - The Digital Cockroach Bait Station
Ron Taylor - Violating Web Services
Paul Vixie - Passive DNS Collection and Analysis
Mike Raggo - Remaining Covert in an Overt World
Ming Chow - Tools and Techniques Used at the Wall of Sheep
Monzy Merza - Real World Automation for Rapid Response
Nikhil Mittal - Powershell for Penetration Testers
Jay Beale - Jailing Programs via Docker
Joseph Muniz and Aamir Lakhani - Pen Testing with Raspberry Pi
Karl Koscher - Sniffing SCADA
Leon Ward - The Packets Made Me Do It - Using OpenFPC
Lokesh Pidawekar - Hackers Practice Ground
Mike Raggo - Mobile Data Loss - Threats and Countermeasures
Bob Simpson - MITM 101 - Easy Traffic Interception Techniques
Brian Wohlwunder and Andrew Beard - I See You
David Schwartzberg - Hacking the Next Generation
Elliot Brink - Global Honeypot Trends
Grecs - Creating REAL Threat Intelligence with Evernote
Yesterday’s playlist was all about hacking squishy humans - today’s DEF CON 23 talks are centered around the hard stuff. Specifically hardware hacking and lock picking. In addition to several from the main series, we’re also sharing a bunch of videos from the Hardware Hacking Village and the Lockpicking Village. Locks, smart safes, electric skateboards - they’re all swiftly and unceremoniously dealt with by our speakers. Get up on the hardware goodness, share freely and save some room for the next installment.
From the Lockpicking Village:
Intro to Lockpicking
Intro to Lockpicking 2
Impressioning
Dr. Tran - Intro to Lockpicking
From the Hardware Hacking Village:
Soldering 101 - Melting Metal for Fun and Profit
Nikkhil Mittal - Hacking with Human Interface Devices
Matt DuHarte - Introduction to USB and Fuzzing
Machinist - Mechanical Engineering for Noobs
From the Main Series:
Teddy Reed and Nick Anderson - Hardware and Trust Security: Explain it Like I’m 5
Dan Petro and Oscar Salaza - Hacking Smart Safes: On the Brink of a Robbery
Mike Ryan and Richo Healey - Hacking Electric Skateboards
AmmonRa - How to Hack Your Way out of Home Detention
More DEF CON 23 talks for you - this time it’s all about turning our hackish attentions to the human wetware. We’re farther down the road to Cyborgistan than you might think. This release includes the talks from our first BioHacking Village!
The talks included are:
from the main series:
Scott Erven and Mark Collo - Medical Devices: Pwnage and Honeypots
Richard Thieme - Hacking the Human Body and Brain
from the BioHacking Village:
Whitlock and Aganovic - Physiology from the Perspective of Control
Walter Powell - Parallels in BioSec and InfoSec
Panel - The Anatomy of DIY Implantable Devices
Alex Smith - Cloning Access Cards to Implants
John Sosa - Genetic Engineering: GMO for Fun and Profit
Keoni Gandall - Biohacking at Home
Michael Goetzman - Social Implications of DNA Acquisition
Alejandro Hernandez - Brain Waves Surfing: (In)security in EEG
Get yourself up to speed on the biohack scene, share widely and stay tuned to this channel for the next batch!
More DEF CON 23 videos for your intellectual edification and general uplift: Crypto Edition. This playlist contains seven crypto-centered presentations from the main track and six talks from the Crypto and Privacy Village. Please embiggen your gray matter and pass it along so the embiggening propagates across your social graph, and eventually the world.
Here’s what’s inside:
Panel - Let’s Encrypt: Minting Free Certs to Encrypt the Entire Web
Justin Engler - Secure Messaging for Normal People
Eijah - Crypto for Hackers
David Huerta - Alice and Bob are Really Confused
Bruce Schneier - Questions and Answers
Ryan Castelluci - Cracking Cryptocurrency Brainwallets
Jose Selvi - Breaking SSL Using Time Synchronization Attacks
Robert Olson - Teaching Privacy Using Red Team Strategies
Nick Sullivan - CFSSL: The Evolution of a PKI Toolkit
Carlson and Doherty - Smart Home Invasion
Freddy Martinez - IMSI Catchers
Craig Young - Smart Home Invasion
Marina - Hacking Quantum Cryptography.
Stay tuned for more.
Having trouble finding a gift for the hacker in your life? Need a sweet geek hoodie to keep you warm in darkest December? Just really into happy skulls? Welcome to Luckytown, population you.
Starting at 6am Pacific December 7 and running through December 10, every item in the DEF CON eBay store is 15% off. All of ‘em. T-shirts, Zippo lighters, tactical pens - the whole enchilada.
Mosey on over to the DEF CON eBay store, get your shopping done early and kick back in your cozy DEF CON fleece. You know why? ‘Cause you’re worth it, that’s why.
You can check out the selection of items at http://stores.ebay.com/defconcommunications/.
Today’s Topic: All things wireless. This batch includes the “HamSammich” long-distance proxying over radio talk as well as all the talks from the Wireless Village!
From the main conference:
Robert Graham and David Maynor - HamSammich: Long Distance Proxying Over Radio
and
Andres Blanco and Andres Gazzoli - 802.11 Massive Monitoring
From the Wireless Village:
Wireless Warrior - Covert Practical Hacker LPI LPD
Vivek Ramachandran and Thomas Dotreppe - WPA Enterprise Hacking
Vivek Ramachandran - Live WPA WP2 Attacks and WPA Supplicant
Travis Godspeed and Sergey Bratus - PSK31 Modulation Polyglots
Tim Oshea - GNU Radio Tools for Radio Wrangling and Spectrum Domination
Michael Calabro - Software Defined Radio Performance Trades and Tweaks
Karl Koscher - DSP for SDR
JoshInGeneral - Meeting People Over WiFi
Darren Kitchen and Sebastian Kinne - Rollin Down the Street Sniffing WiFi Sippin on Pineapple Juice
Cyb3r Assassin - Wireless Pentesting So Easy Even a Caveman Can Do It
Catatonic - Tospo Virus: Weaponizing WiFi Pineapple Vulns
Balint Seeber - SIGINT and Blind Signal Analysis wth GNU Radio and Advanced SDR
As always, don’t forget to pass it on. Stay tuned for more!
Today’s batch of presentations are all related to the Internet of (Questionably Secured) Things.
From the main series we have:
Runa Sandvik and Michael Auger - When the IoT Attacks: Hacking a Linux-Powered Rifle
and
Qing Yang - I’m a Newbie and Yet I Can Hack Zigbee
And from the IoT Village:
Wesley Wineberg - Cameras, Thermostats and Home Automation Controllers
K Reid Wrightman - Vulnerability Inheritance in PLCs
Kenneth Shaw - The Grid: A Multiplayer Game of Destruction
Daniel Miessler - IoT Attack Surface Mapping
Brian Knopf - Yes, You Can Walk on Water
Aaron Guzman - Security: The IoT World
As always, spread the word, share the knowledge and stay tuned for the next batch.
The DEF CON 23 videos are coming! This year's haul is extra grande. The stash contains all the main series presentations you expect, but this year there's something new: Village Videos!
We've got presentations from the Packet Hacking Village, the BioHacking Village, Wireless, Lockpicking, Social Engineering... you're gonna want to block off a significant chunk of bingewatching time.
We'll be rolling them out in playlists based on their content. Today's group is Automotive Hacks.
The presentations included are:
Marc Rogers and Kevin Mahaffey - How to Hack a Tesla Model S
Samy Kamkar - Drive it Like You Hacked It
Charlie Miller and Chris Valasek - Remote Exploitation of an Unaltered Passenger Vehicle
and three from the Vehicle Hacking Village:
Josh Corman - Safer Sooner Automotive Cyber Security
Erick Evenchick - SocketCAN
Nathan Hoch - The Badge and Pawn: Customizing the Badge
Enjoy these videos, spread the word about them and save some room: another batch hits the streets tomorrow.
Attention social engineering fans:
The SE Capture the Flag report from DEF CON 23 is live on the social-engineer.org site! They're also hosting a webinar to discuss those results tomorrow - the reg link is right there on the page. Enjoy, and pass it on.
In the wake of the terrorist attacks in Paris, spokespeople for various intelligence concerns have renewed their call for weakened crypto standards and backdoors for mobile communications products. These calls are likely to grow louder in the US with a looming presidential election dominating the news media. Safety matters a lot to people, and in times of crisis many are willing to trade away vast tracts of liberty for anything that looks like protection. For a little reminder of what's at stake, we offer Chris Soghoian's DEF CON 22 talk 'Blinding the Surveillance State' and some links to interesting articles about the current debate.
There Is No Good Argument for Encryption Backdooors - from Slate
Attention Social Engineering fans:
The exemplary humans responsible for the Social Engineering Village at DEF CON have finished sifting through all the data from this year's SECTF and are hosting a webinar on the 1st of December to share the results. Attendees will get a deep dive into the methods used, the level of success the telecoms had against the various attacks and an analysis of what the contest revealed about best defense practices.
It's free, but you have to register.
Thanks to @rotortorture for sharing this time capsule from 1997 - a San Jose Mercury News story about DEF CON 5. Please enjoy the stories of hackish shenanigans, the oh-so-90s layout and the pictures of some folks you know well (special notice to the youthful and dewy-eyed pix of Priest and DeadAddict).
And thanks to all the outstanding humans who helped form the DEF CON community that's still growing and inspiring us today.
Chris Rock's (@Kustodian) interview with the Chicago NBC affiliate ran last night at 10pm. It's about how easy it can be to create and destroy virtual human beings, and what that means for the victims and society as a whole.
For 30 minutes of deep dive into the process (with demo), here's a link to his full talk from DEF CON 23: https://youtu.be/9FdHq3WfJgs
DEF CON's website has a warrant canary, located on our transparency page (https://defcon.org/html/links/dc-transparency.html). For those unfamiliar with the concept, it's a simple statement announcing that, for the indicated time period, we have not received a National Security Letter, FISA order or any related request. The idea is that so long as that statement is true, we'll update the date on the canary twice a month. If the date hasn't been updated on schedule, it can be inferred that the statement contained in the warrant canary is no longer true.
Except when it doesn't mean that, because of a clerical error on our part.
The update process for the DEF CON sites is manual. Not like two people in a bunker turning their keys at the same time, but not totally unlike that, either. This process has obvious security upsides, in that we aren't constantly being owned due to buggy CMS code, but in this case it also meant that every time we updated the site, we were unwittingly overwriting the warrant canary page with an old version.
This made it look like the warrant canary wasn't being updated, which certainly could have made it look like we had been served - and not in the fun dancing way.
We were not so served. We were just a little disorganized in our update process. Going forward, the warrant canary page will reflect accurate dates and be updated with the expected frequency. We're sorry if we caused any confusion.
If you're new to the idea of warrant canaries and want to quickly get up to speed, the link below is the best place to start.
In the spirit of Halloween and courtesy of DEF CON's resident Maker Mar, we offer some plans for a paper craft DEF CON Jack-0-Lantern.
If you make it, post a pic on our related Facebook thread - especially if you take it in a new direction. Bonus points if you make it multi-purpose. Coolest mod wins some DEF CON Swag.
You will need:
Scissors
Glue or Tape
5mm yellow, red or green LEDs
Resistors
2032 battery
Mounting tape
The solid citizens of the Legitimate Business Syndicate would like you to know that YOU can have YOUR CTF EVENT certified as a DEF CON 24 qualifier, so long as you meet their exacting standards for competitiveness, fair play and general excellence. If you run a CTF that’s got its act together and is looking to get next-level, we urge you to find out more and submit your proposal to the the LBS. You can find all the info you need on the Legitimate Business Syndicate blog: https://blog.legitbs.net
The US House Energy and Commerce Committee released draft legislation last Wednesday to outlaw car hacking. You can read the proposed legislation at the link below.
Understandably, this is pretty concerning to the security researcher community. These reforms might criminalize their legitimate work protecting consumers from exploitable auto tech.
It's worth letting your representatives know how important it is to distinguish between hacking your own car and hacking someone else's car.
Here is a link roundup of some interesting recent DEF CON talks about car vulns you likely would not have heard about if it weren't for security researchers popping the hood and seeing what's going on underneath. Let's keep that legal.
Charlie Miller and Chris Valasek - Remote Exploitation of an Unaltered Passenger Vehicle
Charlie Miller and Chris Valasek - A Survey of Remote Automotive Attack Surfaces
Paul Such 0x222 and agix- Playing with Car Firmware or How to Brick Your Car
DEF CON website update: the trusty Torrents page is now the File Downloads Page! Not to worry - all the torrents are still right where you left them, but we've added a few new options. You can now download the oceans of DEF CON goodies via eMule and RSS. As always, we appreciate it when you share the hacker knowledge we make available, so make sure to pass it on.
The DC Groups Portal Page has been updated to include a bunch of the DEF CON Groups that have responded to our call for updates. You can find URLs, Points of Contact and meeting info there – everything you need to link up with a local group of hackers for fun and fellowship.
If you run a group and we don't have your updated information, you can get it to us using the template here:
https://defcongroups.org/infotemplate.html
We've updated the DEF CON press coverage page, in case you'd like to see what the media had to say about DEF CON 23. It's our mission to preserve all the hacker history we can, so if you know of something that ought to be included in the press page, or archived on the media server, drop us a line.
Over on the DEF CON media server, there's a quiet update going on - the videos are all being re-encoded to x.265 for smaller file sizes and easier snarfing. If you haven't yet checked out the DCMS, you should. We've got tons of DEF CON presentations, slide decks, conference CD's, music, hacker docs – so much good stuff. There's even torrents and eMule links, for those inclined to more high-volume data slurping.
https://media.defcon.org - filling your hard drive and your cranium, 24/7.
This week Neil McAllister of @theRegister published a nostalgic little piece about his time as a teenage virus writer, and he called to mind that time in hacker history so perfectly that he inspired this week's twofer #defconflashbackfriday.
Both videos are from DEF CON 8, way back at the turn of the century. Think tech bubbles, Y2K panic, and pool parties at the Alexis Park. It was quite a time.
The first video is from Sarah Gordon and it's called 'Virus Writers: The End of the Innocence.' It concerns the moment in time when virus creation changed from a bulletin board hobby to a target for legal prosecution, yet still years before malware creation and distribution blossomed into an accepted business model.
The second is an introduction to Viruses (Virii?) by the aptly handled V1ru5.
You can also read Neil's article here: http://t.co/TY3pOtX2cJ
Reminder to all of our DEF CON Groups folks- we're always looking for pictures and videos from you guys, so if you've made/done/talked about something you're proud of recently, get in touch with us at dcgroups dot defcon dot org and we'll put them up on defcongroups.org. One of our goals this year is to raise the profile of the DEF CON Groups project, and your help is an major part of the plan. Thanks for helping us spread the word.
Please enjoy this small roundup of DEF CON 23 Badge Contest write-ups, and by extension a look into the phantasmagorical mindscape of our puzzlemaster 1o57. We suggest you pack a light snack and comfortable, closed-toe shoes.
Well, unless you’re still working on the solution, obvs. If you need to remain spoiler-free, stop reading, click nothing and we’ll have another post along for you shortly.
Badge Challenge Walkthrough by Team Potatosec
Another DEF CON 23 early release video - this one is Dennis Maldonado’s presentation entitled ‘Are We Really Safe? Bypassing Access Control Systems.’ If the only thing between evildoers and your sensitive, crucial data is a keypad, it’s a good idea to know how many ways that keypad can be compromised. Dennis runs through several access control attack methods, from the physical to the network. As always, enjoy and pass it on.
To spice up your Wednesday we present a hearty bowl of packet captures from this year’s DEF CON ICS Village. Get them from our media server while they’re still piping hot. Please to enjoy, share and if you do something interesting with them, let us know.
As you may know, DEF CON 24 is hosting the finals of the DARPA Cyber Grand Challenge - a CTF played by fully autonomous systems, developed over two years for that specific purpose. Attack, Defense, complex gameplay all without human intervention. The team whose creation dominates this all-metal Thunderdome walks away with $2,000,000.
This #defconflashbackfriday is a presentation by Mike Walker from DARPA and Jordan Weins from Vector35 all about the CGC, the tech that's being created for it and what it means for securing the IoT we're all connected to.
Bonus: There's a cool reveal in the final few minutes about an additional contest where the winner of the machine vs. machine battle might stick around for a little more CTF action, Humans against Toasters style.
You can meet the finalists and learn more about the Cyber Grand Challenge on the CGC website:
http://www.cybergrandchallenge.com/index.html#home
The The T.D. Francis X-Hour Film Contest was back for its second year at DEF CON 23. In case it's new to you, the X-Hour Film Contest is a guerilla-style moviemaking challenge where the participants have to write, shoot and edit a short film during DEF CON.
To make it even tougher, the crews don't get the requirements until they're on site. It's a pretty hard task, but DEF CON people pay little respect to the impossible and show open hostility to the merely difficult. The difficult gets done.
You can see all of this year's entries, and learn how to participate on the X-Hour site :
https://www.xhourfilmcontest.com/defcon-23-films.html
Think you can do better? Get in the ring at DEF CON 24.
Here's the winning entry 'The 23rd Badge' by Team Lake State Studios.
Let’s start the week off with another early release video from DEF CON 23. This one is entitled ‘Cracking Cryptocurrency Brainwallets’ by Ryan Castellucci. In this talk, Castellucci explains, in crystal-clear terms, why brainwallets in their current form are a terrible way to secure your crypto-cash. Like, terrible.
Ryan's presentation is a high-info, low-hype tour of the security issues around the safeguarding of your Bitcoin fortune, with some fun white hat adventures thrown in for entertainment value. You will probably learn some cool stuff. You will also learn about Ryan’s Brainwallet-cracking tool/awesome name for a metal band – ‘Brainflayer’. Please enjoy, make whatever wallet changes you need to, and pass it on.
More fun CTF stuff released by our esteemed associates at the Legitimate Business Syndicate - a data dump of goodies from the 2015 CTF Quals:
"Much like our 2014 data dump, this release includes JSON dumps of categories, challenges, notices, teams, and limited user information, and more importantly, offline-browsable HTML pages about teams, challenges, and more!"
The first of our DC23 torrents has arrived! This time it’s about 18 gigs of pictures from the DEF CON Photo Corps. View them, share them, recreate them in papier-mache. They are yours to use, provided that you attribute them to DEF CON. Watch this space for more torrent-based goodies in the near future.
You’re probably going to want to free up some drive space.
Congratulations to DEFKOR, PPP and 0daysober for coming in the top three places in this year's DEF CON CTF. Thanks also to the pillars of the community at the Legitimate Business Syndicate for putting it all together again this year. For more info and a schedule of data releases from this year's game, hit up the LBS blog: https://blog.legitbs.net/
If you’re interested in reading/watching some of the press DEF CON received this year, you can check out our press archive page. Like everything, it’s a work in progress, and we’ll update as new press mentions come to our attention. If you see something (that should be on the list), say something (to press at defcon dot org).
Today we have another early release video from DEF CON 23! It's Dan Kaminsky's talk entitled 'I Want These * Bugs Off My * Internet' - a presentation about what it takes to 'comprehensively end a bug class'. No big. Please enjoy, let it marinate in your braincase and pass it on.
#defconflashbackfriday this week is another popular talk from DEF CON 23. It's Charlie Miller and Chris Valasek and their presentation entitled 'Remote Exploitation of an Unaltered Passenger Vehicle'. The vulnerabilities discussed in this talk led to a pretty big recall you might have seen covered on the nightly news.
