Selezione di News della StephenSoftware
CANALI da: DEF CON Announcements!

Attualità
Alice RSS
Defcon16

Computer
Alice RSS

Giornali/Notizie
Alice RSS
Repubblica.it

Informatica
HTML.it
PC - facile
Punto Informatico
Punto Informatico Download
Punto Informatico Hardware
Punto Informatico Telefonia
Risorse.net

Spettacolo
Alice RSS

Telefonia
Alice RSS
Pianeta Cellulare
DEF CON 25 Privacy Playlist image

Another batch of DEF CON 25 talks for your weekend perusal, this time focused on Privacy and pulled from the main speaking track at DEF CON. For those you who can’t get enough presentations on this subject, rest assured that the presentations from the DEF CON 25 Crypto and Privacy Village will follow next week.

The menu:

Cooper Quintin and Kashmir Hill - The Internet Already Knows I’m Pregnant

Jim Nitterauer - DNS: Devious Name Services Destroying Privacy & Anonymity w/o consent

Peyton Engel - Learning about Government Surveillance Software

Roger Dingledine - Next Generation Tor Onion Services

Richard Thieme - When Privacy Goes Poof! Why It's Gone and Never Coming Back

Tess Schrodinger - Total Recall Implanting Passwords in Cognitive Memory

Weston Hecker - Opt Out or Deauth Trying! AntiTracking Bots & Keystroke Injection

Block out some time, get yourself some hot cocoa and enjoy. As always, spread the love and share the content.

More to come. Stay tuned.


DEF CON 25 IoT Playlist image

Hacktober begins. The unleashing of the videos from DEF CON 25 has been initiated.

Today, we have a themed playlist of 15 IoT-centered videos, from the main tracks and the IoT Village alike. Prepare to have your commitment to workplace productivity tested. Enjoy them, be mentally embiggened by them, and share them widely before the DVR botnets swamp us all.

Watch this space for more playlists. It’s all happening.

Happy Hacktober to all.


DEF CON 25 voting forum image

Here's the C-SPAN coverage from the aformentioned Atlantic Council event, enjoy!


DEF CON 25 voting machine image

Today at a Washington DC event hosted by the Atlantic Council, the long-awaited DEF CON 25 Voting Village Report was released. You can even watch the presentation live on CSPAN 2 - The Dark Tangent is headlining the event!

During the weekend of DEF CON 25, every single device in the Voting Village was compromised. The report we’re releasing today gives a glimpse into how much we were able to discover in only a few days. Any committed threat actor would devote vastly more time and resources, and we believe that democratic governments must treat the security of election systems with the same rigor and investment as they do their borders.

We entered into this experiment as a non-partisan public service, believing that discussion about solutions has to start with a realistic assessment of what needs fixing. The DEF CON community has a lot of talent in that kind of work, and we saw a way we could contribute.

We would like to thank everyone who joined us in the Voting Village to test the machines, everyone who collaborated on the report, the Atlantic Council for helping us share the results and the Library of Congress for granting an easement of the DMCA provisions that would have blocked this research. This project is a great example of government making room for independent researchers to bring their talents to an issue that matters to all of us. Here’s hoping there will be more success stories like this one.


DEF CON LegitBS Vito image

Vito from the Legitimate Business Syndicate has started blogging about the experience of running the past five (stellar) DEF CON CTF Contests.

Recommended read for anyone interested in CTF, especially anyone considering responding to our call for CTF Organizers. LBS is top-shelf, and if you’re going to learn, they’re the kind of teachers you want.


DEF CON 25 Capture the Flag call image

After five years of exemplary stewardship of the DEF CON CTF, the shadowy masterminds of the Legitimate Business Syndicate are ready to retire to the shore house. However, whenever life closes a door, hackers jimmy open a window. LegitBS will be missed, but for someone out there a giant opportunity has just opened up.

We know some of you have genius ideas for making your own mark on the world’s premiere CTF competition, we want your proposal. In return for your fresh blood and fanatical devotion, we offer eternal geek glory and a place in the pantheon next to LegitBS, DDTEK, Kenshoto and the all theheroes who have made this contest their own.

There’s a lot you’ll need to know to submit, and you can read all about it on our CTFCFO page.

For inspiration, check out this Mega-panel of previous CTF organizers from DEF CONs past, courtesy of DEF CON 25.

If you’re ready to graduate from the combat arena to the control room, get your ideas together and let’s make some magic. Valhalla awaits.


DEF CON 25 wardle image

Frequent DEF CON speaker and OSX security guru Patrick Wardle drops some 0day on the eve of Apple’s macOS rollout. 0day with plaintext password exfiltration.

A little more of Patrick’s excellent work from DEF CON 25 - his presentation on OSX Fruitfly.


DEF CON 25 link roundup image

The #votingvillage we introduced at DEF CON 25 is still in the News - mainly because it’s being cited as one of the driving forces behind a growing shift in attitudes about the security of ballot machines.

In Virginia, the State Board of Elections voted to decertify it’s touchscreen voting machines in time for the November gubernatorial election, and one of the reasons given was the discoveries at DEF CON. We’re hoping for increased focus on security and accountability in our voting systems, and we are pleased to see the subject getting broader attention.

https://www.washingtonpost.com/local/virginia-politics/virginia-scraps-touch-screen-voting-machines-as-election-for-governor-looms/2017/09/08/e266ead6-94fe-11e7-89fa-bb822a46da5b_story.html?utm_term=.bf3f8eb32228

https://www.theregister.co.uk/2017/09/11/virginia_to_scrap_touchscreen_voting_machines/

https://www.usnews.com/news/best-states/virginia/articles/2017-09-08/virginia-bans-certain-voting-machines-over-hacking-concerns

There’s also a very informative episode about DEF CON by the fine people who do all the ‘How Stuff Works’ podcasts. The first half is devoted to a thorough explanation of DC history and the second half is an interview with the wonderful Shannon Morse (@Snubs) about her experiences there as a human and in her professional capacities as a vendor and journalist. It’s from their TechStuff series and it’s worth a listen, especially if you’re new to the community.

http://shows.howstuffworks.com/techstuff/the-def-con-story.htm


DEF CON 25 Soundtrack image

In case you didn't know, the DEF CON 25 Soundtrack is available on Bandcamp as a 'pay-what-you-want' item. All proceeds go directly to keep the exemplary humans at the EFF fighting for the users. So for a modest donation you get dope music from DC25 performers and that warm feeling that only comes from selfless do-goodery.

