Materials Available Here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Evilrob-Xaphan-TLS-Canary-Keeping-Your-Dick-Pics-Safer.pdf Canary: Keeping Your Dick Pics Safe(r) Rob Bathurst (evilrob) Security Engineer and Penetration Tester Jeff Thomas (xaphan) Senior Cyber Security Penetration Testing Specialist The security of SSL/TLS is built on a rickety scaffolding of trust. At the core of this system is an ever growing...

And That's How I Lost My Other Eye: Further Explorations In Data Destruction Zoz Robotics Engineer and Security Researcher How much more paranoid are you now than you were four years ago? Warrantless surveillance and large-scale data confiscation have brought fear of the feds filching your files from black helicopter territory into the mainstream. Recent government snatch-and-grabs have run the gamut from remotely imaging foreign servers to straight up domestic coffeeshop muggings, so if you...

Seeing through the Fog Zack Fasel Urbane Security Yes. “The Cloud” (drink). Even though many of us would much like to see use of public clouds decline, they’re not going away any time soon. And with such, a plethora of companies now have revolutionary new solutions to solve your “cloud problems”. From crypto to single sign on with two step auth, proxies to monitoring and DLP, every vendor has a solution, even cloud based for the cloud! What we haven’t seen is much of an open source or...

How to Hack Government: Technologists as Policy Makers Terrell McSweeny Commissioner, Federal Trade Commission Ashkan Soltani Chief Technologist, Federal Trade Commission As the leading federal agency responsible for protecting your privacy rights online, technology is at the core of the Federal Trade Commission's work. You may be familiar with the agency's enforcement actions against some of the world's biggest tech companies for privacy/data security violations - but you may not know how...

Abusing native Shims for Post Exploitation Sean Pierce Technical Intelligence Analyst for iSIGHT Partners Shims offer a powerful rootkit-like framework that is natively implemented in most all modern Windows Operating Systems. This talk will focus on the wide array of post-exploitation options that a novice attacker could utilize to subvert the integrity of virtually any Windows application. I will demonstrate how Shim Database Files (sdb files / shims) are simple to create, easy to install,...

Medical Devices: Pwnage and Honeypots Scott Erven Associate Director, Protiviti Mark Collao Security Consultant, Protiviti We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to take it to the next step in an attack and gain remote administrative access to these critical life saving devices? We will discuss over 20 CVEís Scott has reported over the last year that will demonstrate how an attacker can gain remote administrative access to...

When IoT attacks: hacking a Linux-powered rifle Runa A. Sandvik Michael Auger TrackingPoint is an Austin startup known for making precision-guided firearms. These firearms ship with a tightly integrated system coupling a rifle, an ARM-powered scope running a modified version of Linux, and a linked trigger mechanism. The scope can follow targets, calculate ballistics and drastically increase its user's first shot accuracy. The scope can also record Audio and audio, as well as stream Audio to...

HamSammich – long distance proxying over radio Robert Graham Erratasec.com David Maynor Erratasec.com The ProxyHam talk was mysteriously canceled. However, it’s easy to replicate the talk from the press coverage. In this talk, we propose “HamSammich”, creating a point-to-point link in order to access WiFi from many miles away, as a means to avoid detection. We show how off-the-shelf devices can be configured to do this for less than $200. After demonstrating the working system, we’ll talk...

Hacking the Human Body/brain: Identity Shift, the Shape of a New Self, and Humanity 2.0 Richard Thieme Author and Professional Speaker, ThiemeWorks This presentation is beyond fiction. Current research in neuroscience and the extension and augmentation of senses is proceeding in directions that might sound to a twentieth century mind like science fiction. Progress is rapid but unevenly distributed: Some is directed by military, intelligence and corporate interests but beyond their concerns,...

Insteon' False Security And Deceptive Documentation Peter Shipley Security Researcher Ryan Gooler Insteon is a leading home automation solution for controlling lights, locks, alarms, and much more. More than forty percent of homes with automation installed use Insteon. For the last fifteen years, Insteon has published detailed documentation of their protocols—documentation that is purposely misleading, filled with errors, and at times deliberately obfuscated. As my research over the last...

ThunderStrike 2: Sith Strike Trammel Hudson Vice President, Two Sigma Investments Reno Kovah Co-founder, LegbaCore, LLC Corey Wallenberg Co-Founder, LegbaCore, LLC The number of vulnerabilities in firmware disclosed as affecting Wintel PC vendors has been rising over the past few years. Although several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform. Interestingly, when contacted with the details of previously...