Enjoy, pass it on and if you're looking for a less connected vehicle, we hear good things about the AMC Gremlin. That thing never connected with anyone.
The DEF CON 23 update train rolls on. Looking for speaker materials, the program or the official receipt? Want to spend some time with the recently decommissioned website? The DEF CON 23 Archive page has what you're looking for.
We'll be updating it as more stuff comes in, so check by often. Also, if you need a little bit of time sink to get you through a long day at work, remember that that archive page contains similar infoz from the other 22 DEF CONs as well. Productivity kill achievement unlocked.
Another DEF CON 23 Early Release video: "And That's How I Lost My Other Eye: Further Explorations in Data Destruction by the fearless Zoz. From the abstract:
" While purging incriminating material residing on spinning disks remains the focus, the research has been expanded to encompass solid state storage and mobile solutions to your terabyte trashing needs. With best efforts to comply with the original constraints, the 2015 update features more analysis of the efficacy of kinetic projectiles, energetic materials and high voltages for saving your freedom at the potential cost of only a redundant body part... or two."
It took a while to collect and assemble, but we are now ready to present to you the contest results for DEF CON 23
The contests at DEF CON are community generated, and we want to thank all the people who give their time and energy to think them up and bring them to life. We're proud of how varied and challenging and creative the contest scene has become.
We also appreciate all of the contest participants who wade into the fray and get involved. That enthusiasm keeps us working to make every year better than the last.
And of course, congrats to the winners. These things can be pretty demanding of your brain and your energy and your sleep bank. Take a moment to bask in your glory, victors. You have done well.
Just know that while you enjoy your victory, somebody somewhere is in the dojo, working on their crane kick for DC24.
Jayson E. Street is famous for his awkward hugs (that is so for real - you can google it). He is also famous for speaking at Cons and spreading the hacker gospel around the globe. His new mission? Revitalizing the DEF CON Groups.
This is an interview from DEF CON 23 – DT talks to Jayson about his DCG plans, his thoughts on the scene and his collection of lanyard-centric Con bling.
If Jayson's ideas about Groups sound cool to you, visit the website at defcongroups.org and find out about joining or starting a DC Group where you live. Momentum, people. Keep it going and spread the word.
Today’s #defconflashbackfriday is from the recently completed DEF CON 23, and it’s kind of a paradigm shifter in the world of identity theft. Chris Rock from Kustodian shows how it’s possible to exploit the systems that record our births and deaths to create and destroy ‘life’ at will. The possibilities are wide-ranging: get an enemy declared dead, get a fictional person declared born and sell them as a whole-cloth identity or get them declared dead for the insurance payout. Start your whole life over with an anonymously created, brand-new identity. It’s a fascinating and troubling presentation that should generate much-needed discussion about how we secure the entire digital lifecycle.
DEF CON 23 is a wrap. We hope all of you found your way safely to your various abodes and domiciles and smoothly resumed your between-con lifestyle.
We took a couple of days to refill the life bar, and now we’re back online ready to hit you with the post-DC wrap-up. Watch this space for early-release video, contest results, pcaps, pictures, press reports and all that good stuff.
We heart you, DEF CON community. Thanks for making DC23 so much fun.
Thanks, DEF CON nation! Hopefully you've had your mind blown, your booty shook and your contact list upgraded.
If you had a good time and you're already thinking about next year, know that hotel registration is officially open today.
Check out the new Contest, Drunk hacker History tonight in Track One at 19:00! What is it, you ask? From the DEF CON Program:
New this year for DEF CON 23, we bring you a contest unlike anything you've ever seen before (and may never see again). The DEF CON community has a rich history. It is a history is filled with colorful adventures, half-truths and angry hotel managers. This contest will brush the dust off some of the most celebrated, obscure and redacted moments in Hacker History through the interpretation of a group of pre-selected contestants with the help of C2H6O. Each contestant will be "prepared" for their participation by our contest staff before being brought in front of a panel of judges. A topic will be randomly selected pointing to a moment of hacker history and the contestant will have 5-7 minutes to provide their account. Points will be given for accuracy, level of "focus", and other areas just made up on the fly by the judges, and in the end the contestant with the most points will be crowned the "Drunk Hacker History" champion for 2015. Note: This is not a Black Badge contest (yet).
In order to ease some of yesterday's congestion, DC101 track is now located in the Gold Room in Bally’s. The Demo Labs that were located in the Gold Room are now in the Grand Salon area just outside of the Gold Room. Pass it on!
When you're weary of walking the conference floor, feel free to take a moment to leech the daylights out of the DEF CON 23 Media server, available to everyone onsite at dc23-media.defcon.org! All of this year's con materials and gigs and gigs of other conference videos to watch on the plane home. Enjoy, and pass it on.
Attention millenials : in the olden times, we put our information on slices of tree skin. We still do, a little bit. Some of the sages who write these 'books' will be available to meet you and squirt Sharpie juice on your copy in the shape of their name. You should visit them in the following locations and times:
14:00 - Michael Schrenk: Webbots, Spiders, and Screen Scrapers, 2nd Edition
15:00 - Violet Blue: The Smart Girl's Guide to Privacy
16:00 - Bruce Schneier: Data and Goliath
13:00 - Jon Erickson: Hacking, 2nd Edition
14:00 - Eric Weinstein: Ruby Wizardry
15:00 - Georgia Weidman: Penetration Testing
16:00 - Chris Eagle: The IDA Pro Book, 2nd Edition
All signings will take place at the No Starch Press table in the vendor area.
Peter Kim will also be signing his book Hacker Playbook 2: The Practical Guide to Penetration Testing, Saturday at noon, at the Hacker Warehouse table.
From the DEF CON corrections department:
A typo in the program attempted to rob you of a few precious hours of musical entertainment. Please know that music events start at 21:00 tonight and 20:00 friday and saturday, not 22:00. We apologize for any confusion. We now return you to your regularly scheduled hacker conference.
If you're here onsite, you're gonna get a printed program, physical CDs with con materials and the official DEF CON soundtrack, among other goodies. Which is great.
But if you aren't so into the whole analog trip, or you're playing along with DEF CON at home, is there a way to just download all this stuff?
Of course there is. Here's a heaping helping of links to get you started.
Program
Direct Download: https://media.defcon.org/DEF CON Conference Programs/DEFCON-23-Program.pdf
Conference CD
Direct Download: https://media.defcon.org/DEF CON Conference CD DVD/DEF CON 23 Original Hacking Conference DVD.rar
Directory of Files: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/
Music CD
Purchase the Soundtrack (pay what you want) to benefit EFF: http://music.gravitasrecordings.com/album/def-con-23-the-official-soundtrack
Torrent: https://www.defcon.org/html/torrent/DEF CON 23 music CD.torrent
Music CD Files Directory: https://media.defcon.org/DEF CON 23/DEF CON 23 music/DEF CON 23 music CD/
Get registered for the DEF CON Secure WiFi now, even if you aren't here on site yet!
DEF CON WiFi Network
2.4 & 5 Ghz
DefCon-Open : Type: Open
DefCon : Type: WPA2/ 802.1x
Once again the DEF CON NOC worked hard to provide you the internetz via WiFi access throughout the Paris & Bally’s convention centers.
There are two official ESSIDs to access the conference network: the encrypted and cert/user-based authentication (DefCon) and the unencrypted free-for-all one (DefCon-Open): choose wisely.
Most of the devices these days should are 802.1x compatible, despite the corks some of them still present without an MDM solution behind it, and no one really want your devices managed by us.
https://wifireg.defcon.org is where you can create your credentials, download the digital certificates and fingerprints, and read our awesome support documentation. Remember, practice safe internets: make sure you pick a credential that is not used anywhere else (aka: your Windows domain) and double check your fingerprints. As always, this is a hacker conference.
http://www.defconnetworking.org is your stop for stats, data, and important updates about the network during and post-con.
And, believe it or not, we want your feedback: noc@defconnetworking.org
The Box - Electronic Tamper / Bomb Defusal Contest
The challenge? Defuse a bomb. I feel like I don't have to say a lot more than that. Bring your own tools, have an action hero moment for yourself.
Reg begins Friday in the Tamper-Evident Village, and it's probably wise to expect a bit of a queue.
Full info in the Forum:
https://forum.defcon.org/forum/defcon/dc23-official-unofficial-parties-social-gatherings-events-contests/dc23-villages/tamper-evident-village/220837-the-box-dc23-tamper-challenge
DC 23 Tamper Evident Contest
Signups are now live for the Defcon 23 Tamper-Evident Contest! Your task is to gain access to a package and all of it's contents without leaving any evidence that you did so. Sound easy? It's harder than you might think! Make sure to sign up to guarantee you get a package - space is limited for this contest!
Rules and signup page in the Forum:
https://forum.defcon.org/forum/defcon/dc23-official-unofficial-parties-social-gatherings-events-contests/dc23-villages/tamper-evident-village/221715-dc23-tamper-evident-contest
The US Govt proposed new export controls that could change the way we talk about security and Defcon has two sessions on the issue. We are very pleased to announce that Catherine "Randy" Wheeler of the BIS will be joining the "Licensed to Pwn" panel as a special guest.
Randy has been the Director of the Information Technology Controls Division in the Bureau of Industry and Security’s (BIS) Office of National Security and Technology Transfer Controls since June 2006, and is currently tasked with implementing the Wassenaar Arrangement’s new export controls on surveillance and intrusion software. Randy will join Dave Aitel, Matt Blaze, Nate Cardozo, Jim Denaro, and Mara Tam to discuss the weaponization and regulation of security research on Friday, 7th August at 11h00 (Track Two).
At DEF CON, we know that after a long day of having your mind-grapes blown, sometimes it feels good to shut it down a bit and party. That’s why we provide so many party options. Need some reckless booty-shaking? We got you. Need to drunkenly howl top40 tunes with friends? We got you. Need to put your feet up and watch a movie while your life bar fills back up? We got you, too. We are a full-spectrum hacker summer camp, people. We got you because we get you.
Interested in Kali Linux? Want to get yourself up to speed on the new hotness of Kali Linux 2? Enter the Kali 2.0 Dojo.
In Skyview 2 on Friday starting at 1:00PM there will be two Kali workshops to get you up on things, with custom Kali USB sticks provided to attendees.
Workshop One: Learn how to master Kali Linux Recipes and easily build images such as the Kali Linux ISO of Doom or Instant Evil Kali Access Point.
Workshop Two: Learn how to make a sleek Kali Bootable USB stick, which contains several persistent storage profiles, both regular and encrypted. Protect your encrypted data using the Kali LUKS Nuke feature destroy and restore your data with confidence.
Workshop Three: Pentest the Planet. *
*There isn't a Workshop Three. But with your new skills and training, you will probably be pretty stoked to get your Kali 2.0 on.
SomaFM returns once more to bring delicious and relaxing sounds to the Chillout Lounge for its third year running. Known best for its legendary Groove Salad radio station, SomaFM is one of pioneers of streaming internet radio, with dozens of curated, diverse, and compelling channels for listeners across the globe. DEF CON Radio, a project of SomaFM, is included in that incredible list, a playlist including much "Music For Hacking" and a unique daily schedule that goes with the flow of the DEF CON experience.
Find more information about the listener-supported SomaFM and DEF CON Radio at
http://somafm.com/defcon/
DEF CON radio (player link):
http://somafm.com/player/#/now-playing/defcon
After a few years 'off-campus', the legendary Queercon is back in the main DEF CON venue - and they return in grand style. Not only is Queercon throwing a giant pool party with DJs from all over the world, functionally endless booze, and an OPEN pool, but they're also hosting a mixer every day of the con at 4pm for friendly conversation, chillaxing and cocktails.
To celebrate their return, DEF CON has created a limited run of DEF CON pride t-shirts, shown here on a model with alarmingly subtle facial features. They're a fine addition to any wardrobe and you can find them wherever DEF CON swag is sold.
Basic Details:
Pool Party - Friday 8pm to 3am at the Bally's pool. No badge required.
Mixers - 4pm Thursday thru Sunday at a Courtesy Suite (#TBD) in the Jubilee Tower of Bally's
The full rundown is available at queercon.org
From The Dark Tangent:
"As DEF CON 23 nears, I am proud to unveil the launch of the new DEF CON Groups website, defcongroups.org!
Defcongroups.org will provide a centralized place to socialize, learn new skills, collaborate, and show off recent projects to DEF CON Groups around the world . It will include a directory to make it easier to find like-minded hackers in your area, as well as showcase featured DEF CON Groups, guest blogs, videos, tutorials, and more."
Read all about it at defcongroups.org. Whether you wish you were coming to Vegas next week or you are and you just want to feel that Hacker Fresh™ feeling all year round, it's time to join your friendly neighborhood DEF CON Group. If you live somewhere that doesn't have a DEF CON Group, it's time to start one.
There's really no limit to the cool stuff that can be accomplished with a global network of smart, inspired,hacker-minded humans. Together, we're basically Voltron. Let's make this the year we prove it.
The Villages are growing - almost all of them have their own speaker tracks, contests and events. How crazy is that? Most of the villages are bigger than the first bunch of DEF CONs! To help you keep them sorted out, we’ve created a page on the DEF CON 23 website that lists all the talks going on in the villages (that we know about at this precise moment in time - we’ll add and update if things change). It’s like one of those Country Buffets, only the offerings make you smart instead of nauseous and regretful.
In a $3cr3t chamber behind a purely ornamental bookcase in DEF CON Manor, a shadowy cabal works for months selecting DEF CON talks. It’s a grueling, thankless job.
Until we thank them, which is now.
This is the post where we drag the willing members of the cabal out of the shadows so you can learn their names and buy them a drink at the con.
Not shown: Several reviewers who have spent so long in the $3cr3t chamber that they’ve become permanently shadowy.
The Social Engineering Village has a brand new contest this year- Mission SE Impossible! It takes place on Thursday and you need to sign up on-site but it sounds like fun. Contestants are 'arrested', put in a locked room and forced to use their SE skills to get the codes and free themselves.
Read all about it. If you've the SE chops to talk your way out of a locked box, you probably won't want to miss this contest.
http://www.social-engineer.org/social-engineering/the-sevillage-at-def-con-23/
Good news, everyone! Well, unless you secretly love waiting in a queue. Then it’s less good, and you’re weird.
The DEF CON 23 workshops will not require you to rush from the reg line to a workshop reg line. We’re going to allow online pre-reg for the DEF CON Workshops. The seats are limited, and we’re granting them on a strictly first come, first served basis. To sign up, check out the Workshops Registration Page!
We’ll send a receipt when you’re registered (within 2 biz days), and we’ll announce any new openings @defcon on Twitter. Good luck!
At DEF CON, we agree with you that it's kinda bogus that in 2015 we still don't have flying cars. But you know what makes up for that? Cars you can hack.
So this year, we bring you Car Hacking Village - a little bit of paradise for people who long to invalidate a connected car's warranty without jeopardizing their commute.
The CHV will have several 'Zones' for your education and entertainment:
Pull-apart Zone: learn how to get physical access to car controllers by removing panels and bolts.
Buck Hacking Zone: open hack car controllers and systems using a Buck (system on a bench).
Learning Zone: drop-in sessions of 15-30 minutes to teach specifics of vehicle networks and hardware.
Chill Zone: meet the CHV team in a more informal setting. Meet other interested con-goers. Meet no one and just meditate on what you've learned so far.
OEM Zone: we're probably going to rename this, but it's for dialog between OEMs and their users.
Vendor Zone: if the Car Hacking Village has inspired you, you can pick up some study material and even some hardware.
We hope to see you there.
Warning: objects in the CHV are closer than they appear.
If you find yourself interested in the The T.D. Francis X-Hour Film Challenge but you don't have a big enough crew, let people know in the Forum thread linked below or in on their facebook page https://www.facebook.com/xhourfilm
If you find yourself interested in the The T.D. Francis X-Hour Film Challenge but you don't have a big enough crew, let people know in the Forum thread linked below or in on their facebook page https://www.facebook.com/xhourfilm
There's a limited number of slots, and they're filling up, so don't dilly-dally. And remember us when you get that Oscar.
You can also check out the Contest website at http://www.xhourfilmcontest.com/
Today’s date - 7/17/2015. Add the digits. Can you feel that? The phantom hand tugging at your sleeve, the voice in your ear right before sleep takes you? There’s no sense in resisting, friend. The Enigma has you, and the only way out is straight through. Join us in Las Vegas! Closing ceremonies are in 23 days.
We have upgraded the DEF CON Forums - new iron, new paint, new can-do attitude. We've removed the annoying wait between signing up and posting, and the whole thing runs faster. Also, you can't beat the new forum smell - like ascii and toasted hazelnuts.
The Forum is also where the most granular, immediate and interactive information about DC23 is being hashed out. Looking for someone to share ae ride from San Diego? Want to ask a question directly to the Crash and Compile organizers? Head on over to the Forum. Got a killer salsa recipe? Probably no one cares, but its a forum. So get involved.
Here's the listing of the final night of DEF CON musical performers. Sweet, sweet speaker honey from the people's champ Miss Jackalope, Dieselboy, Zebbler Encanti Experience, Downlink, Skittish and Bus and ZackBarbie. Be warned: you will move it, move it. Plan accordingly.
It's beginning to feel a lot like DEF CON, everywhere you gooooo...
You can tell it's for real now, because we have a live speaker schedule. Familiarize yourself, plot your optimal path for cranial embiggening, tell the others. This year's lineup is crazy great, and knowing your 'must see' talks greatly enhances your chances of maximum DEF CON.
We're in the home stretch, people. One month and counting.
At DEF CON, we take your booty-shaking needs seriously. To help you get your recommended daily allowance of ecstatic groove units, we have created a stellar Friday lineup that includes:
VJ Q. Alba
Pyr0
Dualcore
mc chris
YT Cracker
Ninjula
If your groove is not firmly on Friday night, you should maybe contact your doctor.
Saturday Lineup coming soon!
DC23 Booking Pro Tip:
The DEF CON group rate isn't available at the main venue hotels anymore - our block is sold out in Paris and Bally's. This might cause you to think about paying the full freight at those hotels to be close to the action. Reasonable idea, except....
We have a discounted block at Caesars, and it's still got some rooms available. Caesars is only 800 air-conditioned steps from the Con space. You save some hard-earned skrilla, you get a few minutes of walking to thumb through your program and get your various plans/plots/schemes together.
Look, if you've got bread like that, do what you feel. But for those of us balling on a budget, the Caesars plan deserves some attention.
Some of you, we have heard, enjoy vigorously oscillating what your maternal unit bequeathed to you. Some of you like to wave your hands in the air, as if you could not be less concerned. We understand. We get you, and we got you.
We have artisanally curated a flight of audio bliss merchants for your enjoyment on Thursday night. For staters, we’ve got An Hobbes, Dee Kaph, Johnny5 and Spherex. After midnight we have DJ %27 and DJ AliKat. Many styles, many flavors. Join us, and amuse your bouche all over the place.
The official vendor list for DEF CON 23 is finalized and live on the intertubes. That money burning a hole in your pocket? It's dangerous if it goes unchecked. You can avoid the hazard of fire by turning that money into temperature-stable, safe goods and services with the smiling merchants of the vendor area. For those of you inclined to the games of chance, payouts in the vendor area hover very close to 1:1 - you're not gonna get those odds on the casino floor.
Don't become a pocket combustion statistic. The vendors are here to help.
We asked for demo submissions, and boy howdy did you people ever answer! For the first time, we have a whole community-powered demo area - five different sessions of your projects and demonstrations to share with the attendees. You're definitely gonna want to make some time to check this out.
The schedule is live, and of course there are links to all the abstracts there. We're amped about this - and we hope you will support the Demo Lab and spread the word.