The DEF CON A&E Team also auctioned off an artist badge for $321. Add that to the current Bandcamp sales of $423.37 and our donation match and you get a current payout to EFF of $1506.

"But the EFF does so much!" you say. "Surely I can still contribute to push that number higher?"

To which we respond, "Yes. Yes you can."

Click that link. Get some tunes. Relive the sounds of DEF CON 25 and toss a little change in the bucket to help the EFF keep cyberspace free.

Do it today, and then make sure to pass it on.


DEF CON 25 Wardle image

Ease into your weekend with another DEF CON 25 early release video! This time it's Patrick Wardle's presentation "Offensive Malware Analysis: Dissecting OSX FruitFly via a Custom C&C Server". It's a quick talk, but there's lots to chew on here.

As always, enjoy and pass it on.


DEF CON 25 cgc image

Take a deep dive into the DEF CON 24 Cyber Grand Challenge with this video from DARPAtv, because what's cooler than autonomous supercomputers battling for supremacy? Clear a little time (it's a bit over 2 hours of analysis) and get yourself educated.


DEF CON 25 DC to DEF CON image

Now we take you way back to July 2017 for a leisurely Q&A with two impressively clued-in congresspeople; Rep. James Langevin from Rhode Island and Rep. Will Hurd from Texas.

Ever wondered if there was such thing as a “hacker-friendly” member of Congress? We found some and convinced them to come to DEF CON so you can meet them too! In this first-of-its-kind DEF CON session, two of the most hacker-friendly Congress critters will join DEF CON for an engaging and interactive session with the security research community.

Join the Atlantic Council’s Cyber Statecraft Initiative for a candid discussion with Representatives Will Hurd (R-TX) and James Langevin (D-RI). The two Congressmen share their thoughts on the latest developments in cybersecurity policymaking on the Hill, exchange ideas, and maybe even answer some of the Congressmen’s questions.

As always, enjoy and pass it on.



DEF CON 25 Plore talk image

DEF CON 25 Bazaliy talk image

Another couple of DEF CON 25 early release videos to brighten up your midweek, in which Plore shows you how 15 bucks and some hacker ingenuity can turn a fancy smart gun back into a regular old dumb gun.

We also have Max Bazaliy's brief but info-dense presentation about the Apple Watch. Max walks through the Watch's vulnerabilities and methods of exploitation and closes with a demo of a jailbreak.

As always, enjoy and pass it on.


DEF CON 25 Press image

The press archive from DEF CON 25 is up for perusal at your leisure. We'll keep adding to it as we find more related stories, and we encourage you to share stories if you find ones we missed.


DEF CON 26 Caesar's Room Block image

We don't usually make this announcement anywhere near this early in the pre-con season, but the DEF CON room block for DC26 is already about half-full. Crazy, right?  

Those of you interested in the reduced rates we get at the con-affiliated hotels can slide over to https://aws.passkey.com/go/SCDEF8 for the most current info, and keep an eye out for any updates, should more rooms become available.

Current Prices:

Harrahs: $64 Sun-Thur, $94 Fri-Sat, $15 resort fee
Ballys: $84 Sun-Thur, $127 Fri-Sat, $19 resort fee
Caesars: $151 Sun-Thur, $171 Fri-Sat, $22 resort fee
Flamingo: $87 Sun-Thur, $127 Fri-Sat, $17 resort fee
Linq: $69 Sun-Thur, $99 Fri-Sat, $17 resort fee
Paris: $133 Sun-Thur, $156 Fri-Sat, $19 resort fee

Complimentary self and valet parking at all properties!


DEF CON 25 Media Server image

More goodies for you on the DEF CON Media Server. The #DEFCON presentations and workshop materials have been updated and the torrents have been regenerated. The old ones are officially deprecated.

The films from the T.D. Francis X-Hour Film Contest, including the winner, are also there for your viewing pleasure.

Enjoy, and pass it on!


DEF CON 25 Seidle image

Settle in and watch a $200 open source robot crack a combination safe. Learn how and why, sure, but also watch a robot crack a safe.

https://youtu.be/v9vIcfLrmiA


DEF CON 25 Bursztein image

Today we bring you another Early Release Talk from DEF CON 25! This time it's a more nuts-and-bolts crypto talk about the creation of the first SHA-1 collision. In this talk, Elie Bursztein delves into the challenges faced from developing a meaningful payload, to scaling the computation to that massive scale, to solving unexpected cryptanalytic challenges.

As ever, enjoy and share the love. Pass it on.


DEF CON 25 Media Server image

More goodies from DEF CON 25 have arrived on the Media Server! This time it's vast quantities of Infoz from the CTF competition. We've got results, services, scorebots and captures, all lovingly hand-compressed by DT for maximum potency. Please enjoy the caps in both team and organizer flavors.

In addition to the individual files in the CTF folder, we have prepared the whole enchilada in handy torrent format. As always, seeding is greatly appreciated. The data must flow.


DEF CON 25 Media Server image

Population of the DEF CON Media Server with DC25 goodies continues: the pictures from the closing ceremonies slide show are now live. Stay tuned - the entire output of the DEF CON Photo Corps will be available for slurpage in handy torrent format soon. Pictures, PCAPs, videos - maybe crack open a fresh hard drive and settle in. The data will flow.


DEF CON 25 kasparov image

Early release video from DEF CON 25 - Garry Kasparov's presentation 'The Brain's Last Stand'. As always, enjoy and make sure to pass it on!


DEF CON 25 contest results image

Congratulations to this year's contest winners! The level of competition at DEF CON is serious, whether it's the DC CTF or the Tin Foil Hat Contest, there are many very clever, very resourceful humans vying for the honors, and we salute you.

The contest results page represents the current state of our knowledge. We'll update as additional info comes in - do not despair if you don't see the event you're looking for just yet.

We also salute all those who competed but did not taste victory this year. The distance between observer and competitor is much greater than the one between competitor and victor, and DEF CON 26 will be here sooner than you know.


DEF CON 25 Con CD image

This year, you'll find all that juicy data on the DEF CON media server (media.defcon.org) and you can connect at your leisure and leech to your heart's content with no silly plastic doodads to hunt down of when you're loading out your hotel room.