Licensed to Pwn: The Weaponization and Regulation of Security Research Jim Denaro Dave Airtel Matt Blaze Nate Cardozo Mara Tam Catherine “Randy” Wheeler Security research is under attack. Updates to the Wassenaar Arrangement in 2013 established among its 41 member nations an agreement to place a variety of previously undesignated “cybersecurity items” under export control. After 18 months and a half-dozen open advisory meetings, the U.S. has taken the entire security research community by...

Let’s Encrypt - Minting Free Certificates to Encrypt the Entire Web Peter Eckersley Electronic Frontier Foundation James Kasten Electronic Frontier Foundation Yan Zhu Electronic Frontier Foundation Let’s Encrypt is a new certificate authority that is being launched by EFF in collaboration with Mozilla, Cisco, Akamai, IdenTrust, and a team at the University of Michigan. It will issue certificates for free, using a new automated protocol called ACME for verification of domain control and...

Presenting the results and awards for the DEF CON 23 Contests and Events.

Who Will Rule the Sky? The Coming Drone Policy Wars Matt Cagle Technology and Civil Liberties Policy Attorney, ACLU of Northern California Eric Cheng General Manager, DJI SF and Director of Aerial Imaging, DJI Your private drone opens up limitless possibilities – how can manufacturers and policymakers ensure you are able to realize them? As private drone ownership becomes the norm, drone makers and lawmakers will need to make important policy decisions that account for the privacy and free...

How to Hack a Tesla Model S Marc Rogers Principle Security Researcher for CloudFlare Kevin Mahaffey CTO of Lookout Inc The Tesla Model S is the most connected car in the world. It might surprise you to hear that it is also one of the most secure. In this talk we will walk you through the architecture of a Tesla Model S noting things that Tesla got right as well as identifying those that they got wrong. From this talk you will get an intimate understanding of how the many interconnected...

Investigating the Practicality and Cost of Abusing Memory Errors with DNS Luke Young Information Security Engineer, Hydrant Labs LLC In a world full of targeted attacks and complex exploits this talk explores an attack that can simplified so even the most non-technical person can understand, yet the potential impact is massive: Ever wonder what would happen if one of the millions of bits in memory flipped value from a 0 to a 1 or vice versa? This talk will explore abusing that specific...

Pivoting Without Rights – Introducing Pivoter Geoff Walton Senior Security Consultant for Cleveland-based TrustedSec Dave Kennedy (ReL1K/HackingDave), founder of TrustedSec and Binary Defense Systems One of the most challenging steps of a penetration test is popping something and not having full administrative level rights over the system. Companies are cutting back on administrative level rights for endpoints or how about those times where you popped an external web application and were...

RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID Francis Brown Partner - Bishop Fox Shubham Shah Security Analyst at Bishop Fox Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF - 13.56 MHz) and Ultra-High Frequency (UHF – 840-960 MHz). This includes Near Field Communication (NFC), which also operates at 13.56 MHz and can be...

Materials Available Here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Damon-Small-Beyond-the-Scan.pdf Beyond the Scan: The Value Proposition of Vulnerability Assessment Damon Small Security Researcher Vulnerability Assessment is, by some, regarded as one of the least “sexy” capabilities in information security. However, it is the presenter’s view that it is also a key component of any successful infosec program, and...

Materials Available Here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-DaKahuna-Satanlawz-Introduction-to-SDR-and-Wifi-Village.pdf Introduction to SDR and the Wireless Village DaKahuna satanklawz In many circumstances, we all have to wear different hats when pursuing hobbies, jobs and research. This session will discuss the exploration and use of software defined radio from two perspectives; that of a security...

Materials Available Here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Tottenkoph-IrishMASMS-Hackers-Hiring-Hacker.pdf Hackers Hiring Hackers - How to Do Things Better Tottenkoph Security Consultant, Rapid7 IrishMASMS Hacker There are a lot of talks about how to be a better pen tester and workshops that show you how to use all of the cool new tools that are available to make our jobs easier, but there are only a few...

Responsible Incident: Covert Keys Against Subverted Technology Latencies, Especially Yubikey LosT We're no strangers to love You know the rules and so do I A full commitment's what I'm thinking of You wouldn't get this from any other guy I just wanna tell you how I'm feeling Gotta make you understand Never gonna give you up Never gonna let you down Never gonna run around and desert you Never gonna make you cry Never gonna say goodbye Never gonna tell a lie and hurt you LosT also runs the...

Materials Available Here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Phil-Polstra-Hacker-in-the-Wires.pdf Extras here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Phil-Polstra-Extras.rar Hacker in the Wires Dr. Phil Polstra Professor, Bloomsburg University Additional Materials available here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Phil Polstra/Extras/ This...