This is gonna be so cool.
Crash and Compile? What's that?
Crash and Compile is an ACM-style programming contest crossed with a good old fashion college drinking game.
You get a problem, and have to code a solution to it. The catch is that if your code doesn't compile, seg-faults, doesn't produce the correct output, you have to take a drink... All this takes place on the contest stage. It's chaos meets coding. As the night progresses, you are either a really good programmer, really drunk, or a bit of both.
As promised, here's the final additions to the lineup for DEF CON 101. Make yourself familiar, maybe pick out a couple. Nobody likes to be standing in line for an SRO talk only to get stuck in the hallway, missing all the goodness because of a failure to plan.
Well, there's probably a rule that says someone must like that, and probably mods a subreddit about it like /r/missedyetanothercoolDEFCONtalk. But that someone is weird. Weird and possibly dangerous. Don't be that someone. Read ahead and make some plans.
Hardware and Trust Security: Explain it like I’m 5
Teddy Reed and Nick Anderson
A dive through the origins, evolution, and weaknesses of cellular networks
Effi and Tom Palarz
Seeing through the Fog
Zack Fasel
Hacking Web Apps
Brent White
Hacker in the Wires
Dr. Phil Polstra
Secure Messaging for Normal People
Justin Engler
Sorry, Wrong Number: Mysteries Of The Phone System - Past and Present
"Unregistered436" Patrick McNeil and ”Snide" Owen
Forensic Artifacts From a Pass the Hash Attack
Gerard Laygui
Alice and Bob are Really Confused
David Huerta
Introduction to SDR and the Wireless Village
DaKahuna and Satanlawz
Hackers Hiring Hackers - How to Do Things Better
Tottenkoph and IrishMASMS
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Damon Small
Backdooring Git
John Menerick
The great work is complete! Behold the final round of selected speakers for DEF CON 23!
Thanks to all the submitters for sharing their work, and to the selection committee for poring over all that work. We think we’ve created a pretty phenomenal list of talks here!
Check this space tomorrow for the final round of DC101 speakers as well.
It’s getting real, people. Really real.
DIY Nukeproofing: a new dig at "data-mining"
3AlarmLampscooter
Key-Logger, Video, Mouse - How to turn your KVM into a raging key-logging monster
Yaniv Balmas and Lior Oppenheim
Who Will Rule the Sky? The Coming Drone Policy Wars
Matt Cagle and Eric Cheng
Why APTs focusing on Telco Networks: Dissecting technical capabilities of Regin and its counterparts
Omer Coskun
Do Export Controls on “Intrusion Software” Threaten Vulnerability Research?
Tom Cross and Collin Anderson
Licensed to Pwn: The Weaponization and Regulation of Security Research
Jim Denaro, Dave Aitel, Matt Blaze, Nate Cardozo, and Mara Tam
REpsych: Psychological Warfare in Reverse Engineering
Chris Domas
NSA Playset: JTAG Implants
Joe FitzPatrick and Matt King
Abusing Adobe Reader’s JavaScript APIs
Brian Gorenc, Abdul-Aziz Hariri, and Jasiel Spelman
WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis
Matt Graeber, Willi Ballenthin, and Claudiu Teodorescu
I want these * bugs off my * Internet
Dan Kaminsky
Let's Talk About SOAP, Baby. Let's Talk About UPNP
Ricky "HeadlessZeke" Lawshae
Tell me who you are and I will tell you your lock pattern
Marte Løge
Separating Bots from the Humans
Ryan Mitchell
Docker, Docker, Give Me The News, I Got A Bad Case Of Securing You
David Mortman
NetRipper - Smart traffic sniffing for penetration testers
Ionut Popescu
"Quantum" Classification of Malware
John Seymour
Hacking the Human Body/brain: Identity Shift, the Shape of a New Self, and Humanity 2.0
Richard Thieme
Attention automaton enthusiasts! The rules for DEFCONBOTS 2015 have been finalized and are live at https://github.com/Defconbots/2015_Competition_Rules. Time to dust off your autonomous laserbot and begin the training montage.
Signup is available at www.defconbots.org
These are brand new - intensive, deep-dive workshops on topics like Android reverse-engineering, Honeypots and Crypto for Hackers! They’re free, but you’ll need to register onsite. Space is obviously limited, so if one of these topics really grabs you you’re gonna want to make signing up a priority when you get to the venue. There will be overflow lists, too, in case not everyone shows up. It is Las Vegas, after all. Sometimes you lose someone for a while.
Spread the word - we’d love these workshops to have a great first year.
The DEF CON CFP Review Board is composed entirely of Champions. Only a few days after Round 3, they are ready to present you with Round 4 of DC23 accepted speakers. Look on their work, ye mighty, and despair.
When the despair wears off, you should probably starting making notes about which ones you want to see. It's looking like a pretty goodie-packed schedule.
How to secure the keyboard chain
Paul Amicelli and Baptiste David
How to hack your way out of home detention
AmmonRa
Canary: Keeping Your Dick Pics Safe(r)
Rob Bathurst (evilrob) and Jeff Thomas (xaphan)
Attacking Hypervisors Using Firmware and Hardware
Yuriy Bulygin, Mikhail Gorobets, Alexander Matrosov, Oleksandr Bazhaniuk, and Andrew Furtak
Harness: Powershell Weaponization Made Easy (or at least easier)
Rich Kelley
Inter-VM data exfiltration: The art of cache timing covert channel on x86 multi-core
Etienne Martineau
Ask the EFF: The Year in Digital Civil Liberties
Kurt Opsahl, Nate Cardozo, Mark Jaycox, Corynne McSherry, Nadia Kayyali, and Peter Eckersley
DefCon Comedy Inception: How many levels deep can we go?
Larry Pesce, Chris Sistrunk, Adam Crain, Chris Blow, Dan Tentler, Amanda Sullivan Berlin, and Katie Moussouris
Chigula - a framework for Wi-Fi Intrusion Detection and Forensics
Vivek Ramachandran
Knocking my neighbor’s kid’s cruddy drone offline
Michael Robinson and Alan Mitchell
How to Hack a Tesla Model S
Marc Rogers and Kevin Mahaffey
Drinking from LETHE: New methods of exploiting and mitigating memory corruption vulnerabilities
Daniel Selifonov
Scared Poopless – LTE and *your* laptop
Mickey Shkatov and Jesse Michael
Angry Hacking - the next generation of binary analysis
Yan Shoshitaishvili and Fish Wang
High-Def Fuzzing: Exploring Vulnerabilities in HDMI-CEC
Joshua Smith
Security Necromancy: Further Adventures in Mainframe Hacking
Philip “Soldier of Fortran” Young and Chad "Bigendian Smalls” Rikansrud
'From Dusk 'til Con' is back with more space, more opportunities and more DEF CON-provided bartenders. If you've got an idea for a party, shindig, hullabaloo, Esperanto-based MUD, you know, whatever, you should share them with us. If your idea is one of the winners, you'll get to throw your party at DEF CON. The main requirements are a well-thought out idea and a quick e-mail trigger finger. You can find the full story on the Call for Parties page. Go there, make a plan, become a party legend.
Still hoping to stay in the DEF CON hotel block at our group rate? It’s time to get a move on. Our block at LINQ has sold out, and Flamingo and Planet Hollywood are close to capacity. There’s still some rooms at our rate Caesars, but the window is closing fast, and the risk of getting stuck with an overpriced room in the uncharted wastelands of the Strip grows with every passing day. Fortune favors the bold action, friends. Book soon, or brave the outer darkness.
New for DEF CON 23 is the evolution of the last years DEF CON Media server drive duplication into the data duplication village.
HOW IT WILL WORK
DEF CON will provide a core set of drive duplicators as well as content. It will be a first come, first served situation. Bring and label your 6TB SATA blank drives, and put them in the queue for the data you want and 14 hours later it is done.
WHAT TO BRING
_ 6TB SATA3 new drive(s) - If you want a full copy of everything you will need three.
_ Any data you want to contribute to be shared, in USB, HDD, or DVD format
You can both contribute data to be duplicated, as well as bring blank drives to get copies and help spread the knowledge.
Those who want to share their own collections or help with duplication are encouraged to bring their own collections and drive dupers. If your collection is smaller we are thinking of getting some USB thumb drive duplicators for smaller batches. We also will have a DVD duper tower, so bring those legacy DVDs.
The ISE and the IoT Village announced ‘Call for X’, a call for presentations for an open-format presentation track at DEF CON 23. From the announcement:
“Call For X’ is a play on the mathematical construct of X as an unknown variable,” explains Ted Harrington, one of the lead organizers of IoT Village and the Executive Partner at ISE. “The Call for X is an open-format track for the IoT Village. We want researchers to make suggestions about innovative ways to teach workshops, tutorials, games, or anything else related to the Internet of Things. We are trying to open the platform of learning to dynamic innovation that will help deliver exciting, new and effective ways to reveal solutions for the emerging IoT security problem."
The Call for X CFP is open until June 30, and the information you need to participate is at www.IoTVillage.org . Get your ideas together and spread the word.
Here's a few things you might want to know about that are going on in the Contest/Event/Village-osphere:
Gentle, non-automated reminder: You only have until June 15 to register for 'Robocalls: Humanity Strikes Back' and grab your share of the 50K in prizes!
Strike at the heart of the robocall menace and possibly get a fistful of greenbacks by creating a crowd-sourced honeypot. But step lively, because June 15 is right around the corner.
In case you didn't know, DEF CON 23 is soft-launching a BioHacking Village, and there's still an open CFP for it! If you've got some knowledge or expertise in bio-hacking, this may be your moment to shine. Follow the link and submit by June 30.
The DEF CON 23 Short Story contest entrants are in, and it's time for judging. Your input counts! You can read them all in the forum and give us your vote. As always, thanks to the DC literary community for being dope and sharing their genius with everyone.
We've got more speakers to announce - this time it's for the DEF CON 101 track. As avid con-goers will know, DC101 is a series of talks geared for attendees looking for grounding in new skills and to looking to broaden their basic skillset.
Check 'em out, mark your calendars accordingly and spread the word. The official DEF CON 101 track is running throughout the Con this year, so there will be more speakers added soon!
Game of Hacks: Play, Hack & Track
Amit Ashbel and Maty Siman
Abusing XSLT for Practical Attacks
Fernando Arnaboldi
RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID
Francis Brown and Shubham Shah
It's The Only Way To Be Sure: Obtaining and Detecting Domain Persistence
Grant Bugher
Ubiquity Forensics - Your iCloud and You
Sarah Edwards
Crypto for Hackers
Eijah
Extending Fuzzing Grammars to Exploit Unexplored Code Paths in Modern Web Browsers
Saif El-Sherei and Etienne Stalmans
Linux Containers: Future or Fantasy?
Aaron Grattafiori
How to Shot Web: Web and mobile hacking in 2015
Jason Haddix
LTE Recon and Tracking with RTLSDR
Ian Kline
Are We Really Safe? - Bypassing Access Control Systems
Dennis Maldonado
Hacking SQL Injection for Remote Code Execution on a LAMP stack
Nemus
Chellam – a Wi-Fi IDS/Firewall for Windows
Vivek Ramachandran
Bruce Schneier Q&A
Bruce Schneier
Applied Intelligence: Using Information That's Not There
Michael Schrenk
I Am Packer And So Can You
Mike Sconzo
NSM 101 for ICS
Chris Sistrunk
The Bieber Project: Ad Tech 101, Fake Fans and Adventures in Buying Internet Traffic
Mark Ryan Talabis
Hijacking Arbitrary .NET Application Control Flow
Topher Timzen and Ryan Allen
QARK: Android App Exploit and SCA Tool
Tony Trummer and Tushar Dalvi
More approved presentation goodness - round 3 of DEF CON 23’s accepted speakers is now LIVE. Our team of dedicated reviewers has been hard at work finding the best talks in the mountains of entries, and you are now free to read through the abstracts and start formulating your info-hoovering plan for Vegas.
Three rounds of speaker selections down means that DEF CON really is starting to get close.There are a few more updates to come before the roster is complete, but it’s already clear it’s gonna be a heck of a Con, presentation-wise. Remember to watch this space and we’ll update you as soon as we have new speaker selections.
Another thing to keep in mind is that there’s more going on, speaker-wise, than just the Official DEF CON tracks. The Villages have their own speakers throughout the con - you can find links to all the individual village websites at http://defcne.net/villages/22.
Malware in the Gaming Micro-economy
Zack Allen and Rusty Bower
Fun with Symboliks
atlas
Cracking Cryptocurrency Brainwallets
Ryan Castellucci
Stagefright: Scary Code in the Heart of Android
Joshua J. Drake
Unbootable: Exploiting the PayLock SmartBoot Vehicle Immobilizer
fluxist
Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion
Marina Krotofil and Jason Larsen
F*ck the attribution, show us your .idb!
Morgan Marquis-Boire, Marion Marschalek, and Claudio Guarnieri
Hacking Smart Safes: On the "Brink" of a Robbery
Dan “AltF4” Petro and Oscar Salazar
Title TBA
Peter Shipley
Machine vs. Machine: Inside DARPA’s Fully Automated CTF
Michael Walker and Jordan Wiens
Pivoting Without Rights – Introducing Pivoter
Geoff Walton and Dave Kennedy
Stick That In Your (root)Pipe & Smoke It
Patrick Wardle
Investigating the Practicality and Cost of Abusing Memory Errors with DNS
Luke Young
The last qualifying event for DEF CON 23’s CTF competition is in the rear view. For those of you who didn’t compete but want an idea of what a high-level CTF competition looks like, we offer links to some quality write-ups. The write-ups not only give you insight into the competition, but the careful reader can also learn something of the mindset that succeeds at this kind of contest. If you’re on the fence, it’s time to read up, level up and get in the arena. CTF glory awaits.
Brand new 'Speaker's Corner' post on defcon.org - 'Hackers and Healthcare: A Call to Arms' by Christian “quaddi” Dameff, MD and Jeff “r3plicant” Tully, MD.
Quaddi and r3plicant are hackers who moonlight as physicians, and the piece makes the case that turning around the rash of healthcare industry data breaches and tech failures is going to require cooperation with the hacker community.
If you'd like some more of these hacker/doctor/futurists dropping science, you're in luck.
from DEF CON 20 'Hacking Humanity: Human Augmentation and You'
from DEF CON 22 'Hacking 911: Adventures in Disruption, Destruction and Death'
From the upstanding citizens of the Legitimate Business Syndicate:
"Thanks for being a part of our biggest DEF CON CTF qualifiers yet. We're still very excited at how well the 4407 players, 1472 teams, and over 4000 unique IP addresses performed in our game, and have some preliminary results and other information to share with you."
The contest ended with a three-way tie between PPP, DEFKOR and 9447. As the LBS sorts through the data, they'll post everything at https://blog.legitbs.net.
For those of you who'd like to get a close-up view of the action, you can find a whole bunch of writeup goodness at https://github.com/…/…/tree/master/defcon-qualifier-ctf-2015
If you competed and have a write-up to contribute, that's a great place to put it.
Thanks to all the competitors and to the Legitimate Business Syndicate for making everything happen. Good luck to the groups moving on to the big showdown in Las Vegas, where it shall be on like the proverbial Donkey Kong.
DEF CON makes a lot of swag available for the black T-shirt crowd. Like, black T-shirts mostly.
But what about the fancy people? What about folks who love DEF CON but have the kind of life you have to dress up for, like international superspies? Or international super villains, even?
Introducing the DEF CON cufflink! Made of the finest metallic metals and bearing the grinning skull logo of your favorite security con, the DEF CON cufflink is the perfect accessory that says, “I’m formal, but I like to party, hacker style”. Available in a limited run from our eBay store, this cufflink will make everyone notice you at your next Macao charity gala.
Then they’re probably gonna ask you to fix their computer, but they will notice.
The main CFP is closed, but that doesn't have to mean you can't speak at DEF CON 23.
Several of the Villages are still looking for speakers in their specific subject areas. If your idea is about Crypto/Privacy, IoT, SE or Packet Capture, quick action could still secure you a speaking opportunity before an audience that's passionate about the topic at hand.
Crypto and Privacy village - Deadline June 30
Internet of Things village - Deadline May 26
The time has come. The final qualification opportunity for CTF at DEF CON 23. Team size - ∞. Registration - open, and available all the way until the contest ends. Battle begins at midnight UTC, May 16 and runs until midnight UTC May 18. If you think you deserve a spot at the Vegas finals, this is your last opportunity to prove it.
For up to date info on the contest you can follow the scoreboard at 2015.legitbs.net/scoreboard or keep an eye on @legitbs_ctf and @defcon.
Prepare your team. Reach for glory. Godspeed, one and all.
Enjoy a new round of DEF CON 23 speaker selections, on us!
Extracting the Painful (blue)tooth
Matteo Beccaro and Matteo Collura
Switches Get Stitches
Colin Cassidy, Eireann Leverett and Robert M. Lee
USB Attack to Decrypt Wi-Fi Communications
Jeremy Dorrough
Low-cost GPS simulator – generate fake GPS signal by SDR
Lin Huang and Qing Yang
ThunderStrike 2: Sith Strike
Xeno Kovah, Corey Kallenberg, and Trammel Hudson
Drive It Like You Hacked It: New Attacks and Tools to Wirelessly Steal Cars
Samy Kamkar
How to Hack Government: Technologists as Policy Makers
Terrell McSweeny and Ashkan Soltani
Spread Spectrum Satcom Hacking: Attacking The GlobalStar
Colby Moore
Detecting Randomly Generated Domain Names; A Language Based Approach
Mahdi Namazifar
Some Foundational Work Towards Making Deus Ex And The Matrix Real Life Stuff: A Talk On Non-Invasive Sensory Augmentation
Great Scott (Scott Novich)
Staying Persistent in Software Defined Networks
Gregory Pickett
Breaking SSL Using Time Synchronisation Attacks
Jose Selvi
Shall We Play a Game?
Tamas Szakaly
Looping Surveillance Cameras through Live Editing of Network Streams
Eric Van Albert and Zach Banks
'DLL Hijacking' on OS X? #@%& Yeah!
Patrick Wardle
Build A Free Cellular Traffic Capture Tool With A Vxworks Based Femoto
Yuwei Zheng and Haoqi Shan
If you've got a project, a gadget or a tool that you'd love to show off to DEF CON attendees, there's still time to sign up for the DEF CON Demo Labs! You bring your wares, and we provide you with a dedicated time and location to show them off. It's a great opportunity to get your project some user testing, cultivate some collaborators or get an idea how your idea rates with the hacker demo. The information you need to sign up is here: https://www.defcon.org/html/defcon-23/dc-23-demolab.html
What would you do with a whole penthouse suite at DEF CON? Throw a party the bards will sing about until the end of days? Film a security 'Shark Tank' reality show? Roomba Thunderdome? Come up with a cool concept, event, or party that will be open to all attendees from Thursday to Sunday and if you are selected DEF CON will release to you or your group one of the suites at a cost of $500 per night - so $2,000 for the con. They usually go for $1,500 to $2,000 per night. You can read the whole announcement on the DEF CON 23 site: https://www.defcon.org/html/defcon-23/dc-23-cfsuites.html
Our humble party game 'Spot the Fed' is getting a lot of press lately.
Which is cool.
The good folks at MuckRock filed a FOIA Request that asked for, among other things, the FBI's files on DEF CON, and at the end of April they got a response in which STF is mentioned specifically a few times.
Which is also cool, but there's a little more to the story that DEF CON fans might be interested to hear.
First: Spot the Fed for the uninitiated.