Anything you might have formerly found on the Con CD, as well as anything we post in the future in the way of Video, Audio, and updates to presentations will be there, so keep your eyes peeled!

DEF CON 25 Receipt

Torrents for Presentation and Workshop Materials:
https://media.defcon.org/DEF CON 25/DEF CON 25 presentations.torrent
https://media.defcon.org/DEF CON 25/DEF CON 25 workshops.torrent


DEF CON 25 car hacking village CTF Winners image

Yep. They won the Car Hacking Village CTF, so they won a tricked out truck. To hack or to cruise in, at their discretion. You can find out more about the contest and the other goings on at the DCCHV at carhackingvillage.com.


DEF CON 25 CTF Winners image

Congratulations to Plaid Parliament of Pwning for their historic win at this year's CTF and a heartfelt thank you to the stand-up folks at Legitimate Business Syndicate for five years of fantastic contests.

You can read the final scores and sift through all their juicy data on the LBS blog:
https://blog.legitbs.net/2017/07/def-con-ctf-2017-final-scores-and-data.html?m=1


DEF CON 25 goodbye image

Another DEF CON is in the books. 25 years, and still exciting and expanding. Still staffed and attended by a community of volunteers and enthusiasts who are passionate about improving our shared digital world. You can't really ask for a better anniversary present than that.

Thanks to everyone who brought their energy and curiosity to Caesars this year, to every one of you who took the time to teach something, to every one who brought something to share, and to everyone who made it easy for people new to the scene to find a home.

We hope to see all of you back at Caesars for DEF CON 26! We're gonna get on planning that the minute the dust is cleared from this one. Stay tuned for content updates, contest results and the rest of the press coverage.

As always, we are insanely proud of the DEF CON community.

We love you, and we look forward to doing all this with you again soon.


DEF CON 25 Press badge image

DEF CON marches on, Thursday and Friday are in the books. Caesars is still here, Vegas is still hot. For the curious, here's a sampling of the press from DC25 so far, to give you an idea what the world outside this casino is thinking about our beloved hacker party.



Cnet - Everything looks like a hack when you're paranoid at DEF CON.
Cnet does a good job of reminding everyone to take a deep breath and carry on.

Kasparov talks calculated odds, AI, and cybersecurity
Cool Q&A with the brilliant and highly entertaining Kasparov.

It's shockingly easy for hackers to remotely scan and clone your work security badge

Why DEF CON still matters 25 years later
Well, technically 24 years later. But we're glad to still matter.

The First Apple Watch Jailbreak Has Been Demonstrated At Def Con 25

Hackers Will Be Breaking Into Voting Machines This Weekend

Watch this space for more press reaction to DEF CON 25.


DEF CON 25 con CD image

For a rookie, the Voting Machine Hacking Village is off to a very impressive start: consider the following tweets:

90 min after doors open: Complete remote control on the operating system level of the Winvote voting terminal (including election data).

On the e-pollbook front: internal data structure already discovered and reverse engineered within an hour. #VotingVillage

The Voting Village has a bunch of machine makes and models to try your hand at, including Sequoia AVC Edge, ES&S iVotronic, Diebold TSX, Winvote, and Diebold Expresspoll 4000. More importantly, there's a chance to make a little history here. The integrity of voting systems is a live issue in the world's news, and there are a lot of eyes on our little experiment. If your idea of fun includes a little paradigm-shifting, the VotingVillage is open all DEF CON.


DEF CON 25 con CD image

Let's face it: this change has been looming on the horizon for a long time. When we started putting a compact disc full of slide decks and files into the DEF CON goodie bag, it was a perfectly good idea. In those days, 750 megabytes was a decent amount of storage. More importantly, optical discs were still a thing. Readers shipped with all the computers and we all had cool CD wallets and racks and whatnot.

The world has changed, and CDs are now a weird novelty item from the hazy past like Pet Rocks and Cassingles.

This year, you'll find all that juicy data on the DEF CON media server (media.defcon.org) and you can connect at your leisure and leech to your heart's content with no silly plastic doodads to hunt down of when you're loading out your hotel room.

We will miss the Conference CD. We had good times together. We will toast to your memory, and pour out a little data in your honor. See you on the flip side, old friend.

Torrents for Presentation and Workshop Materials:
https://media.defcon.org/DEF CON 25/DEF CON 25 presentations.torrent
https://media.defcon.org/DEF CON 25/DEF CON 25 workshops.torrent


DEF CON 25 Link Roundup image

It’s very nearly on, DEF CON fam! As many of you are already in the city getting situated, here’s a few helpful links to get your mind right for the impending festivities.

Parking information: Vegas parking is a little different every year - here’s the thread about it on the DEF CON forums.
https://forum.defcon.org/forum/defcon/defcon-25-planning/226245-parking-in-vegas-it-s-ok-we-can-hear-you-screaming-from-here

For that matter, you can use the DEF CON forums to check out information about any of the stuff going on here.
forum.defcon.org

In case you didn’t know, there’s an official app for DEF CON called HackerTracker, available in iOS and Android flavors. Open source and created with love by members of the community, and full of stuff like maps and schedules to help you navigate.
iOS: https://itunes.apple.com/mx/app/hackertracker/id1021141595?l=en&mt=8
Android: https://play.google.com/store/apps/details?id=com.shortstack.hackertracker&hl=en

For those of you in Paris and Bally’s, good news! You get DEF CON TV! 4 channels, no waiting.

For the latest in presentation info and such, hit up the DC25-specific media server at dc25-media.defcon.org on the internal DEF CON 25 network.

To keep up to date on the latest of the late-breaking news, follow the main twitter feed @defcon, the DEF CON info booth @dcib and Facebook.com/defcon. Pictures and such also going up at @wearedefcon on Instagram.

And most importantly, registration opens Thursday at 6am. See you there!


DEF CON 25 Soundtrack image

The Official DEF CON soundrack has dropped! If you're here in Vegas, you'll get it on a CD with your registration pack, but if not, fear not, you can have it too!

14 tracks of hacker-centric tunes by so many fantastic artists, like:

Skittish and Bus, Laughing Mantis, Information Society, Zebbler Encanti Experience, JG And The Robots, Bioassay, Moderns, Left-Right, Ninjula, Richard Cheese and Lounge Against The Machine, The TroubleShooters, MC Frontalot, Lavos, Dual Core

It's available for free on media.defcon.org in a handy torrent, or if you're feeling benevolent, in a pay what you want format to benefit the EFF.