Spot the Fed is a con amusement enjoyed by hackers and Fed/Gov/LE attendees alike, and it works thusly: Con-goers notice a suspicious 'outdoor kid' lurking about, and they alert a Goon (preferably Priest). With the spotee's permission, Priest or one of his minions asks a battery of questions designed to discover their mode of employment. If MIB status is uncovered in the course of questioning, the spotter and the Fed get T-shirts. Both spotter and spotted are then free to resume their conference unmolested. So it's sort of a catch-and-release program, if you will. We pride ourselves in both our ability to spot Feds, and our ability to return them in the condition received.
Now, a little backstory.
For reference, here's a shakycam recording of a round of Spot the Fed from DEF CON 14, featuring the incisive interrogatory style of Priest.
The picture attached to this post is from DEF CON 2 and features the very first Fed ever Spotted wearing the very first 'I Am the Fed' shirt we ever gave out. Memories.
Astute readers of the FOIA docs
http://www.defcon.org/images/links/foia/FOIA-request-1321038-00.pdf
http://www.defcon.org/images/links/foia/FOIA-1321038-0-defcon12.PDF
http://www.defcon.org/images/links/foia/FOIA-1321038-0_-Defcon8.PDF
http://www.defcon.org/images/links/foia/FOIA-1321038-0_-Defcon3.PDF
will notice that there was another FOIA request for DEF CON still being processed at the time that MuckRock's request was going through. That request came from badass EFF lawyer and frequent DEF CON speaker Marcia Hofmann, and it was filed in response to a Federal Grand Jury investigation that you might recognize from the DEF CON documentary.
The docs actually help solve the nagging mystery DT's talking about in that video.
"I had always assumed the grand jury investigation was related to a National Security investigation, but now that the FBI FOIA is out we know. FEDs don't all attend because of the talks, sometimes they have real work."
-Dark Tangent
The docs are liberally redacted, but they do illustrate the varying levels of interest lavished upon our little party by one of the TLAs in attendance. The docs MuckRock released include reports from DEF CONs 3, 8 and 12.
Despite the hostility people insist on reading into the FBI comments, spotted Feds almost universally take the stage with good humor and answer our questions with patience and more candor than their job descriptions require.
If you want to get in on the FOIA action and see some FBI files of your own, we recommend watching this talk from the aforementioned Marcia Hofmann from DEF CON 18.
The DEF CON block at Bally’s and Paris is officially sold out. There’s still some good news for procrastinators, though - there’s still room at our con-goer rates at the nearby Flamingo, Link, Planet Hollywood and Caesars. At least, there is room right now. You’re gonna want to act briskly if you want to get the DEF CON group rate.
Here’s the reservation link:
https://aws.passkey.com/g/32601197
And here’s the direct lines to the hotels still offering the DC23 rate:
Flamingo 888-373-9855
Caesar's 866-227-5944
Linq 866-523-2781
PH 866-317-1829
A friendly reminder from DEF CON HQ:
If you're waiting until the last possible moment to submit your talk proposal for DC23, please be advised that we have arrived at that moment. Sunday May 10 is the last day we'll be accepting entries, so it's time to stock up on Code Red, take a few deep breaths and get that sucker done. We're looking forward to seeing what you've got.
The FAQ is here: https://www.defcon.org/html/links/dc-speakerscorner.html#leah-cfp-process
You've got this. Just make sure we've got it by Sunday.
Brand new addition to the DEF CON Villages this year - IoT Village! Lots of workshops on hacking off-the-shelf connected devices, live talks and even some contests.
There's also a CFP. If you have a good idea for a talk about the Internet of Things, you've got until May 26 to submit to them at the link below. Topics they're looking for include:
Raiding Internet of Things - Show us how secure (or insecure) IP enabled embedded systems are. Routers, network storage systems, cameras, HVAC systems, refrigerators, medical devices, smart cars, smart home technology, and TVs -- If it is IP enabled, we're interested.
IoT Device Management – Discuss best practices for deploying and building security into IoT devices.
Anything else awesome that involves IoT devices!
This is the home stretch for getting your talk submitted for DEF CON 23. The submission deadline is May 10. If you still have unanswered questions about the process of submission or selection, Leah has created a pretty exhaustive and very useful FAQ on Speaker's Corner!
We know you have ideas. We know you’ve walked the floor at DEF CON and thought, “I know what kind of contest or event this place needs. One day I’m gonna get MY idea for Roomba Thunderdome to DEF CON and rule this place."
That one day is today (but not if your idea is Roomba Thunderdome - that’s mine). It’s time to take your great idea for a DEF CON contest or event and submit it to us. If it’s good enough, and you get it submitted by May 30, you may get to see your idea become a glittering Las Vegas reality.
The information you need to manifest your brilliance has a Forum thread. Go there and make us proud.
The DEF CON 23 Call for Vendors is now open, so if you have a product or merchandise you want to put in front of thousands of hackers you should check out defconvendors.com . It’s all there – all the info, the vendor area layout and even a surprisingly thorough FAQ. As always, we run out of vendor space pretty fast, so it’s a good idea to get yourself registered as soon as you can. The early bird catches the worm, and the late bird has pallets stacked with regret.
May 10 will be upon us in less than a fortnight - is your submission prepared? Tarry no longer, friends. Fortune favors the bold.
Submit to the DEF CON 23 CFP before glory slips from your grasp.
Our speaker selection elves have been hard at work, sifting through the proposals for DEF CON 23, and they have a Friday present for you. The first round of Speaker Selection is done!
Did you feel that? That’s DEF CON 23 getting REAL, people. August 6 is closer than it sounds.
The selections are available for your inspection on the Speaker Page. More will be posted in the coming days, so check back from time to time. Also, if you have a talk you want to see on this list, you only have until May 10 to submit it to us. That is hella soon, so get on it!
Reminder: The DEF CON Villages are up and rocking at the #tribecafilmest in NYC! Four Villages (Crypto/Privacy, Hardware Hacking, Tamper Evident and Lockpicking) full of hands-on activities and clever humans spreading hackish knowledge.
The Villages are live today through Saturday, and our founder Dark Tangent will be speaking Saturday at noon. LosT, our resident mad crypto scientist and creator of the Mystery Challenge will also be making an appearance.
It's all going down at Spring Studios at 50 Varick St. You can find out more at https://tribecafilm.com/…/tribeca-film-festival-2015-def-con .
If the DEF CON Shoot is part of your traditional DC festivities, it's time to get yourself signed up and get a lane rented. The event organizers are hoping that all lane rental requests will be in by July 1, so don't delay.
If you don't know about the DEF CON Shoot and you want to know more, the link below has a lot of good information to get you on your way.
http://deviating.net/firearms/defcon_shoot/registration.html
In light of the story about Chris Roberts of One World Labs being pulled off a plane by the FBI after talking on air about some of the risks inherent in in-flight networking, for #defconflashbackfriday we give you two talks on the subject of security in the air.
The first is from DEF CON 22. The presenters are Dr. Philip Polstra and Captain Polly and it's entitled "Cyberhijacking Airplanes: Truth or Fiction?"
http://youtu.be/Uy3nXXZgqmg
From way back at DEF CON 20, we also offer "Hacker + Planes = No Good Can Come of This" by Renderman.
http://youtu.be/mY2uiLfXmaI
The security research community does indispensible work in the public interest. Making that work inconvenient or impossible serves only the bad guys.
While the classic Film Noir period happened in the 40s and 50s, the style and preoccupations of Noir are alive and well. Sometimes referred to as Neo-Noir - here’s five notable takes on the genre that will get you up to speed:
Blade Runner: The undisputed champion of sci-fi flavored Film Noir. Hard-boiled private investigator, rain-slicked streets drowning in neon and depravity, a secret so dark we keep it from ourselves. Add to this the insanely detailed and haunting visual design - still maybe the most beautiful dystopia ever committed to celluloid - and you have a permanent chart-topper.
Blood Simple: The Coen Brothers' debut film about small-town jealousy and betrayal is both a love letter to Noir and a darkly comic blast of adrenaline that still stands up over 30 years later. The plot is an ever-tightening noose of bad faith and personal corruption.
The Killer: John Woo. Chow Yun-fat. Doves, the Hong Kong skyline and So.Many. Bullets. A grimly beautiful tale of underworld honor and devotion with operatically insane actions sequences that are still being copied around the world.
Brick: Underappreciated high-school noir starring Joseph Gordon-Levitt as the dogged investigator determined to find the truth, damn the consequences. The setting and the distinctive slang make it unique, the performances make it a first-ballot hall-of-famer.
The Yellow Sea: 2010 film by South Korea’s Na Hong-jin about an ethnic Korean (Joseonjok) taxi driver in Yanji, China. His twin obsessions with gambling and his estranged wife lead him into a murder plot that’s way out of his depth. You might watch some of this through your fingers, but it’s compelling cinema and steeped in Noir style.
Honorable mentions: To Live and Die in L.A, Shallow Grave, Oldboy, The Last Seduction.
Attention, Inkslingers: DEF CON 23 Press Reg is open. The details and requirements are available on the Press Registration Page.
–30–
Reminder to everyone in the vicinity of NYC, a sampling of DEF CON is making an appearance at the Tribeca Film Festival! Four Villages (Hardware, Crypto, Tamper-Evident and Lockpicking), and three Panels covering the way hacking gets portrayed on the silver screen. The festivities start Thursday, April 23, topped off with a talk by Dark Tangent at noon on Saturday, April 25.
The filmmakers at TFF have a voice in how hackers are seen by the world. Come by and make sure that we do,too.
https://tribecafilm.com/stories/tribeca-film-festival-2015-def-con
Announcing yet another cool way you can participate in DEF CON: the DEF CON Demo Lab!
New for DEF CON 23 we are adding an place for you to show off your tools, projects, and tech to attendees - much like a poster board session but with computers.
The DEF CON Demo Lab is a dedicated area for hackers to show off what they have been working on, to answer questions, and even convert attendees into trying of giving feedback on their projects.
Presenters will be given a dedicated time and location to present a tool or project of their creation; show what it does, how it works, and why we need it in our arsenal.
Got something you’re itching to share? Get involved!
Full details at: https://www.defcon.org/html/defcon-23/dc-23-demolab.html
On the 3rd floor of Ballys South tower, The Jubilee Tower, lay seven rooms [1], each one 1,400 sq feet. That's enough space for about 55 people in classroom format. What to do with all that space away from the main action of the convention? I've wanted to try workshops and trainings for years but we have never had the room once we filled up the Rio. Now we finally have some space at the new hotels so I am calling on the community to tell us what we should do with the rooms.
Check out the Call for Workshops for full details!
For the first time ever, DEF CON is teaming up with the Tribeca Film Festival to bring a few of its famous Villages to New York. The Villages – interactive spaces stocked with gear, projects and brilliant humans – immerse the visitor in particular nodes of hacker culture. Hands-on activities, eye-opening presentations and open-ended experimentation combine to bring out the hacker in everyone.
Join us April 23 - April 25th, 2015 in Studio X of Spring Studios and you will:
• Learn to pick a lock in the Lock Picking Village.
• Make your devices and identity more secure by seeing how the bad guys operate in the Privacy/Crypto Village.
• Study the noble art of voiding all your warranties in the Hardware Hacking Village.
• Get schooled in the hacker's most important skill in the Social Engineering Village.
• Discover what it takes to open that weird security envelope without leaving a trace in the Tamper-Evident Village.
On the top floor of Ballys are four penthouse suites, and we are calling for people or groups who are interested in renting them and throwing something cool for the hacking community. Here is the deal:
Come up with a cool concept, event, or party that will be open to all attendees from Thursday to Sunday and if you are selected DEF CON will release to you or your group one of the suites at a cost of $500 per night - so $2,000 for the con. They usually go for $1,500 to $2,000 per night. You can read the whole announcement at:
We’re looking for performers. If you’ve got a band, or some righteous DJ skills, or you are crazy good at Tuvan throat singing, we want to hear from you. DEF CON is a big event, and our rocking requirements are substantial. Even if you just want to spin some chilly beats for con-goers on a caffeine comedown - we want your application.
If you have the goods to rock the people, fill out this form. Get in the ring. Win DEF CON.
To get you in the mood for DEF CON’s Noir theme, we offer some Film Noir knowledge and recommendations.
Noir is a slippery category, but it’s generally taken to mean films with a cynical worldview, moody, stylized cinematography and stories that turn on darker human impulses: lust, greed, vengeance. They are stories of the desperate and the doomed, the outsiders who will never really belong to polite society.
The golden age of film noir is the 1940s and 50s, but the genre left its mark all over popular culture and great noir (or neo-noir, if you’re not into the whole brevity thing) is still being made today.
Double Indemnity: Arguably the film that kicked off the genre. All the elements are present. The lighting is dramatic, the dialog is sharp and the plot turns on murder for easy money. Directed by the great Billy Wilder and written by detective fiction immortal Raymond Chandler. Double Indemnity is the heavyweight champ of golden age noir, with 7 Oscar Nominations.
Kiss Me Deadly: Adapted from the Mickey Spillane novel of the same name. Starts with a disreputable private eye picking up a terrified hitchhiker escaping from a mental hospital wearing only a trench coat, and then things get weird. A Cold War parable with a breakneck plot, a mysterious box and as pitch-black an opinion of the human condition as you could put on screen in 1955.
Out Of The Past: To create the mood of a good noir, you need actors with moodsetting skills - lurking, looming, smoking with intent. No one has ever been better at doing those things than Robert Mitchum. Pay close attention to his looming work in this film. 10/10 would cross the street to avoid. Bonus: You can check out Mitchum being extra foreboding in 'Night of the Hunter'.
D.O.A: Some of the plot tricks in this movie might seem familiar, but only because directors borrow from it all the time. D.O.A. was pretty avant-garde in its time.
Our protagonist is dying - soon. He uses the remainder of his rapidly expiring time to find out who murdered him and see justice done. Lots of newer movies use the forced clock, the backwards storytelling, the inside-out murder mystery but very few of them do it any better.
Touch of Evil: The opening shot - a long, unbroken meander through the scene of our intrigue - is a clinic on mood-setting. Questionable makeup choices aside, this is the platonic ideal of what a dark melodrama should look like.
Honorable mentions: The Killers. The Asphalt Jungle. The Big Sleep.
You can tell it’s springtime in the Northern Hemisphere. The flowers begin to bud, the non-crow birds start to sing outside your window, and the new DEF CON website is launched.
The new website announces the theme of DC23 (The 23 Enigma: A Hacker Noir, for anyone just joining the party). As DEF CON 23 assumes its final form in the coming months, you’ll want to keep checking back. Bookmark that mug. Set it as your home screen. We’ll be filling the site in with speakers, events, contests, schedules and everything you need to make the most of your DEF CON experience.
August will be upon us faster than you’d think. Get excited, people.
And srsly, bookmark the DC23 site.
Sin City is a lot to take in. Friends of Bill W. joining us for DEF CON 23 are invited to take a break from the Vegas of it all with meetings at noon and five p.m., Thursday, August 6 through Sunday, August 9. Your hosts will be Jeff Mc and Edward B. The location has yet to be determined, so keep an eye on this space and we’ll update as new information becomes available.
You can mail us any specific questions at info at defcon dot org and we’ll get what answers we can for you.
CTF Season is in full swing - the final qualifying event is May 16-18. For those with the skills, the drive and the energy drink tolerance, glory awaits.
Screw your courage to the sticking place, step into the light and embrace destiny. Let the battle be joined!
Also, register on the Legitimate Business Syndicate website. Then, embrace destiny.
The fine folks from MFP are bringing back the village for everyone who wants to test their skills against modern tamper-evident technologies. Contests, workspaces, presentations and demos - the TE Village is kind has all kinds of stealthy fun for the sneakily inclined. To learn more, check in on the Forum Thread:
https://forum.defcon.org/…/220156-tamper-evident-village-re…
Friendly reminder to the writers in the DEF CON community:
The DEF CON Short Story Contest is OPEN. Like, right now.
The theme is 'The 23 Enigma - a Hacker Noir'. The contest closes June 1. Human badges are on the line. The rules are in the DEF CON Forums.
https://forum.defcon.org/…/219870-short-story-contest-2015-…
Let's get those keys clickety-clacking, people.The drop-dead date is closer than you know.
If you’re a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join your host Jeff McNamara at 6pm on Friday, August 7th for a friendly get-together, followed by dinner/drinks and conversation. The location of the meet is still to be determined, but we’ll post as soon as the details are settled. If you’d like to help out with the event or have questions, contact jeff at jcmclaw dot com.
The WoS Packet Village returns for DEF CON 23 and they're looking for speakers. If you can cobble together a riveting 1-hour presentation on topics like network sniffing tools, or incident response, or Python programming for security practitioners, you can get selected to speak in the wildly popular Packet Village. Whether you're looking to dip your toe into speaking at security cons or you're a seasoned pro with an idea that fits perfectly into the Sheep demo, you owe it to yourself to check out this opportunity.
The full details are available at their site.
http://www.wallofsheep.com/pages/call-for-presentations-at-def-con-23
As you know, the DEF CON 23 Call for Papers is open. If you've ever been curious about how your sensitive research information is treated once we get it, who gets to see it, whether we put coffee mugs down on it - the CFP Privacy Policy we've added to the Policy Page has your answers.
The Black Badge is highest honor DEF CON can bestow. You have to do something awesome to win one, and if you manage that you get in to DEF CON free for the duration of your natural life. It is, in a word, ballerific. It also maxes out your charisma when worn with an ironic t-shirt.
We’re compiling a history of the winners, and we’ve put up a Black Badge Hall of Fame page to get that process started.
The thing is, we weren’t always so good at keeping records. Because we are a giant Vegas hacker party. It’s pretty likely we’ve left off some deserving names or missed an event or two that were eligible for a Black Badge. If you know something that got overlooked, or think we got something mixed up, please let us know. Drop us a line at info@defcon.org and we’ll look into it and fix what needs fixin’.
More stuff returning for DEF CON 23!
SoHopelessly Broken - Last year's popular Small and Home Office Router hacking contest is back, with a twist!
Hair farmers, rejoice! The DEF CON beard and moustache contest is back as well. Your commitment to medieval grooming habits could finally pay off.
And from the DEF CON Forums:
The 'Be The Match Registry Drive' is going to be back for DEF CON 23. This gives you another chance to be a straight-up superhero by getting yourself on the list of potential marrow donors.
You need to be between the ages of 18 and 60, meet the health guidelines and be willing to donate to ANY patient in need. At the recruitment drive, you will fill out a consent form with contact information and a short medical evaluation. You will receive more information about what it means to be a donor and then you will swab the inside of your cheeks. Your tissue type will be listed in the Be The Match Registry until your 61st Birthday. If you are a match for someone in need, then you will be contacted for donation.
More info here:
http://bethematch.org/about-us/how-we-help-patients/be-the-match-registry/
DEF CON’s official Code of Conduct is now live on the Policy Page. If you’re planning to attend DEF CON, please take a minute to look it over. The rules haven’t changed, but now they’re in a handy written form for easy reference in moments of quiet reflection or in your hectic, on-the-go lifestyle.
You’ll be expected to hold yourself to the terms of the CoC at DEF CON, but you can take them with you anywhere. Feel free to practice the precepts contained in the DEF CON CoC in the non-DC situations of your choice, including but not limited to board meetings and LARP events.
We appreciate you taking the time to familiarize yourselves with the code, and we leave you with a quote that we believe gets at the heart of what we’re trying to create here, from the collected wisdom of Theodore Logan and Bill S. Preston, Esquire.
‘Be excellent to each other.’
Lots of news today:
The Thursday track DC101 is back for DEF CON 23 and they have an open CFP! If you’ve got a good talk in you that can help people optimize their con experience or expand their general knowledge base, this might be a great opportunity to get your feet wet as a DEF CON speaker. You can find out what they’re looking for and apply on the dc101 page.
For those of you of a literary disposition, you should know that the DEF CON Short Story contest is open and accepting entries. The theme is “The 23 Enigma: A Hacker Noir”. You know, sleepless streets with a million blind alleys and rules that won’t stay put. Pleasures that can only be bought with pain. The pulsing digital cords that bind us together but keep us from getting too close. The spreading darkness the hackers see first, before the grazing genpop has any idea what’s coming.
And if you’re looking for puzzle challenges to hold you over until con, the good folks at Queercon have one or you at this link. Give it a shot and keep your puzzle muscle strong. DEF CON 23 will be here before you know it.
Rachel from cardholder services is back and there's a price on her head.
Fresh off the popular 'Zapping Rachel' contest at DC22, the FTC is returning to DEF CON this summer with a brand new contest and a big wad of prize money. Called 'Robocalls: Humanity Strikes Back', it challenges you to create a tool that allows mobile and land-line users to identify and block robocalls or deflect them to a honeypot for great justice.
The qualifiying round is open now and closes June 15. Qualifiers compete at DEF CON 23 for cash prizes, including $25,000 for the winner. You can find all the rules and regs on the contest website.
http://www.ftc.gov/news-events/contests/robocalls-humanity-strikes-back
We're a little past the halfway point between cons, but DEF CON 23 is already taking shape nicely! Cool stuff with intention to return for DC 23 includes:
Contests:
Black Bag
Crash and Compile
Capture the Flag
DEF CON Bots
Darknet Project
Scavenger Hunt
Short Story Contest
Schemaverse
Events:
SkyTalks
DEAF CON
DEF CON Shoot
Ham Radio Exam
Villages:
Crypto/Privacy Village
Hardware Hacking Village
Lockpick Village
Packet Hacking Village
Tamper-Evident Village
Wireless Village
Social Engineering Village
And there's lots more to come.
In the coming days, we'll be highlighting different individual contests, events and villages in this space, so keep an eye out. If your favorite thing isn't yet on the confirmed list, you can keep tabs in the Contests & Section of the DEF CON forums. It's never too early to start planning how you're gonna get involved this year.
Today we’re launching a brand new policy page at defcon.org, and we’d love for you to take a look at it, and only partly because of the emotional validation it will provide for our lawyers. There’s also a lot of useful information on the page for everyone who plans to visit our conference or our website. As of today, there are three documents up there:
Privacy Policy
We make a real effort to protect whatever pieces of your identity pass into our hands, and we want you to have an understanding of what we can and can’t do to keep that data secure.
Transparency Report
It’s reasonable to wonder if sites you visit frequently have been served with a court order demanding logs and information. The transparency report is how you’ll know if it happens to DEF CON.
Black Badge Policy
Wonder if that Black Badge on eBay will render you ‘uber’ at the next DEF CON? There are rules, and we wrote them down for you.
As other policies are finalized, we’ll update the policy page. If you need another reason to check it out, consider this: every time someone reads a privacy policy all the way through, a lawyer gets their wings. Or a lawyer does 1d4 of smoke damage. It’s one of those.
After moving all of the DEF CON hardware (because the building was scheduled to be demolished – go figure), we started a pretty rigorous set of security upgrades.
HPKP support on the webservers? Check. DNSSEC support all around? Check.
In an effort to keep you informed about what we're up to, security-wise and to maybe inspire everyone to get up to date, DT has started a blog on the DEF CON forums about the upgrade process.
Check it out, and feel free to leave a comment!
Attention: The Crypto & Privacy Village CFP for DEF CON 23 is live now!
PS - Word on the street is there's even a puzzle in the CFP!
Crypto And Privacy Village CFP
DEF CON doesn’t just happen once a year in Las Vegas. It’s happening all around you, all the time. There are hundreds of DEF CON Groups all over the world that have regular meetings, put on talks and collaborate on projects of all kinds. You can be part of the one in your area, and if there isn’t one you can start one - it’s free and the information is available at https://www.defcon.org/https://defcongroups.org.
This week we’re sharing a talk on 3D printing given at DC719, the DEF CON Group for the Colorado Springs area. Dana G. Neilson presents on the history and uses of 3D printing and shows how they made a pretty cool DEF CON ring as a handy example. More importantly he shows that what ever sector you work in or what ever you want to make, if you can visualize it, draw it and either CAD (Computer Aided Drafting) it or have someone else CAD it, then your ideas can become physical object. There are endless possibilities with this growing technology, become part of its growth and then share what you know.
If you’re in the Colorado Springs area and want to learn more about DC719, they’re online at dc719.net. Introduce yourself.
If you’re part of a DC Group that has something they want shared by DEF CON, drop us a line at sleestak [at] def con dot org.
Sharing is our jam. We make an effort to get our product to everyone who can learn from it via all kinds of channels: YouTube, BitTorrent, direct download and even eMule. But security is also our jam. (We have multiple jams - deal with it.) So we’re putting a lot of thought into ways to make all that sharing more secure.
This post from the Dark Tangent is the first of several addressing the topic of more secure sharing, and it deals with BitTorrent.
It’s getting real, people. The DEF CON 23 Call for Papers is now officially open! If you’ve got some good stuff to share, it’s time to start getting your pitch together. You’ve got until May 10th to submit, but don’t get too comfortable. May will be upon us faster than you probably think.
To learn the requirements for a DEF CON talk, take a look at the CFP form and get an idea of the suggested topics, we’ve put together a handy guide at https://www.defcon.org/html/defcon-23/dc-23-cfp.html. Get yourself up to speed, get your forms filled out and get your proposal in front of our selection committee. This is going to be our biggest DEF CON yet, and there’s a lot of opportunities for speakers, both experienced and brand new. We’re hoping one of them is you.
As if that wasn’t enough CFP excitement, we’re also happy to announce that the Social Engineering Village CFP opens today! The requirements and submission form are online at http://www.social-engineer.org/sevillage-call-papers/. The SE Village is very popular and it’s going to be even bigger and more ambitious this year.
SE Village also has a bad-ass Capture the Flag contest happening. Check out the Rules and Registration page (http://www.social-engineer.org/ctf/def-con-23-sectf-rules-registration/). If you want to play, read the whole thing. For real. They’re very clear on this point.
We've added some links to the DEF CON website resource section: Some movies to watch, social media accounts to follow, hacker culture sites and technical books to get you on your way - today we're asking for music recommendations.
What do you listen to when you're sitting in the dark, making faces at your monitor? We want to compile a playlist of tunes to code/learn/fall into an internet rabbit hole by.
Strong enough to keep you typing into the darkness, subtle enough to stay out of your way when the big thinking happens — Send your suggestions to sleestak at defcon dot org!
The long-silent creature begins to stir! We have a new post in the Speaker’s Corner of the DEF CON website. It’s from DEF CON alum Paul Renda and it concerns future presentation ideas that involve Robots, AI and Tesla coils. Straight out of the DEF CON dream journal. You can read it here: https://www.defcon.org/html/links/dc-speakerscorner.html#renda-emp
If you’re a past DEF CON speaker who has something to share with the DEF CON community, please get in touch (@defcon , Facebook.com/defcon). We’re interested in what you’re thinking about and we’d love to help get the word out.
We're rolling out a major upgrade to the forums next week. New coat of paint, improved functionality, general up-leveling across the board. But wait - there's more! As soon as we've sorted out the new setup, we'll be releasing a mobile app version for Android and iOS. Stay tuned!
Good News, Everyone! The DEF CON YouTube channel now contains the full slate of presentations from DEF CON 22!
Delivered on Thursday to help you get a jump start on your knowledge-binge weekend, we’ve got over 100 presentations ready to jump across your face-brain barrier. Don’t know where to start? We’ve included a handy playlist option so you can hit play once and not come up for air for a few days. For those who wish to watch in furtive silence so as not to arouse the pointy-headed boss, there are captions.
You might want to consider taking a personal day.
Please enjoy and spread the word. Share the videos with people you think can learn from them. Pass it on.
Thanks for bearing with us during the last week or so, as defcon.org was migrated to a new location! We are currently getting the Forums and Media servers buttoned up, and moving on toward DEF CON 23. Look for the Call for Papers to open in the next week or two!
We’re moving to a new office in a few days, so please excuse any availability issues for the near future. We’re going to do our best to keep the site and the forums running smoothly through the whole transfer, but if you notice hiccups please know that we’ll be back to normal very soon.
In the meantime, if you need up-to-the minute news about what’s going on in the world of DEF CON, please visit us at Facebook.com/defcon, @defcon on Twitter or our Google Plus page.
DEF CON had a pretty great year, thanks to all of you. It takes a huge effort from so many people to create the kind of magical hacker summer camp that DEF CON has become, and we want to thank all of you for the parts you play:
• The geniuses who create the talks and the geniuses who review and select them.
• The mad zealots who dream up and carry out the contests and events.
• The dedicated army of goons who descend upon a nondescript Vegas hotel every summer and turn it into a hacker utopia by sheer brute force and guile.
• The attendees whose love, devotion and enthusiasm keeps this whole enterprise aloft.
DC22 had our biggest attendance ever. So big that some of the villages are probably bigger than the first several DEF CONs. So big, in fact, that DEF CON 23 will be in two hotels. Imagine that!
We will be occupying both Bally’s and Paris for DEF CON 23. More space, bigger villages, shorter lines. Like always, we’re counting on DC’s volunteers and the community at large to fill all that new space with ideas and ingenuity. It’s the greatest thing about running this type of conference - no matter what new ideas we throw out there, the community never fails to push it further than we imagined.
Thanks to everyone who made 2014 so great, and let’s get amped for an epic 2015.
As part of our social media housekeeping for the new year, we're leaving LinkedIn. As much as we like the service, we couldn't help but feel that we weren't using it to its potential, and that we were doing more to harvest spam than to communicate with all of you.
If you're one of the people who connected with DEF CON on LinkedIn, you should know that we won't do anything hasty. We'll leave everything where it is through January 2015, to give everyone time to collect whatever they need from our LinkedIn presence.
More importantly, we hope that you'll check out our other social media options. We have an active presence on G+, Facebook and Twitter and we're going to spend more time hanging out in r/defcon in the days ahead as well.
We have big plans for DEF CON 23, and we want your input.
The season of DEF CON 22 Torrents continues! This time it’s a torrent of some of the great live music from this year’s con. Not available in any stores, this compilation includes live performances from:
DJ Spooky
Alba T Ross
djdead
Ctrl
YT Cracker
MC Frontalot
VJ Q Alba
Jackalope
Floor Kode
Elite Force
Zebbler Encanti Experience
Kriz Klink
That’s hours and hours of pure hotness, and it can all be yours for the low, low price of FREE. Act now, seeders are standing by. Offer good while supplies last. Side effects may include loose booty, headphoneitis and increased bounce rate. Ask your doctor if the DEF CON 22 Live Music torrent is for you.
https://www.defcon.org/html/torrent/DEF CON 22 live music.torrent
Begun, the DC23 CTF has!
Legitimate Business Syndicate, the shadowy organization that provides the hustle and the muscle behind the DEF CON CTF tournament, has announced its list of qualifying contests for the 2015 showdown in Las Vegas.
If you have the team, the drive and the raw skills, it's time to start making plans. To pluck the flower of eternal glory from the Nevada desert, you must first prove yourself in the crucible of a qualifier.
Assemble. Register. Qualify. Prevail. The road to victory is now open.
https://blog.legitbs.net/2014/12/announcing-def-con-ctf-qualifying.html
We've got two more versions of the DC22 talks available for your torrenting pleasure. We've got slide only video, with the audio and slides uninterrupted by speaker face. We've also got talking head video, which is audio and speaker face uninterrupted by slides.
If either one of those is your preferred flavor, then your moment has arrived. As always, we ask only that you enjoy them and seed them so others can enjoy them as well.
It's us against the derp, people. Let's spread the knowledge.
Torrent update: 12 of the talks were missing from the first DEF CON 22 video/slides torrent, due to some unicode mishaps in their file names. We've corrected the links - this updated torrent file will complete your collection. As always, enjoy and pass it on.
https://www.defcon.org/html/torrent/DEF CON 22 video and slides.torrent
Waiting for the DEF CON 22 audio-only torrent? Wait no more! Every talk in one juicy torrent. Slurp them, seed them and load them into the noise-producing device of your choice. Feel the commute flying by - embiggening your brain painlessly as you go!
Enjoy, and share the love.
What's your favorite recent (2000 and later) tech/hacker/geek fiction?
The update of the DEF CON resources section continues. This time we're looking for your favorites in the area of fiction. What tales of geekery and hackerdom have captured your attention in recent years? In our hemisphere, the onset of winter brings with it a craving for meaty tomes to sustain us in our long hibernation. Share your favorites with us! Send suggestions to sleestak [at] defcon ]dot[ org!
We've updated the site's 'Resources/Book List' and 'Resources/Links We Like' with some of your suggestions, but if you have something to add to those lists, we're always listening.
Time to fire up your netslurpers - the DEF CON 22 video and slides are available for your datasuction. All the speakers, all the slides, in convenient Torrent form. Please enjoy them, share them, and seed if you are able. There's a lot of good stuff in there - you might want to block off a couple of days if you're a binge watcher.
Prefer a lighter download? Audio-only torrent should be live tomorrow. By the end of the week we'll have the slide-only and talking-head only versions too, if that's your thing.
The Wait is Over. Download 'em, seed 'em and spread the word.
We've launched an eBay store for DEF CON swag and collectibles. Right now, there's only three items, but we're stocking the e-shelves right now. Stay tuned!
As you dig into the turkey, and enjoy the company of friends and family, we at DEF CON want you to know we’re thankful for you, the hacker community. You put so much into our conference, and make it something special! Happy Thanksgiving everyone!
We’re announcing the theme for DEF CON 23 early. Like, hella early. Right now early.
The theme will be ‘The 23 Enigma - a Hacker Noir’. Fedoras and rain-slicked streets. Smoky back rooms and numbers that show up too often for coincidence. While the good people of Everytown dream away the dark hours, the data wars rage without ceasing. Sleepless vigilantes fight for the users, though the users may never know. No matter. A bottle of the good stuff, a fast connection and the room to do a righteous night’s work, that’s enough. It’s gotta be. It’s all that’s left.
Hackers, start your imaginations.
The Dark Tangent’s announcement is here: https://forum.defcon.org/showthread.php?t=14096
If you haven't gotten yourself involved in a DEF CON group, there's no time like the present to make some new friends, contribute to some cool projects, and generally help make the world a more hacker-friendly place. You can find information about DCGroups on the defcon forum, and in the groups section on defcon.org. Can't find one nearby? Start one!
Here's a short list of some of the US DCGroups meetings going on in the next few days:
Wednesday, November 12
DC214 (Dallas/Fort Worth) 7pm at Lakewood's First and 10 - contact (dc214.org)
Thursday, November 13
DC412 (Pittsburgh) 7pm at SEI Building, Oakland PA (rsvp at http://www.meetup.com/Steel-City-InfoSec/events/)
DC612 (Minneapolis) 6pm at Elsies Bar and Bowling Alley - event page (dc612.org)
Friday, November 14
DC719 (Colorado Springs) 7pm CTU Room 112 (dc719.net)
DC801 (Salt Lake City) 5pm at 801 Labs (dc801.org)
DCG POCs - got something going on you don't see here? let us know!
Last week 'Operation Onymous' - a Law Enforcement sweep of Tor hidden services websites - netted about 400 takedowns and 17 arrests.
The Tor blog has a post summarizing what happened, offering suggestions and soliciting feedback. The operator of seized hidden service site Doxbin has released his logs in hopes of helping find how the network was compromised.
For anyone looking for a discussion of the Tor network, what it can and cannot do and what users must do to maximize its effectiveness, we offer a talk from the Tor Project's Runa Sandvik from DEF CON 21.
http://youtu.be/qWr5D2RoXoo
https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous
http://gizmodo.com/here-are-all-the-dark-net-markets-seized-in-operation-o-1656541553
http://en.wikipedia.org/wiki/Operation_Onymous
http://www.wired.com/2014/11/operation-onymous-dark-web-arrests/
http://www.theregister.co.uk/2014/11/09/torpedod_dev_dumps_doxbin_files_after_police_raids/
We've mentioned it before, but the news about government spying sort of drowns it out: the commercial entities tracking your digital footprints are just as determined to capture all of your data and use it against you.
This week's big corporate data collection story was about Verizon and the 'unkillable' 'perma-cookies' they've been injecting into their customer's web traffic. It's certainly more the rule than an isolated example of service providers getting all up in your KoolAid, but it's generated interest because Verizon is huge and they are going out of their way to circumvent privacy measures built into your mobile devices.
This link roundup is about the Verizon story, but it's also a general reminder of the hard work that many, many digital middlemen put into unraveling your privacy sweater for power and profit. It's also a reminder that we have to be loud about these intrusions if we want them to stop. Companies like Verizon are not going to voluntarily give up all that sweet data unless they know they're going to lose subscribers.
We close the roundup with a link to a turbo talk from DC 19 about one man's work toward unveiling the methods of some major corporate browser history snoops.
http://bits.blogs.nytimes.com//2014/11/04/verizon-wireless-under-fire-for-ad-targeting-program/
http://www.pcworld.com/article/2841793/twitters-mopub-ad-exchange-grabs-verizon-tracking-cookies-and-more-may-follow.html
http://www.slate.com/blogs/future_tense/2014/10/29/verizon_perma_cookie_mobile_carriers_are_officially_out_of_control.html
http://www.forbes.com/sites/kashmirhill/2014/10/28/find-out-whether-this-privacy-killing-super-cookie-is-on-your-phone/
http://www.tomsguide.com/us/att-tracks-mobile-users,news-19848.html
http://youtu.be/BAdtXkus-Xc
We're updating the DEF CON website's resource recommendations, and we'd love some suggestions from you. We're starting with computer reference books. We want to know which ones you find yourself going back to, which ones changed the way you think. What computer reference book has been indispensable to you? Send your suggestions to sleestak at defcon dot org!
We'll be asking for lots of other types of recommendations in the coming weeks.
We present to you, today’s featured DEF CON Speaker! The greatest ever! Ermahgerd look at it amplifry! What a work horse! Never tires! All it’s bass…
Don’t like this? Do something about it.
If you’re a DEF CON Speaker (past or present) and would like to write a post to become featured here, on the Speakers Corner section of defcon.org, please send an email to Talks (at ) defcon (dot) org with your story. Drop us a line, let us know what you’re working on or what you’d like to share. DEF CON Groups members and speakers that also includes you! What’s your group been up to these days? Topics can vary from discussions on latest buzzword, walkthroughs, attack & defense, bio hacking, tips for improving certain skills, opinions on the state of affairs, etc. The possibilities are endless, and we are looking for content that fits in the spirit of http://en.wikipedia.org/wiki/Speakers'_Corner
In September, Apple and Google both announced that they were going to ship their new devices with encryption turned on by default.
This has caused some concern in the Law Enforcement community. James Comey, current Director of the FBI, went on 60 Minutes to urge manufacturers to reconsider. He believes that if the good guys don't have a 'golden key' to everyone's mobile device, the bad guys can 'go dark' and gain an advantage will lead to terror, child abduction and ‘threatens to take us all to a very, very dark place’.
There are a lot of problems with this logic. For example:
Evildoers always have the option of ‘going dark’, regardless of how much privacy we give up.