DEF CON wifi reg image

Interested in using the DEF CON secure wifi onsite? The online registration is open now. The setup page is https://wifireg.defcon.org. You can keep up with the people running that service by following @DEFCON_NOC.


DEF CON Hacker Tracker image

The wait is over!

The iOS version of HackerTracker is available on the AppStore!. It's free, slick and courtesy of @sethlaw, @Chrismays94, @macerameg & @imachumphries. Thanks to all of them for delivering the goods on time!



DEF CON Friends of Bill w. image

Vegas is a lot of fun, but it can also be just a lot. Too much, even, if you’re trying to keep the horizon level in your windscreen. If you’re a friend of Bill W joining us for DEF CON 25, please know that we have meetings at noon and five p.m., Thursday through Sunday in “Office 4A”, on the promenade level. Drop by if you need to touch base or just want a moment of serenity. We’ll be there.

(See info booth next to office 4 on the map, if you’re having trouble finding “Office 4A”)


DEF CON 25 Data Duplication Village image

Data Duplication Village is back for DEF CON 25, so don't forget to bring up to 3 6TB drives if you want to download the whole enchilada. This year's goodies are:

6TB drive 1-3: Updated archive of infocon.org plus other "direct from DT" content

6TB drive 2-3: freerainbowtables.com hash tables (#1-2)

6TB drive 3-3: GSM A5/1 hash tables plus remaining freerainbowtables.com data (#2-2)

There's a handy schedule to follow and you can drop off and pick up just like dry cleaning.

For more info you can check out dcddv.org and the forum thread


DEF CON 25 Music Schedule image

Curious who's gonna be rocking the house in the wee hours of DEF CON 25? Here's a handy guide to the MainStage performers for all three nights! Enjoy, plot your entertainment journey and pass it on.

Just a little over a week! W00T!

*Richard Cheese and Lounge Against the Machine are performing in the Chill-Out Area, the rest of these performers are on the main stage.


DEF CON Zebbler Encanti Experience image

Saturday Night, y'all!

Zebbler Encanti Experience (aka “ZEE”) is what happens when Pixel Wizard and Techno Badger meet in the woods and decide to short circuit neural pathways of the nearby mushroom pickers with nothing short of bassquakes (9.0 on the scale of awesome) and complete visual reality replacement (somewhat too awesome and terrifying to be numbered anything in particular).

That historic meeting in the woods is the underpinning of the very garments that ZEE now wear at every event they perform. The mere loosening of a button of their coats' pockets opens up a wormhole of psychedelic visions and sub-sonic rattles. But Zebbler Encanti Experience do more than that. They open their minds fully to each and every dance floor and ask you to Get In There!


DEF CON Richard Cheese image

Friday, in the Chillout area, please to enjoy the nearly-too-swanky-to-function  sounds of returning DEF CON performers (and DEF CON Soundtrack contributors!) Richard Cheese and Lounge Against the Machine!

America's loudest lounge singer Richard Cheese performs swingin' Vegas versions of rock and rap songs, "swankifying" popular Top40 hits into retro vocal standards. Imagine Sinatra singing Radiohead, and you've got Richard Cheese & Lounge Against The Machine.

The aforementioned DEF CON soundtrack is included with admission at DEF CON 25 or by donating to the EFF (url coming soon).


DEF CON Reel Big Fish image

For your DEF CON After Dark enjoyment, we present Friday's headliners, Reel Big Fish! They're fresh from their Beer Run Tour and ready to bring their trademark SoCal skank to the DEF CON masses.

In case you're not familiar, a bio snippet: "Reel Big Fish were one of the legions of Southern California ska-punk bands to edge into the mainstream following the mid-'90s success of No Doubt and Sublime. Like most of their peers, they were distinguished by their hyperkinetic stage shows, juvenile humor, ironic covers of new wave pop songs, and metallic shards of ska."

Sounds fun, yes? Yes.


DEF CON ICS Village image

A small group of SCADA Ninjas are traveling around the globe, spreading the word of SCADA. Unless you are already operating a secret nuclear enrichment facility in your basement or an ACME factory production line, then this is your best chance to get a kick-start into the world of Industrial Control Systems. We are bringing a number of real-world industrial devices from different vendors for you to look, feel and mess around with.

We bring you a safe, yet realistic environment where you can learn on how to assess, enhance, and defend your Industrial Environment. We bring you real components such as Programmable Logic Controllers (PLC), Human Machine Interfaces (HMI), Remote Telemetry Units (RTU), Actuators, etc. to simulate a realistic environment by using commonly components throughout different industrial sectors.

You will be able to connect your machine towards the different industrial components and networks and try to assess these ICS devices with common security scanners, network sniffers to sniff the industrial traffic, and more! In addition to previous years there is a workshop dedicated to ICS 101 and 201. Afterwards there will be an additional but optional challenge to test your newly acquired skills.

Follow @ICS_Village or have a look at www.ics-village.rocks.


DEF CON Voting Village image

"Just like everything else, it's time for hackers to come in and tell you what's possible and what's not."

-The Dark Tangent

Judging from the headlines, it's a good time to figure out how secure our electronic voting machines are. What better way, we thought, to find out what's real and what's hype than getting a bunch of real voting machines into the hands of thousands of hackers? We happen to know where to find a lot of hackers onthe last weekend in July, so we created the Voting Machine Hacking Village. We're bringing a bunch of voting machines and encouraging people to see what's possible. Let's test the physical security, try attacks at a distance, dump the BIOS, all of it. Knowing is half the battle, people. Let's do our part to add to the base of knowledge.

Read all about it:

Voting Machine Hacking Village on the DEF CON Forums


DEF CON Schedule is Live image

The DEF CON 25 Speaker Schedule is now LIVE! Please consult this schedule for all of your planning needs. For those of you who like to maximize efficiency, it can be paired with a venue map for optimal route planning and GPS programming.

We don't know about you, but we're getting pretty excited about this thing.