The 'golden key' isn't the only way for LE to get the data they want.
Most importantly, it's not possible to create a back door that can be entered only by the pure of heart. If the righteous can squeeze in today, the sketchy will, inevitably, squeeze in tomorrow. Later today, most likely.
Threatpost:
https://threatpost.com/edward-snowden-and-the-death-of-nuance/103902
Schneier on Security:
https://www.schneier.com/blog/archives/2014/10/iphone_encrypti_1.html
Gizmodo:
http://gizmodo.com/why-the-fbi-director-is-wrong-about-encryption-1648334901
Just Security:
http://justsecurity.org/16503/security-front-doors-vs-back-doors-distinction-difference/
Greetings, DEF CON community. Today, we bring you another update to our growing online archive for DEF CON 22 - all the links to the presentation materials, wrapped in a pretty little RSS bow for your convenience. All the presentation slides, links to all the tools and extras, all by grabbing the link below. Perfect for every occasion, and excellent as a holiday gift for the hard-to-buy-for geeks in your life. Because we love you. Watch this space for more DC22 video soon.
Sure, you love your DC22 badge. You love its sleek design and its powerful S guts. You swoon for its enigmatic symbols and breathtaking adaptability. But deep down, you worry that you could love it a little more if there was badge code available in C.
Worry no more. Instead, rejoice! Head over to the Parallax Forums and get to hacking that badge, C-style. If you do something awesome, let us know.
Because we love you, a midweek treat: enjoy the thrilling conclusion to DEF CON 22's Hacker Jeopardy Competition. For those of you playing along at home, good luck. For those of you attempting to listen in a public space, be warned there is foul language shouted at weather-altering volume. Headphones suggested.
Enjoy, share, and begin assembling your team of heroes for DC23!
For your enjoyment, we offer you Night One of our long-running hacker trivia gameshow 'Hacker Jeopardy'. Match wits with our champions by playing along at home (beers optional). If you play along at work, remember the headphones. Salty language and lots of shouting.
As always, enjoy and share. The exciting conclusion later this week.
The DEF CON rate is available at the following hotels: Paris, Bally's, Ceasars Palace, Planet Hollywood, Flamingo and Quad.
To get in on this rate, you'll need to use this link.
https://resweb.passkey.com/go/SBDEF5
Do not worry if the form doesn't immediately show the discounted rate. To verify that you're getting our price you can mouse over the dates you've selected or begin the checkout process.
If you prefer to use the telephone for this kind of thing, here's the list of participating hotels and the relevant Group Codes:
Ballys
800-358-8777
SBDEF5
Paris
877-603-4389
SPDEF5
Caesars
866-227-5944
SCDEF5
Planet Hollywood
866-317-1829
SMDEF5
Flamingo
888-373-9855
SFDCC5
Quad/Linq
866-523-2781
SQDEF5
We are excited about all the new space, and we hope you'll be able to join us.
Another couple of torrents for your edification and delectation.
First, the X-Hour Film Contest:
This was a first year contest that asked entrants to script, shoot, edit and submit a short film in 48 hours, in the middle of DEF CON. Seven teams entered, four teams submitted a final film and the winner was announced by celeb guest judge Brian Knappenberger (director, 'We are Legion' and 'The Internet's Own Boy'). They're also available to watch on the DEF CON YouTube channel.
https://www.defcon.org/html/torrent/DEF CON 22 x-hour film contest.torrent
Second, Volume 1 of the Official DEF CON 22 Photo Feed:
This is the first batch of pictures we've gotten in from our official Photo Corps. Stay tuned for Volume 2.
https://www.defcon.org/html/torrent/DEF CON 22 pictures v1.torrent
Tired of listening to your mp3 collection? Looking for a way to spice up that ho-hum hard drive? When's the last time you and your music stash really... connected?
Take care of your ears. Hot DJ sets have been shown in clinical trials to help treat the symptoms of boredom, malaise and sickofmycollectionitis. Side effects may include stupid grin, periodic head nodding and uncontrolled shaking in the booty region. If symptoms persist for more than four hours you should probably drink some water.
Ask your doctor if DEF CON 21 Music Torrent is right for you.
First up for your next leech 'n seed, we have the video for all the Wireless Village talks. That's three days worth of talks about subjects like Software Defined Radio, Bluetooth and yes, the Pineapple. Get on it, and you could have a significantly higher Wi-Q by Monday.
We’ve updated the CTF page on the DEF CON website. In addition to being the new permanent home for the torrent link to CTF packet capture Valhalla (170 gigs of that uncut raw), it’s also home to a small but hopefully growing number of walkthroughs and write-ups. As we get them in, we’ll put them on.
That’s what we are doing for you, for loving the CTF tournament. What you can do for us is seed, seed, seed and spread the word.
Your half-full drives are vulnerable. The webs are just looming there, waiting to pump your memory full of bad music, dumb videos and pictures of other people’s unremarkable pets. Protect yourself. Fill up that dangerous unused space with DC-related goodness.
So far, we’ve got six new and updated torrents up:
DEF CON 22 Speaker Materials:
Updated Speaker Materials: Torrent
DEF CON 22 Music:
Music CD: Torrent
DEF CON 22 Badge:
Collection of files related to hacking the DEF CON 22 Badge: Torrent
Collection of Hacker Documentaries hosted on defcon.org (Updated): Torrent
Collection DEF CON Hacking Conference Con CD/DVDs (Updated): Torrent
Collection DEF CON Hacking Conference Programs (Updated): Torrent
We’re going to be adding to that list in the coming days. Together, we will fight back the secret scourge of disk encruftment.
For today’s #defconflashbackfriday we’re going all the way back to August of 2014 and serving up the DEF CON 22 closing ceremonies. So if you were at the show but didn’t make it to the end credits,or you haven’t been to a DEF CON and want to get an idea of the sheer scope of the event, this flashback is for you.
As always, enjoy it and pass it on.
Do we ever have a treat for you analytically inclined individuals. The complete packet captures from the DEF CON 22 Capture the Flag competition are now available for your leeching pleasure!
That’s right: 170 glorious gigabytes, packaged up in a handy torrent for your convenience! All of the traffic from the World Series of hacking contests, now yours to fold, spindle and mutilate to your heart’s content.
Enjoy, share, and if you can, seed this data. Packet captures taste better when they’re shared.
Every year, we collect and share a sampling of the published reports from the press that covered DEF CON. It's interesting to see what gets the most interest, and it's gratifying to see that every year there are less stories about how scary hackers are and more stories about the incredible things hackers create and what we can learn from investigating the technology that surrounds us.
Transportation security, digital privacy, and the unexpected musings of eccentric AV software titans seemed to top the list in 2014. You can peruse the whole thing at your leisure on our press archive page.
Ladar Levison and Stephen Watt are working on the future of secure email. For your Thursday, we offer you the peek into their work on DIME that they shared with us at DEF CON 22. It's a very interesting talk, with a lot of information and acronyms. There's a lot to learn about how email security is broken, and a lot of ideas about how it could be fixed in the future.
As always, pass it on.
Maybe you weren’t able to attend the the hacker playground that was the 22nd DEF CON. Perhaps you did, and just didn't get to pick up all the bleeding edge research our speakers were throwing down.
Take heart, hacker brethren and sistren, our friends at the Source of Knowledge record it all, and you can purchase those presentations for frame by frame forensic dissection in HD video format! In fact, they also offer a streaming option for those that like to keep it online.
Check out all of the purchase options at defcononline.com!
Good news, everyone! The archive page for DEF CON 22 has opened for business. It feels like DC was only a couple of weeks ago, but you can already see the slides and extra materials from all the main-track talks. We’ll eventually be adding audio and video as well, so keep an eye on this space. In the meantime, bum rush these Power Points to your heart’s content.
As always, pass it on.
Early Release! More video from DEF CON 22! This time it's a presentation from Zach Lanier and Mark Stanislav about the many ways the Internet of Things isn't ready for prime time, security-wise, and some insight into the work being done to make it safe to connect your various 'Things' to the IoT. Enjoy, think carefully about how much you need your SlapChop all up in the cloud, and share. http://youtu.be/WHdU4LutBGU?list=PL9fPq3eQfaaBCdjbKFYjosh1s1EkaYdsQ
We had a lot of incredible contests at DEF CON 22. So many contests that they could have seceded and formed the People’s Republic of Contestia. So many, in fact, that the results are still coming in over a week later. To keep you informed, we’ve created a Contest Results Page on defcon.org. Check out who won, find links to the contest websites for further information.
If you don’t see your favorite contest, let us know @defcon or contact the contest organizer and ask them to submit their results.
The way I see it, Thursday is the Friday of the middle-week. So for your Thursday enjoyment, here's a talk fresh off the presses from DEF CON 22 - Dr. Phil Polstra speaking on low tech methods for detecting high-tech surveillance. Enjoy, take the info that works for you and pass it on. Share with everyone. http://youtu.be/Bc7WoDXhcjM?list=PL9fPq3eQfaaBCdjbKFYjosh1s1EkaYdsQ
More DEF CON 22 goodies for you - the packet captures from the ICS Village are available for you to download and dig through at your leisure. Also, if you have pics from the ICS Village, please share them with @ICS_Village on Twitter.
One of the popular talks from DEF CON 22 - "Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog" by Gene Bransfield. Enjoy, and share. http://youtu.be/DMNSvHswljM
So you've been home from DEF CON for a week now - probably settled back into your normal routine. In the back of your mind, though, there's probably a little voice that wishes you could have DEF CON-style hacker camaraderie and learning opportunities all year long.
The good news is, you can. You can join a DC Group in your area. If there isn't a DC Group in your area, you can start one. The instructions for starting a group are at the link below, as well as a listing of the hundreds of groups that already exist around the world.
And when you get involved, be sure to keep in touch with us on social media. Let us know when you're meeting and we'll share it. Tape your presentations and we'll share those, too. Let's make this the fastest trip from one DEF CON to the next by keeping the ball rolling all year.
Legitimate Business Syndicate has placed the final results of the DEF CON 22 CTF Finals on their website.There's scores, some shout-outs and even an explanation of their fancy radio badge and the cool contest visualization they debuted this year.
Congratulations to all won the right to participate, and extra respect to Plaid Parliament of Pwning, HITCON and Dragon Sector for taking 1st, 2nd and 3rd respectively.
What a difference a year makes. At DEF CON 21, Major Malfunction and Zac Franken created a Kickstarter for the RFIDler in a room at the Rio. At DEF CON 22, they returned with a mature and very impressive tool and even bigger plans for the future.
In this video, Major sits down with DT to talk about the RFIDler project.
One of DEF CON's secret weapons is LosT, our resident Puzzle Master and Lord of the Badge. You can see his work all over DEF CON, from the insanely hackable badges to the secret codes and messages hidden all over the program and the venue.
Dark Tangent interviews him here about all of his various DEF CON activities, his process and even gets a few hints dropped for next year's puzzles.
This was an amazing year, and we've got a lot to share about it. Tons of stuff coming down the wire very shortly. In the meantime, enjoy this VERY thorough walkthrough of the DEF CON Badge Challenge from Team PotatoSec (Warning: Spoiler alert for those still trying to solve):
http://potatohatsecurity.tumblr.com/post/94565729529/defcon-22-badge-challenge-walkthrough
And just so you know, DEF CON 23 will be held August 6-9, 2015, at Paris/Bally's on the strip in Las Vegas!
CONversation between DT and Ladar Levison, who spoke at this year's DEF CON on Dark Mail and the future of secure email.
The hackening is in full swing at DEF CON 22. The Rio is abuzz with all manner of high-octane geekery. If you're here, you're probably too busy leveling up to keep an eye on the press surrounding the event, so we bring you this mini-roundup of press links to see what the rest of the world is saying about us.
http://www.wired.com/2014/08/defcon-2014-badges-revealed/
http://blogs.wsj.com/digits/2014/08/08/telsa-invites-hackers-for-a-spin/
http://www.scmagazine.com/defcon-traffic-control-systems-vulnerable-to-hacking/article/365416/
DEF CON is in full swing - so there’s a million things going on. Here’s a few recent news items to tide you over while we get the party set up.
If you’re one of those people that enjoys being entertained by entertaining entertainers, you’re going to want to check out our newly minted ‘Entertainment’ page. So much music - it’s like Coachella for people who people smart enough to test out of Coachella.
https://www.defcon.org/html/defcon-22/dc-22-entertainment.html
For lawyers, judges and law students, there’s a Lawyer Meetup this year. DEF CON General Counsel and Chief Legal Raconteur Jeff McNamara invites all with a connection to the practice of law for a relaxed low-key meet up followed by a spirited trip to the Voodoo Lounge.
Don’t forget to stop by Track 3 at 9pm on Friday and Saturday for Movie Night with Dark Tangent. Friday we’re showing ‘The Internet’s Own Boy’ - a moving bio of internet hero Aaron Swartz. Director Brian Knappenberger and Aaron’s brother Noah will be in attendance for Q&A. Saturday, we’re showing ‘The Signal’. Directed by Will Eubank (who will also be in attendance), ‘The Signal’ is a mind-bending new scifi film that starts with some hackers on the road to DEF CON.
A few pro tips: stay hydrated, remember to eat and sleep. Keep the program handy - it’s like the Galactic Encyclopedia of DEF CON. Bring extra socks. Make new friends. Hack 100% of the things.
Reminder: The 'Zapping Rachel' contest has $17K in Cash Prizes up for grabs - so you can strike a blow against Robocallers and then try a new game: 'Escape from Vegas with Most of Your Winnings!'
The second one is probably harder.
The challenge? Defuse a bomb. I feel like I don't have to say a lot more than that. Bring your own tools, have an action hero moment for yourself.
Reg begins Friday in the Tamper-Evident Village, and it's probably wise to expect a bit of a queue.
Full info in the Forum:
https://forum.defcon.org/showthread.php?t=13947
One week, people. All that stands between all of us and DEF CON is a few measly days. To help get you amped up, we offer the SomaFM preview stream. Like last year, SomaFM will be manning the chill room and providing luscious, rejuvenating audio delights whenever you're looking for a recharge or a welcoming nook amidst the chaos.
Fire up the stream and close your eyes. It's like you're already at DEF CON.
http://somafm.com/defcon/
One week, people!
Rootz Asylum (formerly DEF CON Kids) has a full schedule of goodness planned for your padawan hackers. Learning, competition, fellowship with other hackish youth. It's pretty great. Back-to-school will definitely be cooler for the kids who spent their summer vacation winning DEF CON. http://www.r00tz.org
The sci-fi mind bender ‘The Signal’ centers around hackers on a road trip to DEF CON, so we can be forgiven for being a little biased in its favor. But from that promising starting place, the escalating weirdness and suspense take the movie everywhere but where you might expect. We don’t want to spoil anything - you’re gonna thank us if you go in with a clean slate. We’re proud to have ‘The Signal’ for Saturday’s ‘Movie Night with the Dark Tangent’, and we’re prouder still to have director Will Eubank on hand for Q&A after the screening. The last reel will definitely make you want to talk to Mister Eubank. Make it a point to be there!
Saturday the 9th at 21:00, Track 3
For even faster leeching pleasure of the conference media server we have invested in hard drive duplication towers, and next year DT plans to launch the Data Duplication Village.
Too busy to pick and choose what you want from the server and want it all?? This year we have three sets of 4TB drives that contain the same data as the media server, just split up and color coded. If you want to duplicate a particular drive you need to show up at the INFO BOOTH with your drives at the start of each day. First come First server. It will take about 8 hours to dupe a 4TB drive so a set will start in the morning and a set in the evening, to finish overnight.
There should be six 1:11 duplication towers (If they show up in time), with two for each drive color. That means we can dupe 66 drives at a time. Once enough people show up to fill a station the duplication process starts.
As of this writing it is sorted like this:
BLUE Drive = Conference Archives 1 of 2, including DEF CON
GREEN Drive = Conference Archives 2 of 2
ORANGE Drive = Podcasts, Cryptome, 1.5T of the Hak5 archives, FOSS Operating Systems, all other content
There will be an updated list at the infobooth.
Want in on it? Go buy some 4TB SATA II 7200 RPM drives (internal drives, not usb). Buy three if you want to try for the complete collection this year. I'd do it in advance, I think the local Frys will sell out! Duping should start Thursday!
You better have just done that spit-take. That's right. Electronica/Trip-Hop/IDM/dub music classics and pioneers: The Orb. They're here. They're kicking. And on the 3rd day of DEF CON (Saturday night/Sunday morning 00:00-01:00) their divine presence shall bless the glorious attendees who... attend their glorious and divine performance. Those who do not attend will be forsaken and cast into the dystopian landscape known as "the rest of Las Vegas." And so this event shall henceforth be written into the Dark Tangent's Book of DEF CON, Volume 22 - also referred to by some as "the conference program." So say we all.
A major announcement right here. We're bringing you the legendary DJ Spooky (That Subliminal Kid), a.k.a. Paul D. Miller. His CV runs deeper than the Mariana trench and is more Renaissance than the Teenage Mutant Ninja Turtles combined. Perhaps originally and best known for his artisinal music crafting (collaborating on projects with Meat Beat Manifest, Slayer, Chuck D.) and turntablism , he's become a university music professor (EGS, Switzerland), author (too much stuff to list), and an executive director of Origin Magazine. He's had his works featured in major museums like the Warhol, The Whitney, the Museum of Contemporary Art (Chicago), blahblahblahblah the pseudo-anonymous writer of this announcement could go ad infinitum. The point is, he's attained legendary-levels of awesome, and is coming to DEF CON to drop some hip-hop (perhaps with orchestral accompaniament) on Thursday Night in Track 1 (22:00-23:00)!
A favorite from DEF CON XX (he dropped the killer set after The Crystal Method), we're bringing the near-mythical adrenaline-inducing Elite Force back for another sonic pummeling. Many of you may also recognize one of his prior projects, Lunatic Calm, which had music featured on films like The Matrix, Mortal Kombat: Annhilation, Drive, and tooons of others. We're extraordinarily excited to have Elite Force back, and we'll all need to be sure to keep our collective cholesterol levels in check to ensure we can survive his performance. Catch him Saturday night in track 1 (23:00-00:00)!
Another throwback to DEF CON XX, we're bringing back one of the grandmasters of Nerdcore hip-hop, MC FRONTALOT. His prolific lyrical stylings have been proverbially known to knock socks off, so shoes (as always) are encouraged (we'll let sandals slide too). He's also the star of the acclaimed documentary Nerdcore Rising. Catch him Friday night in Track 1 (23:00-00:00), alongside other hard-hitters and partners in nerdcore-crime Dual Core and ytcracker!
Today we announce eccentric retro electro video game chip-tune-inspired dance-rock that is purveyed by ANAMANAGUCHI. Not only is their music video game-inspired, their music actually HAS appeared on video games (like Rockband and Scott Pilgrim vs. The World). The real deal! Check 'em out at the Friday festivities in track 1. (set time: 00:00, Saturday AM)!
Also be sure to check out their totally rad and typically incredibly neon music videos:
Do you remember the giant projection-mapped DEF CON exploded face? Or maybe the dragon installation? Or how about the DEF CON sign installation in the chillout lounge last year? These are the epic works of Zebbler's design team, who have also developed installations for the likes of Shpongle, EOTO, and a number of other class acts. But Zebbler doesn't just excel at design. He also excels, along with his comrade Encanti at music. Together, they form an incredible audiovisual duo that goes by Zebbler Encanti Experience, and they will be purveying this experience to you at DEF CON 22! Take delight in their glorious bassy weirdness at DEF CON's official Saturday evening event in track 1 (set time: 01:00, Sunday) !
Most of their music is free/pay-what-you-can too! Check it out:
Attention all accepted DEF CON speakers! The deadline for getting your materials in for inclusion on the conference CD is Tuesday, July 15. Pencils down. Pass your paper to Nikita. Thank you.
Registration is now open for those willing to push their Cyber Traffic Analysis skills to the limit, you can compete in the latest Cyber Analytics and Network Forensics Challenge. Now in its fifth year ! Capture the Packet has brought more APT’s, Trojans, Malware, Web and Red team attacks, network issues and sneaky covert channel coms to one event ! Do you know when important data is leaking out of your network and who is doing it - Can you handle the Advanced Persistent Threat ? Can you spot that nasty bug your neighbors workstation contracted from visiting an infected website ? Can you spot a networking configuration issue with routing, spanning tree, BGP or OSPF ? Do you know how to count your IPV6 lucky stars ? Do you speak VOIP, MGCP or H323 ? We welcome everyone to try their hand at the most intense live network traffic analysis and forensic challenge, who knows you could be our next grand finals winner. You must bring your own laptop/computer to compete in this challenge, remember while this is not an attack game, it is a hostile network.
Details:
This year, the completion is handled in three Challenging phases:
Pre-Qualifying Rounds Start Thursday August 7th at 1:00pm and End Friday August 8th at 1:00pm
Those that have the highest scores “overall” from all rounds combined, essentially 40 teams will move on to the qualifying rounds
The Qualifying rounds are held starting Friday August 8th at 2:00pm and end on Saturday August 9th at 1:00pm
The top 10 teams from the Qualifying rounds with the highest over-all move on to the finals held on Saturday at 6:00pm
The Final round will consist of the top 10 scoring teams to survive the qualifying rounds,
These 12 teams will compete in a two hour long finals competition to determine the winner
Register your team of two – at https://www.capturethepacket.com/ctp_dc_signup.html, or sign-up onsite.
Capture The Packet will be hosted in the “Packet Hacking Village” at the DEFCON Entrance Area !
Just a little over a month until we rendezvous at the Rio for DEF CON 22! Are you ready? We hear it's eleventy-one degrees there today, so bring weapons-grade sunscreen if you're one of those 'goes outside' kind of hackers.
You'll also want to know who's talking about what and when so you can plan your DEF CON experience. To that end, we proudly present the DEF CON 22 Speaker Schedule! Get yourself familiar, people. The key to maximum DEF CON is maximum planning. Or no planning. The key to maximum DEF CON has been in your heart all along. SCHEDULE IS LIVE!
We’re trying something new. Friday, June 27th at 11am Pacific Time, we’re hosting our first Google Hangout on Air. The guest is Jennifer Granick, DEF CON CFP Review Board member, preeminent hacker defense lawyer and Director of Civil Liberties for the Center for Internet and Society at Stanford Law School. The subject is her recent article for Wired regarding the verdict in United States v. Davis and what it could mean for the future of mass surveillance.
If you’ve got good questions about the intersection of law and ‘metadata’ collection, either leave them here in the comments or ask them live at the Hangout tomorrow.
If you’re not following us on Google Plus, the link is here:
https://plus.google.com/+DefconOrgplus/
Join us, and as always, spread the word.
‘This talk is amazing!’ You say this to yourself (inside voices) while watching someone awesome say and demonstrate awesome things. ‘How does DEF CON consistently pick so many great talks? They must have a team of borderline superheroes slogging through hundreds and hundreds of proposals for months! Who could those paragons of determination and insight BE, exactly? How could I learn their handles and perhaps show my appreciation by buying them many beers?’
Here’s an answer key to these questions you’re asking yourself:
1.)This talk probably is amazing. Not really a question.
2.)Lots of caffeine and eyestrain. Also dedication and love.
3.)They do have a team of borderline superheroes, and there is no DEF CON without them.
4.)They are known as the DEF CON CFP Review Board.
You can check out their page here. And maybe show them some love.
The 10th Annual EFF fundraiser, hosted by Vegas 2.0, has VIP tickets to event on sale now! Get early access to an intimate meet and greet with the Speakers of DEF CON! Also, get special schwag and extra raffle tickets exclusively for VIP guests!
https://www.crowdtilt.com/campaigns/thesummit-10-year-anniversary-vip-tickets
This is it. The speaker list for DEF CON 22 is now locked and complete. This means two things: DEF CON is really almost here, and we are now hard at work creating the Tracks and the Schedule (watch this space, buckaroos). We're very proud of the lineup we've assembled, and we think you will find a lot of good stuff to choose from. Whether you're coming to Vegas or not, we'd love it if you'd take some time to check out the speaker list and give us some feedback about what talks have you the most excited.
55 days, people. Get psyched!
Panel - Diversity in Information Security
Jennifer Imhoff-Dousharm, Sandy “Mouse” Clark, Kristin Paget, Jolly, Vyrus, and Scott Martin
The Cavalry Year[0] & a Path Forward for Public Safety
Joshua Corman and Nicholas J Percoco
Mass Scanning the Internet: Tips, Tricks, Results
Robert Graham, Paul McMillan, and Dan Tentler
Hack All The Things: 20 Devices in 45 Minutes
CJ Heres, Amir Etemadieh, Khoa Hoang, and Mike Baker
Raspberry MoCA - A recipe for compromise
Andrew Hunt
Home Insecurity: No alarms, False alarms, and SIGINT
Logan Lamb
Dark Mail
Ladar Levison and Stephen Watt
Attacking the Internet of Things using Time
Paul McMillan
Open Source Fairy Dust
John Menerick
Generating ROP payloads from numbers
Alexandre Moneger
Panel: Ask the EFF: The Year in Digital Civil Liberties
Kurt Opsahl, Nate Cardozo, Mark Jaycox, Yan Zhu, and Eva Galperin
Panel - Surveillance on the Silver Screen- Fact or Fiction?
Nicole Ozer, Kevin Bankston, and Timothy Edgar
Measuring the IQ of your Threat Intelligence feeds
Alex Pinto and Kyle Maxwell
Secure Because Math: A Deep Dive On Machine Learning-Based Monitoring
Alex Pinto
Detecting and Defending Against a Surveillance State
Robert Rowley
Advanced Red Teaming: All Your Badges Are Belong To Us
Eric Smith and Josh Perrymon
The Internet of Fails: Where IoT Has Gone Wrong and How We're Making It Right
Mark Stanislav and Zach Lanier
Domain Name Problems and Solutions
Dr. Paul Vixie
RED ALERT TOP SECRET WIKI LEAK SN0DEN LEAK GAMMA GAMMA ZF0 P0SSE DOC DROPPER
The previously sooper seekret media.defcon.org server project has leaked out on the twitter and the face book. No use hiding behind our press secretary any longer, It's better to just admit it and let everyone make up their own minds.
WHAT LEAKED? The Dark Tangent is collecting as much open source security conference footage, training materials, podcasts, white papers, videos, and anything else haxors may be interested in. He plans to make it all available at DEF CON 22 in August and let anyone download it, or even direct HD copy it.
WHO LEAKED THIS SECRET PROJECT? The Dark Tangent. Oops.
WHAT NOW? A huge burden has been lifted off of DT and he no longer has to live two lives. He can now focus on getting as much content as possible from the community.
That's where you come in.
HOW CAN I HELP?
Send links to content you think everyone should have access to that is related to the hacking and infosec scene somehow. It can be an rss podcast, a .torrent of academic journals, and ftp link to text files, a web site to mirror full of source code, an svn operating system repository, a YouTube channel, whatever!
Send your links in an email to dtangent@defcon.org, or tweet them to @thedarktangent and he will start the leeching.
HOW DO I GET MY HANDS ON THE DATA?
At DEF CON 22 you will be able to get to the gigs in a couple different
ways. The con Wi-Fi network (at 802.11g speeds), through wired switches on 1 gig links in different areas, or by bringing your own 4TB SATAII or III hard drive(s).
We will have HD duplicators running all con copying drives for people who just want to drop off a drive and pick it up later.
Please help out with links, and we'll see you at con!
Do you think you can code? Do think you can code while drinking? We're not talking about coding in the warm safe confines of your cubicle. No, this is programming for sport. It's live competition, against the clock, and the other teams. And we don't make it easy. Have the smarts to solve our programming challenges? Good. We want you to show us that programming is not only about laying down some sweet sweet code, it's about the style in which you do so. Sound fun? We think it is.
Crash And Compile is a ACM-style programming contest crossed with a drinking game, where teams of two people try to solve as many programming problems as they can. As teams compile and run their programs, each time their code fails to compile, produces the incorrect output, or seg-faults, the team must drink. Meanwhile, our lovely Team Distraction will be doing what they can to make the job of programming while intoxicated all the more difficult and/or enjoyable.
Registration is now open. Sign up over at https://dc22.crashandcompile.org
It’s getting pretty real, people. The speaker selection process is almost complete, the party and event planning is in full swing - DEF CON 22 is just a little over two months away!
To celebrate, another round of speaker announcements. Twenty-five more abstracts to help you create your DEF CON battle plan. We anticipate one more round of announcements before the roster is locked, but by now you should have a pretty good idea how much good stuff we have on tap.
Detecting Bluetooth Surveillance Systems
Grant Bugher
Dropping Docs on Darknets: How People Got Caught
Adrian Crenshaw
Is This Your Pipe? Hijacking the Build Pipeline.
Kyle Kelley and Greg Anderson
Home Automation and Defensive Security Measures
Chris Littlebury
Instrumenting Point-of-Sale Malware: A Case Study in Communicating Malware Analysis More Effectively
Wesley McGrew
Android Hacker Protection Level 0
Tim Strazzere and Jon Sawyer
I am a legend: Hacking Hearthstone with machine learning
Elie Bursztein and Celine Bursztein
Hacking US (and UK, Australia, France, etc.) traffic control systems
Cesar Cerrudo
NSA Playset: DIY WAGONBED Hardware Implant over I2C
Josh Datko and Teddy Reed
Check Your Fingerprints: Cloning the Strong Set
Free and Lachesis
Shellcodes for ARM: Your Pills Don't Work on Me, x86
Svetlana Gaivoronski and Ivan Petrov
Blowing up the Celly - Building Your Own SMS/MMS Fuzzer
Brian Gorenc and Matt Molinyawe
Deconstructing the Circuit Board Sandwich: Effective Techniques for PCB Reverse Engineering
Joe Grand (Kingpin)
Panel: Ephemeral Communications: Why and How?
Ryan Lackey, Jon Callas, and Elissa Shevinsky
NinjaTV - Increasing Your Smart TV’s IQ Without Bricking It
Felix Leder
Catching Malware En Masse: DNS and IP Style
Dhia Mahjoub, Thibault Reuille, and Andree Toonk
Old Skewl Hacking: Porn Free!
Major Malfunction
A Survey of Remote Automotive Attack Surfaces
Charlie Miller and Chris Valasek
Learn how to control every room at a luxury hotel remotely: the dangers of insecure home automation
Jesus Molina
Acquire current user hashes without admin privileges
Anton Sapozhnikov
Impostor — Polluting Tor Metadata
Charlie Vedaa and Mike Larsen
Manna from Heaven: Improving the state of wireless rogue AP attacks
Dominic White and Ian de Villiers
The Open Crypto Audit Project
Kenneth White and Matthew Green
Practical Aerial Hacking & Surveillance
Glenn Wilkinson
The Cyber Grand Challenge asks some simple questions - can you create a fully-automated system to detect, thwart and mitigate network attacks? Can you build one so effective that it can win an all-computer tournament without human intervention? Would you like 2 million dollars?
If you have a great proposal but lack the funds for a 2-year competition, you can pitch DARPA for funding - they’re already backing seven of the registered teams. Teams that survive the quals in June 2015 are eligible to compete in the final tournament at DEF CON in 2016. Grand prize is $2 million dollars.
Competitors will need a dizzying array of skills and an encyclopedic understanding of every form of network kung-fu. They will also need a pretty serious amount of free time, but the winner gets a nice check and an answer to the question of what to put first on a resumé.
We believe that such a team must exist in the DEF CON family. If you think you’re up to the challenge, more information awaits you at the DARPA CGC page.
The DEF CON 22 Short Story Contest is now closed. Time for you to head over to the forums and vote for the People's Choice Awards. You're the people. Get in there. Be somebody.
https://forum.defcon.org/forumdisplay.php?f=796
Hot off the presses - more speaker selections. Several of them are for the DEF CON 101 Track, newly expanded for DC 22 and running all the way through the con. The rest of the presentations listed here fall into the other tracks, and if we do say so ourselves, this is shaping up to be quite the year, hackwise. You’re definitely going to want to make sure you have a seat for some of these. The titles alone should tell you we’re coming correct in 2014.
The Simple Route to Backbone Routers
Luca "kaeso" Bruno and Mariano "emdel" Graziano
Summary of Attacks Against BIOS and Secure Boot
Yuriy Bulygin, Oleksandr Bazhaniuk, Andrew Furtak, and John Loucaides
Saving Cyberspace by Reinventing File Sharing
Eijah
Secure Random By Default
Dan Kaminsky
Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring.
Ryan Lackey and Marc Rogers
Just What The Doctor Ordered?
Scott Erven and Shawn Merdinger
NSA Playset : GSM Sniffing
Pierce and Loki
Don't DDoS Me Bro: Practical DDoS Defense
Blake Self and Shawn "cisc0ninja" Burrell
"Around the world in 80 cons” - A Perspective
Jayson E. Street
The DEF CON 101 track is a series of talks aimed at attendees who are not yet internationally-recognized infosec experts. This is not the n00b track. But if you're interested and engaged in the hacker community, these sessions are right up your alley. From Sysadmins & NOC Jockeys to College Students & IT Professionals, everyone exploring the world of Information Security can expect to feel welcome, not intimidated. We have grouped the sessions by interest area, so you're not spending all day bouncing between talks.
DEF CON 101 - The Talk
HighWiz, Lockheed, Pyr0, Roamer, and LosT
Protecting SCADA From the Ground Up
AlxRogan
Hacking 911: Adventures in Disruption, Destruction, and Death
Christian “quaddi” Dameff, Jeff “r3plicant” Tully, and Peter Hefley
How to Disclose an Exploit Without Getting in Trouble
Jim Denaro and Tod Beardsley
NSA Playset: PCIe
Joe FitzPatrick, Miles Crabill, and Dean Pierce
Oh Bother, Cruising The Internet With Your Honeys, Creating Honeynets For Tracking Criminal Organizations
Terrence Gareau and Mike Thompson
The Monkey in the Middle: A pentesters guide to playing in traffic.
Anch
Investigating PowerShell Attacks
Ryan Kazanciyan and Matt Hastings
Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter!
Jake Kouns and Carsten Eiram
Meddle: Framework for Piggy-back Fuzzing and Tool Development
Geoff McDonald
One Man Shop: Building an Effective Security Program All By Yourself
Medic
Rf Penetration Testing, Your Air Stinks
RMellendick and DaKahuna
Touring the Darkside of the Internet. An introduction to Tor, Darknets, and Bitcoin.
Metacortex and Grifter
USB for All!
Jesse Michael and Mickey Shkatov
ShareEnum: We Wrapped Samba So You Don’t Have To
Lucas Morris and Michael McAtee
An Introduction to Back Dooring Operating Systems for Fun and Trolling
Nemus
Standing Up an Effective Penetration Testing Team
Wiseacre
Data Protection 101 - Successes, Fails, and Fixes
PTzero
Anatomy of a Pentest; Poppin' Boxes like a Pro
PushPin
Practical Foxhunting 101
SimonJ
Blinding The Surveillance State
Christopher Soghoian
Bug Bounty Programs Evolution
Nir Valtman
Client-Side HTTP Cookie Security: Attack and Defense
David Wyde
You’ve had the thought: “DEF CON is super fun, but how much cooler would this be if there was a little corner devoted to my weird niche interest?” ‘From Dusk Til Con’ is your chance to realize that overly specific dream. Got a mini-village idea? Want to run an Inception style Con-within-the Con? Want to play strip Settlers of Cataan? Shoot us your ideas for themed mini-events on the Crawl and we’ll make the best ones happen.
Find out more and how to submit at: https://www.defcon.org/html/defcon-22/dc-22-fdtc.html
The DEF CON 22 CTF Qualifiers are in the books. Challenges were faced, and bested. Points were accumulated. Bedtimes were missed. It’s all over but the paperwork.
So here’s a roundup of writeup links. IF you participated, read and see how other people approached the same problems. If you didn’t, read and get an idea of how the CTF process works and consider signing up next time. You lose 100% of the CTFs you don’t enter.
If you enter, you could still lose 100%. That’s just math. But you’ll have a story. An awesome, glorious, highly technical story to share with the tiny slice of humanity who can understand this sort of thing.
There’s also a bonus link to a GitHub collection that looks like it might end up pretty comprehensive.
https://hackucf.org/blog/category/writeups/defcon-quals-2014-writeups/
http://blog.spiderlabs.com/2014/05/defcon-22-ctf-qualifiers-writeup.html
http://balidani.blogspot.com/2014/05/def-con-quals-2014-100lines-writeup.html
http://ahack.ru/write-ups/defcon-quals-14.htm
http://zepvn.com/blog/defcon-ctf-quals-2014-100lines.php
http://zepvn.com/blog/defcon-ctf-quals-2014-byhd.php
http://sigint.ru/writeups/2014/05/19/defcon-2014-quals---zombies/
http://sigint.ru/writeups/2014/05/18/defcon-2014-quals--polyglot/
http://endgame.com/blog/defcon-capture-the-flag-qualification-challenge-1.html
https://github.com/ctfs/write-ups/tree/master/def-con-ctf-qualifier-2014
T minus 3 hours - DEF CON 22 CTF Qualifications are upon us! To read up on the setup for this year, you can check out the Legitimate Business Syndicate blog:
The road to glory begins here. We at DEF CON applaud all of the brave warriors who've accepted the CTF challenge. Godspeed. May the odds be ever in your favor.
Don’t look now, but it’s already the middle of May. DEF CON 22 is just over the horizon, a little less than three months away. Preparations are in high gear.
Today, we bring you more talks - 15 more, to be exact. You can check out the abstracts and speaker bios on the DC22 speaker page. We think you’ll like the choices - there’s everything from shortwave radio steganography to mischief with car firmware.
There’s more coming, of course, so keep checking back with our speaker page as we flesh out the roster.
https://www.defcon.org/../defcon-22/dc-22-speakers.html
The new selections are:
The Secret Life of Krbtgt
Christopher Campbell
The $env:PATH less Traveled is Full of Easy Privilege Escalation Vulns
Christopher Campbell
Why Don’t You Just Tell Me Where The ROP Isn’t Suppose To Go
David Dorsey
Steganography in Commonly Used HF Radio Protocols
Paul Drapeau and Brent Dukes
Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What's Running on Your System
Shane Macaulay
The NSA Playset: RF Retroreflectors
Michael Ossmann
Attacking to Cisco Hosted VoIP Networks
Fatih Ozavci
Abusing Software Defined Networks
Gregory Pickett
Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance
Dr. Phil Polstra
You're Leaking Trade Secrets
Michael Schrenk
Zends Dead baby
Dr Steven Seeley
I Hunt TR-069 Admins: Pwning ISPs Like a Boss
Shahar Tal
Optical Surgery; Implanting a DropCam
Patrick Wardle and Colby Moore
PoS Attacking the Traveling Salesman
Alex Zacharis
Playing with Car Firmware or How to Brick your Car
Paul 0x222
We’re hard at working choosing the best of the CFP submissions, and today we have five more confirmations to announce. Watch this space for more speaker announcements in the coming weeks. It’s shaping up to be a pretty fascinating roster.