Web version: https://www.defcon.org/html/defcon-25/dc-25-schedule.html

PDF version: https://www.defcon.org/images/defcon-25/dc-25-schedule.pdf


DEF CON Call for Parties image

Attention all lawyers, law students, and judges: The DEF CON Lawyer Meetup is BACK! We'll be meeting Saturday the 29th at 6pm in the Counsel Boardroom on the Promenade Level. Join us for conversation and merriment, followed by dinner for those interested in extending the experience.

See you there!


DEF CON Call for Parties image

Luxury problem: It turns out that we have a little more free night-time space than we anticipated.

Luxury solution: Turn it over to DEF CON community for some more parties. Got an idea for a fun, open-to-everyone party you’d like to throw? Get at us at contests@defcon.org right away. We’ll work with the best ideas to allocate floor space and get the party launched.

You have your assignment. We look forward to your kick-butt ideas.


DEF CON demolabs image

DEF CON Demo Labs are back, and everything you need to know about them is waiting for you at the DEMO Labs Page! It's a heavy lineup of cool, open tools for all kinds of audiences, from testers to defenders to crypto enthusiasts. Bring your curiosity and questions and let's see what grows out of the interaction!


DEF CON workshops registration image

As hard as it might be to believe, we are less than a month away from DEF CON 25 - can you feel it in the air?

For those of you who are interested in the Workshops, we have some registration info. Online registration for workshops opens July 5 at 3pm PDT. First come, first served, so bookmark https://www.defcon.org/html/defcon-25/dc-25-workshops.html and set an alarm.

See you soon!


DEF CON cfp review board image

Meet the team of renegade super geniuses that work for months to pick the best talks for DEF CON. We love them, and you should too. It's a crazy hard job reviewing hundreds of highly technical proposals, providing meaningful feedback and picking the best ones. This year they'll be rocking special CFP Review Board badges at DEF CON, so if you see them let them know we appreciate what they do.


DEF CON Speaker Update image

You know how we know it’s almost DEF CON? The Southwest is having a heat wave, that ancient tweet about the Feds (allegedly) not appreciating the ‘Spot the Fed’ contest is back and the interwebz are buzzing with burner phone chat.

Also, the speaker list is complete! Get yourself over to the speaker page and learn what wondrous presentations DEF CON 25 has in store for you! We think it’s gonna be a great year, and we want to thank everyone who submitted, both selected and not.

Extra special shout out to the unsung heroes of the CFP Selection team, who labor mightily to pull together the best possible lineup,  and to provide the kind of feedback that makes everyone better.

Check out the lineup, plan accordingly, and go ahead and get psyched. DEF CON approaches.


DEF CON 25 workshops image
DEF CON Workshops are GO! Get yourself over to the DC25 website and see what strikes your fancy!

Registration opens July 5.


DEF CON 25 badge image

BAD NEWS:
No DEF CON 25 Mystery Challenge or badge contest.

WHAT HAPPENED?
Curious Codes, the company that was designing the DEF CON 25 badges,
notified us they are no longer working on any challenges or badges for DEF
CON.

WHY?
A combination of design and planning delays combined with a last minute
unforeseen personal circumstance made their production impossible.

WHAT DOES THIS MEAN FOR DEF CON?
No special badges or challenge and no mystery challenge

SO NOW WHAT?
We've gone with a DEF CON 25 anniversary theme with the badges and have
worked around the clock to get them designed and ordered. Not to fear, we
are hackers, it will work out. Everyone will have badges, they just won't
have crypto, secret embedded robotics, or radioactive compounds. I'll talk
more about the joy of conference badges in a later post.

WAIT, THERE WAS GOING TO BE ANOTHER MYSTERY CHALLENGE?!?
Yes, L0st had planned to do a special DC 25 challenge to break everyone's
minds.

ERATTA
Stay tuned for more info on #badgelife, we are planning a badge meet up for
all those who enjoy building and collecting conference or contest specific
badges of all kinds.


DEF CON 25 Crypto & Privacy Village image

Privacy is important to everyone, both in terms of the abstract legal right to secure our information and the concrete availability of tools and means to keep that data secure. In this age of near-ubiquitous surveillance, it's a good idea to keep your security knowledge sharp.

To that end, the Crypto and Privacy Village is back with a full roster of presentations, contests and workshops to level up your privacy game. Follow them @cryptovillage, or get the full rundown at cryptovillage.org.


DEF CON 25 Beard and Mustache Competition image

The DEF CON Beard and Mustache Contest is back - time to break out the various oils, waxes and industrial fertilizers that keep you looking so profoundly beardy. There are prizes to be won! Join us at 'the intersection of facial hair and hacker culture'.

You can learn the rules and whatnot at the contest website dcbeard.com, and you can follow the contest on the Twitters @dcbeard contest.

Beardless, but interested in competing? Please know that there is a freestyle category that actively encourages the creation and display of faux, ersatz and/or fictive facial hair arrangements. Fanciful and improbable designs welcome.


DEF CON 25 SOHOPelessly Broken logo image

The 0Day Device List is now LIVE! Dig into these IoT devices and then demonstrate your exploits at the IoT Village for cool prizes and raucous applause!


DEF CON 25 Packet village image

Once upon a time, the Wall of Sheep was mostly a bunch of paper plates stapled to a wall, shaming DEF CON attendees for bad security practices. It has grown into a whole village full of packet shenanigans with its own speaker track, contests and even workshops.

There’s loads of information on their wallofsheep.com, including the speakers they’ve so far selected for DC25. There’s a lot to take in, so it pays to get familiar in advance. The Packet Hacking Village has enough going on to satisfy all packet ninjas, from Padawan to full-blown Jedi. Visit their site, follow them on Twitter @wallofsheep and get your chops in order. The mischief starts next month.


DEF CON 25 crash and compile image

Crash and Compile is part drinking game, part programming contest. The ratio, of course, is yours to determine, but there are prizes for both the solving of programming problems and the drinking of drinks.

There are more rules than this,naturally, and you can find them at crashandcompile.com. They are the kind of rules that go like this: something happens, people take a drink. Also something doesn’t happen, or fails to happen as expected, and people take a drink. You get the picture, we think.

There are also ways to participate if you want to code without the drinking, or drink without the coding, or just distract the people trying to do both.There are prizes, and booze, and the satisfaction of proving that your skills can’t be thwarted by a little casual imbibing.

Follow the organizers on Twitter @crashandcompile and if this seems like your kind of party, get started on the training montage. We’ll see you there!


DEF CON documentary image

Still working on convincing someone you like to come with you to DEF CON? Sharing the essence of something as big and complex as DC isn't easy. We've got your back.

This sleek little USB key contains enough info to give a taste of DEF CON's magic. You get:

Jason Scott's terrific DEF CON documentary and a ton of out takes and soundtrack tunes
Videos of DC 20's Hacker Jeopardy and Hacker Pyramid
Music from the artists that played DEF CON 20 Pictures from all over DC20
All the DEF CON programs in PDF format
All the entries from the DC20 Short Story Contest.

When your hand your friend this little bundle of goodies, you're giving them all the data they need to get a real feel for DEF CON. Cool, right?


DEF CON Speaker Update image

Round 2 of the DEF CON 25 Speaker Selections is LIVE! Get into our speaker page and soak in all the updates. Clear some space in the old noggin for the science we're gonna drop in there. Visualize your ideal route.


BITSInject
Dor Azouri

How We Created The First SHA-1 Collision And What It Means For Hash Security
Elie Bursztein

Abusing Certificate Transparency Logs
Hanno Böck

Breaking the x86 Instruction Set
Christopher Domas

Secure Tokin' and Doobiekeys: How To Roll Your Own Counterfeit Hardware Security Devices
Joe FitzPatrick & Michael Leibowitz

MEATPISTOL, A Modular Malware Implant Framework
FuzzyNop & ceyx

Radio Exploitation 101: Characterizing, Contextualizing, and Applying Wireless Attack Methods
Matt Knight & Marc Newlin

Cisco Catalyst Exploitation
Artem Kondratenko

"Tick, Tick, Tick. Boom! You're Dead." — Tech & the FTC
Whitney Merrill & Terrell McSweeny

An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
Andy Robbins & Will Schroeder

Man in the NFC
Haoqi Shan & Jian Yuan

Porosity: A Decompiler For Blockchain-Based Smart Contracts Bytecode
Matt Suiche

A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
Orange Tsai

Assembly Language is Too High Level
XlogicX

Most importantly, get amped! It's next month, people!

More speaker updates to come. Stay tuned.


DEF CON sticker pack image

Got a device with visibly unadorned surface area? Don't worry - DEF CON is here to help you do the right thing. Hide your laptop's shiny silver shame with our stylish, durable DEF CON 25 stickers! There's five in the pack: you get a DC25 logo and four variations of our popular 'Disobey' sticker.

It's almost summer here in the Northern Hemisphere - make sure your gadgets are beach-ready. Get these fine stickers (and all kinds of other DEF CON goodies) at our eBay store, while supplies last.


DEF CON Vendor Reg Closing image

If you're still hoping to be a vendor at DEF CON 25, you need to to get over to defconvendors.com with all deliberate speed. The space is limited,and the deadline for submissions is June 1.

Don't miss your chance to share your products with thousands of members of the DEF CON community at Caesars Palace in July.

Tick-tock, tick-tock.


DEF CON Speaker Update image

The time has come, worthy citizens of DEF CON! Our first round of speaker selections, piping hot and ready for your delectation. It's going to be a big year, and it's a good time to start planning your con. We'd love to hear which talks you're most interested in so far. Stay tuned to this channel for additional speaker updates in the days to come.

Get psyched!


DEF CON Mar PBS image

We put a lot of effort into the atmosphere of DEF CON. We bring in musicians and artists that set a tone of high-energy creative inspiration. One of our favorite artists is Mar Williams - you’ve seen Mar's bold and evocative work in the halls, in the programs, on your swag. That style and energy are a large part of the DEF CON image in recent years, and we’re very proud of Mar.

Mar recently shared some thoughts about the creative process and some ideas about the connections between hacking and art with an interviewer at PBS. Check it out and let it inspire you to just start something creative and see where it takes you.

If you find that you really like Mar's style and you need some more of it in your life, Mar has a Patreon account you can check out at https://www.patreon.com/spux.

YouTube version:
https://m.youtube.com/watch?v=Ud-l6u9HzVY

You can also find this video (and an enormous quantity of other cool stuff) on the DEF CON Media Server’s Documentary Section.
https://media.defcon.org/Hacking Related Documentaries/


DEF CON Biohacking Village image

From the BioHacking Village website at defconbiohackingvillage.org:

"The DEF CON Biohacking Village is a multi-day biotechnology conference focused on breakthrough DIY, grinder, transhumanist, medical technology, and information security along with its related communities in the open source ecosystem. There have been multiple instances of DIYBio overcoming conventional science. We want to celebrate the biohacker movement with a compendium of talks, demonstrations, and a medical device hackathon.

The 2017 BioHacking Village theme is Medical Industry Disrupt. The Medical Industry is one of the last to be touched by technology. We have placed doctors and the study of medicine on an altar for years; the time of ivory towers, pedestals, and information isolation has come to an end. Biohackers are working on projects that have traditionally been kept in the labs of the medical institutions. We are moving science forward by working on DIY projects that matter and use citizen science to solve the economic problems that are caused by privatizing medicine and the resources for research."

If this sounds like your jam, or you just want to dip a toe in the DIYBio pool, you can find out more at defconbiohackingvillage.org, by following @DC_BHV or checking out their space on the DEF CON Forums.


DEF CON td francis image
The TD Francis X-Hour Film Contest is back! Think you've got the skills to conceive, script and shoot a short film in the midst of the DEF CON madness? Do you enjoy fun, prizes and awesome Contest shirts? Sign up, meet some basic requirements,and make your masterpiece.
Full details are on the Film Contest Website (xhourfilmcontest.com), but the basics are:

• You get the full and final rules and the topic when you pick up your reg Packet onsite.

• You can film in the venue so long as you're wearing your brightly colored Contest tees.

• Up to 5 crew - actors and extras aren't counted as crew.

Win prizes like a Seattle Film Institute scholarship and human badges to DEF CON 26, and get your film shown at DEF CON 25.
Thank DEF CON through your Oscar tears a surprisingly short time later.*
Slots are limited, so if you want shot at DEF CON Film glory, get over to xhourfilmcontest.com right away and begin your journey.

*your mileage may vary, but you definitely can't rule it out.