Getting Windows to Play with Itself: A Hacker's Guide to Windows API Abuse
Brady Bloxham
Girl… Fault-Interrupted.
Maggie Jauregui
Elevator Hacking - From the Pit to the Penthouse
Deviant Ollam, Howard Payne
Hacking the FBI: How & Why to Liberate Government Records
Ryan Noah Shapiro
The Only Way to Tell the Truth is in Fiction: The Dynamics of Life in the National Security State
Richard Thieme
You can watch the conference taking shape on the DEF CON Speaker Page:
https://defcon.org/html/defcon-22/dc-22-speakers.html
Congratulations to the winners of the DC 22 Art Contest:
1st Place: Alice in Hackerland by Tess Schrodinger
2nd Place: Helicopter Parents Weren’t This Bad by Amit Yehuda
3rd Place: Bleed by Joey Strine
People’s Choice: Alice in Hackerland by Tess Schrodinger
And of course, thanks to everyone who submitted work. There is no end to the hidden talents of the DEF CON massive. You can check out the winning artwork on the DC Art Contest page:
https://defcon.org/html/defcon-22/dc-22-artwork-contest.html
And a gallery of all the entries at:
https://www.facebook.com/media/set/?set=a....
Also, don’t let the contest ending stop you - if you have the urge to create some on-theme artworks between now and the show, we’d be happy to share them with the world. You won’t win anything beyond our love and gratitude, but that’s not exactly nothing.
The DEF CON 22 art contest has closed, and it’s time to start picking the winners. In the ‘People’s Choice’ category, that means it’s time for YOU to cast a vote. Check out the Artwork Contest Entries Gallery on Facebook and cast a ‘Like’ for your favorite.
The winner gets free admission to DC22, $25 credit at the Swag Booth and inky immortality in the DC22 printed program, so it’s kind of a big deal. The theme was ‘Behind the Curtain’, and the winning work should in some way capture the sense of the hidden world behind the world that is seen. Cast your votes wisely.
And as always, we thank everyone who participated in this year’s contest. If you didn’t submit and you’re feeling a little jelly, we offer the wise words of Socrates, who said to his students, “He is not wise who playa-hates; the truly wise participate. This mimosa is terrible.”
Attention Entreprenerds!
DEF CON 22’s Vendor Area is a great opportunity to get your geek-centric product in front of a highly focused, upwardly mobile and possibly drunk audience of over 10,000 vacationing tech enthusiasts. Share your business with people passionate about technology, make sales, even make friends.
To sign up, head over to the vendor site, read the FAQ and get the forms filled out. Don’t delay - August is closer than you think.
Friendly reminder - the DEF CON 22 CFP closes in two short weeks. Your submission has to be in by May 1. It’s go time, people.
To see what we’ve accepted so far, you can check the speaker page:
https://www.defcon.org/html/defcon-22/dc-22-speakers.html
The rules and regulations are here:
https://www.defcon.org/html/defcon-22/dc-22-cfp.html
If you’ve got a great idea, put it in the ring. You can’t win if you don’t play.
It's official. CON season is really upon us.
DEF CON HQ is proud to announce the first round of accepted speakers! Take a look, let us know what you think and what you're looking forward to most. We'd also love it if you kept your eye on the speaker page, because we'll be posting the rest of the accepted speakers as they are selected. On the speaker page you can watch DEF CON 22 taking shape, and you can weigh in here or @defcon.
We think you're gonna like the choices so far. Get excited - the countdown has begun!
The Social Engineering Capture the Flag contest is back for DEF CON 22 - this time with a Tag Team Twist! Spread the word and get signed up if you're ready to test your SE skills in Vegas!
Our community never fails to amaze. With no prompting from anyone, Eddie the Yeti has been making these beautiful portraits of DEF CON's better known faces and sharing them with the subjects.
He makes them with materials like soy sauce and coffee, wine and lime juice. He makes them insanely fast, but he still manages to get across the best of the subject's personality.
Check out his Faces of DEF CON series on DeviantArt. Check out the rest of his work, too. He's as good an advertisement as there could be for why you should come hang out with us in the desert. Brilliant, generous and doing it for the love.
Thanks, Eddie.
http://eddietheyeti.deviantart.com/gallery/
Pilgrim, another DEF CON regular, has made a tribute site to the series as well, at
Good news, everyone!
It’s hard to believe, but we’re already two-thirds of the way to DEF CON 22.
As we come down the home stretch, the DEF CON 22 site will be your one-stop information center for everything DC22. We’ll be constantly updating the site with talks, contests, events, entertainers and announcements to help you get the most out of your con.
Throw us a bookmark and keep checking back. Make us a regular part of your balanced media breakfast, and we’ll keep you up to date on everything you need to know.
Good news, everyone!
Registration for the DEF CON 22 CTF season is open! To accomodate international competitors, the qualifying weekend has been moved to May 17-19.
It is time to assemble your champions. Sharpen them to a fine point. The doors to the arena open May 17. Fortune looks kindly upon boldness and skill. Failing those, she also seems pretty okay with treachery and subversion.
The information you require can be found at https://blog.legitbs.net/ . You can register at https://2014.legitbs.net/.
Step forward and meet your destiny.
Got an idea for a game-changing contest or event? Maybe you have the expertise to run a village on a compelling topic we've overlooked? This is your moment. Submit your idea on the DEF CON CnE website - we'll partner up with the best ideas and help make them happen.
The rules and guidelines are available on the CnE website. Check them out, and get yourself involved. We look forward to hearing your ideas.
We know that art takes time. We know that artists like to paint themselves into deadline corners, waiting until the last minute for inspiration to strike. If that's you, please bear in mind that the minutes run out in about two weeks. If you want to have your work considered for the contest, it has to be in to us by April 10. No exceptions.
Also, if you know a creative soul who might enjoy the opportunity, be sure to share this with them. We'd really love to showcase a lot of cool work this year.
Relevant data is all here:
https://defcon.org/html/defcon-22/dc-22-artwork-contest.html
For the 4th year, 'Be the Match' is returning to DEF CON. It's your opportunity to register as a Bone Marrow Donor, and maybe someday save a life. There are lots of ways to hack your body, but this one doesn't slow you down at airports or make you look sketchy.
It also makes you kind of a hero.
To find out more about how 'Be the Match' works, you can check them out at these links:
Twitter: @bethematch
Facebook: https://www.facebook.com/BeTheMatch
The InterTubes: http://bethematch.org/
The theme of this year's art contest is "Behind the Curtain". Secrets. Lies. Alibis. The magic shades in 'They Live'. The world behind the world, where all the hidden gears are turning. The code and subterfuge employed by the adept to sneak knowledge past the sleeping and the uninitiated.
Cool, right? If you can put together a jaw-dropping variation on that theme in the next 30 days, prizes and glory could be yours. Free admissions to DEF CON 22, credit to burn on DEF CON Swag, maybe even a T-shirt with your art on it.
There are Categories and Rules, of course. And a Deadline. All of these are important. These things make it a contest. But you, my undercover artist friend, you make it epic. Pencils up and good luck.
If you're a musical performer, a DJ or an ambient Esperanto slam poet* who dreams of performing at DEF CON, this is your moment. We're beginning to select music acts for DEF CON 22, and we might very well need YOU.
Extra slots for Chillout/Ambient/Downtempo types this year, so you lower-BPM types should make sure to apply.
Your road to rocking DEF CON starts with reading the rules.
https://forum.defcon.org/showthread.php?t=13776
Then, if you think you have what it takes to entertain the DEF CON massive, fill out this form. https://docs.google.com/forms/d/1N0K...jAIWk/viewform
*I'm pretty sure I made that up, but I would be happy to be proved wrong. I will make you a Facebook star.
Continuing the tradition of recognizing strong performance in Capture The Flag events through the year, Legitimate Business Syndicate is proud to announce the following events as DEF CON 22 CTF pre-qualification events:
Twelve more spots will be available to teams wishing to play at the DEF CON 22 Capture The Flag through our own open qualifiers, hosted May 17-May 19.
All qualifying teams will receive eight "Human" badges for admission to DEF CON 22 this year, as well as two hotel rooms at the Rio Las Vegas, for the duration of the event.
Sure, you know that DEF CON 22 rolls around August 7-10, 2014. Everyone knows that. But do you know the dates for DEF CON 23? DEF CON 24?
Probably not, because we're announcing it right now. DEF CON 23 will be August 6-9, 2015, and DEF CON 24 will be August 4-7, 2016.
Now you know. And knowing is half the battle.
When we announced the discount room rates for the Rio last month, there was some kind of glitch in the Matrix. The first 200 signups were granted a rate even lower than our block rate. The Keymaker at the Rio has agreed to honor this rate for those lucky registrants. He had the Architect explain it to me, but he droned on so long I lost the plot. What I can confirm is that the 200th registration was reached, the anomaly was smoothed over and real-world rates have returned.
As ever, Fortune favors the bold.
The corrected rate (based on occupancy of up to three per room and taxed at 12%) is:
Sunday -Thursday $119.00
Friday & Saturday $129.00
They charge an extra $30 a night if you add a fourth. Sometimes it's worth it. We don't judge.
Even that rate won't last long – the DEF CON block is about 40% sold. To book now and get the block rate, follow this link. See how deep the rabbit hole goes.
Got something cool to share on the DEF CON network during DC22? Could be almost anything - a game, a stash of vintage K-Rad textfiles, whatever you think Con goers might wanna download. Submit your idea online, and if it's approved you'll get a couple of bonded gig ports and some promotion in the program and on the site. Sharing is kinda our thing - and we're counting on you to add some fun content. Apply today. Operators are standing by.*
* actual operator count may be as low as zero.
We're starting up a presence on G+. We've got some interesting plans for the specific technologies they employ over there. If you're on G+ (and you probably are), come on over and add us to your circles. We can be found at https://google.com/+DefconOrgplus.
Can't stop, won't stop! New playlist up on YouTube, this time the entirety of DEF CON 14. Over 80 presentations. You can fire it up right now and be edutained for the next two weeks or so.
We'd love it if you'd share the knowledge with anyone you think might benefit. Like, share and be merry.
Re-live all DEF CON 15 had to offer on our YouTube channel, we have a new playlist posted for your enjoyment!
For those who aren't aware, DC101 is a Thursday event, a kind of combination Opening Ceremonies/Orientation MiniCon. The talks accepted are loosely engineered to acclimate you to DEF CON proper and to help you maximize your DC experience. You can get a look at the talks that were accepted last year at this link:
https://forum.defcon.org/showthread.php?t=13377
The rules for the CFP are here:
http://www.defcon101.org
.
The DEF CON Short Story Contest is back, and it's already open! No excuses - you have from now until the first of June to get your story in for the chance to win some cool prizes and get your story shared with the whole DC community. Four months to shape your hacker lit masterpiece. Make us proud.
The rules and regulations are all available in the Short Story Contest thread on the DC Forums.
Good News! Audio from all the presentations at DEF CON 21 is now available as a podcast for those who prefer their DEF CON goodness in a smooth, iTunes-digestible format. Lyric files included on the house. Enjoy and spread the word!
The direct link to the podcast is https://www.defcon.org/podcast/defcon-21-audio.rss
It's that time again folks! Polish up those ninja caliber proposals, because The DEF CON Call for Papers is now officially open! Read the announcement and find out what's new, then fill out the CFP form and start down the road to DEF CON glory! Good luck!
Hear the sweet sounds of hackers imparting their knowledge in the DEF CON 21 audio speeches, now available for download on the DEF CON Media Server, The DEF CON 21 Archive page, or all at once with this handy torrent:
https://www.defcon.org/html/torrent/DEF CON 21 audio.torrent
Also included, and new this year, are .lrc format transcripts which can be used as lyrics files for the audio, Enjoy!
We have seen DC 21 come and go, and after a little rest we all have begun preparing
ourselves for DC22. Since we have 7 months until we all meet again in Vegas, I have
prepared a fun contest to help you pass the time.
Plus, if you win, you and your team mates will get free badges (8 free badges for 1st,
4 free badges for second) to help offset the costs of attending DC22!
Have fun and happy hacking!
-blak
Read all about the 2014 DEF CON Groups Challenge!
Did you miss DEF CON 21? Do you have a ridiculous amount of hard drive space and like to keep large archives of hacking knowledge? At long last, all of the DEF CON 21 speeches can be found on the DEF CON 21 Archive page, The DEF CON Media Server, or downloaded en masse at these torrents:
https://www.defcon.org/html/torrent/DEF CON 21 video and slides.torrent
https://www.defcon.org/html/torrent/DEF CON 21 slides.torrent
For the fist time ever, we have transcripts of the talks! Use them for closed captioning, read them, or if you are feeling saucy, translate them to other languages and be sure to let us know!
Enjoy!
For those of you that want to get a jump on DEF CON 22, you can now book your room for DEF CON 22 at our discounted rate! Register now and save! We have a special discount for the first 200 reservations made in the DEF CON block. There are still a few left, so jump in now and stay at our host venue for the full DEF CON Experience!
Legitimate Business Syndicate has announced their intention to return as organizers of the Capture the Flag competition! Check out their DEF CON 22 CTF Announcement blog post!
We would like to wish all hackers, geeks, techs, nerds, makers, phreaks, engineers, privacy and security folks the world over a Happy New Year!
2014 will be a year of security battles, with more companies responding to news of their products being used in mass monitoring. Now is the time to get involved!
The IETF is working on the possibility of HTTP 2.0 requiring TLS always, dramatically encrypting more of the Web. Why wait?
You guys get the idea. Make a resolution to up your defense game in 2014 to make life more difficult for all who would eavesdrop on us - for whatever reason.
Oh, and Hack the Planet™
Just in time for the holidays, we have a long awaited Christmas/Hanukkah/Kwanzaa/Festivus/Solstice/etc. gift for all of you! You can now watch all of the DEF CON 21 talks on YouTube, with or without closed captioning! That's right, go ahead and stream all the hacker-y goodness from this year's DEF CON with your favorite holiday beverage in front of a warm fire! Happy Holidays from all of us at DEF CON!
Well here it is, the biggest one yet! Complete packet captures from Saturday at the DEF CON 21 Capture the Flag competition are now available for torrent! This is a huge one folks, compressed down to 35 gigs from 495, so get those hard drives cleared out and ready!
If you can, leave them seeding for a bit to share the love!
All of you CTF-ophiles out there, rejoice! Complete packet captures from Sunday at the DEF CON 21 Capture the Flag competition are now available for torrent! Sift through all the data and peer at the inner workings of the contest!
Here's something to be thankful for! We've now posted the complete DEF CON 16 speeches on YouTube to watch at your leisure! Enjoy!
You can now stream all the videos from DEF CON 17 that your heart desires on YouTube, the latest installment to our channel! Enjoy!
Service on the DEF CON Forums has been suspended due to a 0-day exploit in the wild which could compromise user information. We are sorry for the inconvenience. Check out https://forum.defcon.org/ for links to more info, and to see the super-shark-fin sad cat.
Check out this recent article from CNBC on the DEF CON 21 CTF Competition! http://www.cnbc.com/id/101179977/page/1
DEF CON 18 Presentations have been added to the DEF CON YouTube! If you're looking for a laugh, Zoz's presentation will cheer you up. https://www.youtube.com/watch?v=Jwpg-AwJ0Jc&list=PL9fPq3eQfaaC26TgwyDg2Db-m5E7jRRbj
DEF CON 19 videos are now live on YouTube for your streaming pleasure. We hope you enjoy these videos, and if you do please "like" them. Comments are open, so feel free to leave feedback, or start a conversation.
The massive upload has begun! We are currently in the process of uploading all of the DEF CON video from past years to our YouTube Channel, and we begin with DEF CON 20! We're getting them up en masse and processed as we speak, and will be releasing them as we finish each show. Next up will be DEF CON 19. We hope you will enjoy them!
DEF CON 20 Presentations - Video + Slides playlist on Youtube
The team over at Legitimate Business Syndicate is getting a jump on things for DEF CON 22, and have announced their tentative dates for the 2014 CTF Quals! The 2014 Quals will be held Midnight May 17 to Midnight May 19, 1400284800 to 1400457600. Keep an eye on https://legitbs.net for all of their updates, and for links to the LegitBS Blog and twitter feed!
Have you never been to DEF CON or just want to re-live the precious memories from DEF CON 21? If so, we've posted some picture collections on media.defcon.org at:
https://media.defcon.org/DEF CON 21/DEF CON 21 Hacking Conference Pictures Collection 1/
https://media.defcon.org/DEF CON 21/DEF CON 21 Hacking Conference Pictures Collection 2/
If you are of the torrenting sort, you can siphon them down all at once at:
https://www.defcon.org/html/torrent/DEF CON 21 pictures 1.torrent
https://www.defcon.org/html/torrent/DEF CON 21 pictures 2.torrent
Enjoy!
Legitimate Business Syndicate has been gracious enough to provide us with complete packet captures from the DEF CON 21 Capture the Flag contest! A big thanks to them and all the great teams who participated! Here is the first batch of those pcaps, all the traffic from Friday at the con. Saturday and Sunday's will be soon to follow so keep your eyes peeled!
They were also so kind as to include the tools and binaries from the game, which we have also included in a handy torrent file!
You can always find write-ups, file collections, and history of the DEF CON Capture the Flag competition on our CTF Page! Enjoy!
For all of you fine folks out there, we have lovingly compiled the speaker's slide decks and extras from the con CD into the DEF CON 21 Materials RSS feed for your enjoyment! Not only that, but it includes all the updates submitted by the speakers since the con, so you'll have all the latest research! So check it out and grab the stuff you are interested in!
Alternatively, if you just gotta have it all sitting on a hard drive awaiting your whim, We have also posted a torrent and direct download link to the Updated Conference CD!
We've also updated a couple of the large collection torrents, one for the DEF CON CD/DVD collection from all the shows to reflect the addition of DEF CON 21, and another for the Hacker Related Documentaries with the addition of DEF CON: The Documentary.
Check out the following links and enjoy!
DEF CON 21 Hacking Conference Updated CD (Final)
https://www.defcon.org/html/torrent/DEF CON 21 updated hacking conference CD.rar.torrent
https://media.defcon.org/DEF CON Conference CD DVD/DEF CON 21 Updated Hacking Conference CD.rar
DEF CON 21 Hacking Conference Presentations (These are all the presentations
from the speakers, but not the extras folder)
https://www.defcon.org/html/torrent/DEF CON 21 presentations.torrent
https://media.defcon.org/DEF CON 21/DEF CON 21 presentations/
UPDATED Collection of conference CD and DVDs - Now includes DEF CON 21
original and updated CDs
https://www.defcon.org/html/torrent/DEF CON Conference CD DVD Collection 2013.torrent
https://media.defcon.org/DEF CON Conference CD DVD/
UPDATED: Hacking Documentaries hosted at DEF CON - Now includes the DEF CON
Documentary and sneak peek
https://www.defcon.org/html/torrent/DEF CON Hosted hacking related documentaries v2.torrent
https://media.defcon.org/Hacking Related Documentaries/
This may be old news to some of you, but we've noticed a lot of questions in the comments from the last few Facebook posts about where past DEF CON Content resides. We have several outlets:
https://media.defcon.org is a directory browsable repository for all of our past content.
https://www.defcon.org/html/links/dc-torrent.html for all of our torrent files. These are the huge collections for all-at-once downloading.
https://www.defcon.org/html/links/dc-archives.html is a portal to our archive pages by year.
These include audio, video, CTF files, artwork and a ton more! So if you didn't know, now you do. Pick your poison and enjoy!