DEF CON 25 tamper-evident image

Tamper-evident tech may not be the flashiest security are out there, but it's a fascinating way to get your hands dirty in some ground-level physical security. The wily hacker who masters this space must know methods and techniques for defeating a wide variety of real-world seals, all the while stepping so lightly as to remove all evidence of their passing.

The Tamper-Evident Village brings a ton of different seals for you to practice on, helpful humans to point you in the right direction and even a few contests to test your skills.

Join us in the Tamper Evident Village and level up your physical security skill set!


DEF CON 25 Coindroids image

We're spotlighting some of the contests of DEF CON 25, to help you map your time and maybe get some practice in.
Today's Featured Contest: COINDROIDS!

Coindroids is sort of an RPG, set in a post-humanity Earth where only financial services droids remain, battling each other through the ruins for upgrades and survival. Money is the goal, both as a symbol of power and the weapon from which power is derived.

The game is played within the blockchain, and each block represents a round. To attack, you send defcoin to the attack address. To defend, you send defcoin to a 'block' address to raise your shield. Gain experience, level up, purchase new and more powerful armaments and upgrades and claw your way up the leaderboard. Rule the Cryptocurrency wasteland.

For a thorough explanation of the game's inner workings, check out the coindroids github: https://coindroids.github.io/Coindroids-Documentation/#introduction

Sign up and get some reps in at the Coindroids website: def.coindroids.com


DEF CON Documentary image

For today's #defconflashbackfriday, we offer the DEF CON documentary we commissioned for DEF CON's 20th anniversary. It's a great way to get a feel for what DEF CON is about and the amazing community that makes it happen.

If you've always wanted to come to DEF CON but wished you knew more about what to expect, set aside some time this weekend to watch the video and get up to speed. If it seems like your cup of tea, we'd love to have you join us for our 25th Anniversary Celebration at Caesars Palace.

We'll save you a spot.


DEF CON 25 CTF Qualifiers image

We'd like to congratulate these qualifiers for DEF CON 25's CTF contest:

PPP
Tea Deliverers
Shellphish
DEFKOR
A*0*E
hacking4danbi
!SpamAndHex
RRR
Team Rocket ??

Excellent work, and may fortune smile on you in Las Vegas this July. We'd also like to thank the upstanding citizens of the Legitimate Business Syndicate for putting together another great contest. Feels good, doesn't it? The spring is turning to summer, the table is set for the DEF CON CTF and we're in the home stretch of the countdown to DC25. Feel free to get amped.


DEF CON 25 CFP Reminder image

If you're waiting until the last minute to submit your presentation, you should know that we are officially in last minute territory right now. The window closes Monday, so if you want to see your talk in contention make good use of the remaining time! The moment of truth is upon you, so clear out some space and get your submission in order.

Let's get your cool ideas up where they belong.

The information you need is here:
https://www.defcon.org/html/defcon-25/dc-25-cfp.html


DEF CON 25 Vendors image

Cypherpunks, start your engines! Crypto and Privacy Village is returning for DEF CON 25 and they're looking for speakers. If you've got some good stuff to share with the Crypto community, point yourself over to cfp.cryptovillage.org and get your submit on! We're looking forwards to seeing what you've been working on.


DEF CON DARPA CGC Mayhem image

The 2016 DARPA Cyber Grand Challenge was kind of a big deal. It was an autonomous, all AI Capture the Flag contest with millions of dollars in prize money. The systems competing were built by teams from all over the country, all of them building the road as they travelled. The teams that made it to the hotly contested final round are all full of straight-up wizards. We're proud of how great the contest turned out, and of all the brilliant humans who made it happen.

When the smoke cleared, For All Secure's Mayhem was the last bot standing. In addition to the millions in prize dollars, the eternal bragging rights and the very stylish DEF CON Black Badge, Mayhem now has a place in official history at the Smithsonian.

Writeup Here:
http://invention.si.edu/ai-and-challenge-cybersecurity

Recap and tons of info also available here:
http://archive.darpa.mil/cybergrandchallenge/


DEF CON Jack kit image

The popular Jack v2 Pirate Electronics Kit has returned to the DEF CON eBay store! Don't miss your chance to get the finest in blinky swag (from the High German 'blinkenschwag'). The last batch sold out almost immediately, so if Jack seems like your jam, get thee to eBay!


DEF CON 25 demo labs open image

DEF CON Demo Labs are BACK! If you’ve got an open source project (tool or hardware) that you want to get in front of a huge, clued-in and interested audience, you’re gonna want to check out our Demo Labs page. Whether you’re looking for feedback, help or just getting the word out, we can offer you a 2-4 hour dedicated time slot to share at DEF CON 25. And one badge, if your project makes the cut, obvi. Get your info on the DL page and get your proposal in before June 1, and let’s make some demo magic!


DEF CON 25 Plaid CTF Qualifier image

Friendly DEF CON 25 CTF reminder: The next qualifying event is PlaidCTF, an online jeopardy-style contest that's a mere 10 days away! You can get more infoz at plaidctf.com, but it's time to #getonit. Fortune favors the bold.


DEF CON 25 CEV closed image

The Call for Contests/Events/Parties is now closed. If you submitted a proposal, expect a response soon. If you just want to know what kind of delights are in store for DEF CON 25 attendees, watch this space.

It's getting closer, people. Feel free to get amped.


DEF CON 25 Press Reg image

Friendly reminder to our friends in the fourth estate: Press Registration for DEF CON 25 is now officially OPEN! Spaces are limited, and speedy application improves your chances. The information you need to get your ducks properly aligned is on the DEF CON Press page. We've made some changes to streamline the process, so it's worth your time to check that out.

We look forward to hearing from you. It's gonna be a big year.


DEF CON 25 CTF Quals image

Attention CTF enthusiasts everywhere: Registration is open for the DEF CON 25 CTF competition! Please report to the web establishment of our friends and trusted associates at the Legitimate Business Syndicate for further instruction.

You can't win if you don't play, and you can't play if you don't register. Let DO THIS, shall we?


DEF CON 25 SECTF image

Can you talk a skinny dog off a meat truck? Do 419 scammers get off the phone owing you money? If you've got the steely nerve and Social Engineering skill to play in the big leagues, you should know that the SECTF is accepting applications for DEF CON 25. Get in the ring and show off your superpowers!


DEF CON 25 Secret Stash March image

This month's profoundly rad design is here to hacker up your spring wardrobe! Dozens of DEF CON and hacker culture references packed together in the inimitable style of our own Mar Williams. Can you identify them all?

Limited edition, only available in the Secret Stash, so get yourself fresh while you can!


DEF CON 25 DCTV image

One of the fun perks of staying in the host hotel at DEF CON is access to live, streaming talk content from the comfort of your room. DEF CON TV can really come in handy when a talk is over capacity, or when you need a little breather from the Vegas of it all.

This year, we’re hoping to expand the offering of DEF CON TV beyond the main venue. If you're staying in any of the partner hotels, you’ll not only get our D.C. Group rate, but you get DCTV as well! Huzzah! We’ll keep you informed via social media and the DEF CON 25 website when we have the green light.

Our block rate is sold out at Caesars, but you can still grab it at
Linq 
Paris
Bally's
Flamingo
Harrah's

We suggest you book promptly to ensure the preferred pricing - these will fill up quickly.


DEF CON 25 ctf quals image

The next stop on the road to DEF CON 25 CTF glory is this weekend's 0OPS CTF. It's a wide open, jeopardy-style event you can learn about at https://ctf.0ops.net. Everybody gets an exciting sleepless weekend of network combat, but the winner gets a spot at the Big Show at DC25. Spring has sprung and the procrastinator's window is slowly closing. Gather your stoutest warriors and get your name in the arena, or forever wish you had tested yourself against the best.

Details and the full quals schedule are at legitbs.net.


DEF CON 25 call for music image

Are you an entertainer? A singer of songs, a shredder of licks, a spinner of beats? Have you the skills to keep the sweaty masses in a rumpus till the breaking of dawn? If so, DEF CON has urgent need of your talents.

The DEF CON 25 Call for Entertainers is now live. Fill out the form, prove you have the goods, rock faces off at DEF CON's 25th Anniversary shindig. It's that simple. You've got til June 1 to get our attention.


DEF CON 25 CFP announce image

Pro Tip: if you want to give your CFP submission its best chance, don't wait for the last minute! Get it in early so that reviewers have a chance to give you feedback. If you have a good idea that needs some refinement, we're happy to help you get it right.

https://www.defcon.org/html/defcon-25/dc-25-cfp-index.html


DEF CON 25 Biohacking Village logo image
This CFP announce is for lifehackers; not the ones who have a really good todo list app, but the ones who hack life. The DEF CON 25 Biohacking Village is looking for your presentation ideas. Grinders, transhumanists and  DIY biotech geeks of every description are encouraged to apply.
The Biohacking Village theme for 2017 is Medical Industry Disrupt, so special consideration goes to pitches that aim to revolutionize the practice of medicine. You have until May 28th to get your submissions in. We're looking forward to seeing what you're up to.

For all the details, go to defconbiohackingvillage.com


DEF CON 25 Site image

It’s happening, luminous humans of DEF CON. The hour of our reunion draws closer. All the signs say so. The seasons change, the CFPs begin to sprout, and this year’s DEF CON website goes live.

That’s right - the DEF CON 25 website lives! Burn its address into your heart, your mind, and your browser of choice. As the conference approaches, we’ll fill the site with all the info you need to maximize your DEF CON preparations. Get amped, people. DEF CON’s 25th Anniversary is closer than ever.


DEF CON Call for Reviewers image

Your response to our call for reviewers was much bigger than we expected, so we’re closing it down Monday. Thanks to everyone who offered to help - we’ll be getting in touch with those who’ve been selected. We’ll keep the applications we received on file, and we’ll open this call back up before DEF CON 26.

If you’re still looking for volunteer reviewer opportunities, we encourage you to get in touch with the villages - most of them also field a large number of proposals that might be a perfect match to your expertise.

Thanks to the DEF CON community for always responding to our requests with so much love and enthusiasm. You rule.


DEF CON Call for CEV image

DEF CON 25 approaches. It more than approaches. DEF CON 25 looms. It hovers just beyond the near horizon, waiting to be awesome.

One key element of this awesome is all the superfun hackertainment we deliver in the form of Contests, Events, Villages and Parties. And the key element to pulling that together is YOU. All of that fun is 100% community-driven.

Every year we ask the DEF CON community for their best ideas for CON amusements, and we make the best ideas happen. This year, our 25th Anniversary year, we're hoping you're ready to respond and really step things up. Dig deep. Dream big. Seize this moment.

Everything you need to know to put your proposal together is on our CEV page. Go there, get amped, and submit your killer idea.

Let's get epic, people.


DEF CON Call for Papers AMA image

Friendly reminder: If you've got any questions about the process of becoming a DEF CON speaker, don't miss the AMA today! Get yourself over to /r/defcon at 6pm PST today and get 'em answered by the DEF CON 25 CFP Review Board.

Get tips on what they're looking for, help with how to present your proposal and general encouragement to bring your ideas to the DEF CON community. Be there.


DEF CON 25 CTF Quals image
If you're a packet ninja on a quest for CTF immortality at DEF CON 25, you need to keep your eyes on the qualification schedule. No quals, no glory.
The next qualifying event is the online Jeopardy-style Bostonkey.party, happening this very week (Feb 25-27)! You can find info about this and all the remaining events in the schedule at legitbs.net, the online home of the upstanding citizens hosting this year's CTF.

We're expecting big things from you.


DEF CON Call for Papers AMA image

The DEF CON 25 CFP Review Board will be hosting an AMA Wednesday, Feb 22 at 6pm PST. Bring your questions and get yourself up to speed. Meet the team that does the selecting, and learn tips that will give you an edge in getting your talk accepted.

Join us in /r/defcon next Wednesday!


DEF CON Call for reviewers image

Greetz!

We're seeking specialized CFP Reviewers to join our DEF CON 25 CFP board this year. We have a fairly well rounded board, but we could use a few more to the team. Specifically, we'd like those more specialized in: Cryptography, Malware, Post-exploitation, Reverse Engineering, and Forensics. So if you can open a can of whoop ass with those skills, please apply.

All you have to do is write a cover letter telling us how you've been involved in the DEF CON community, what skills you can bring to the table, and where to find your resume. Please be aware being on the review board is a hard volunteer job. To review you need to spend hours reading submissions and providing feedback. There will be hundreds of emails, so you have to be committed. The reward, however, is having a hand in making DEF CON 25 amazing and the eternal gratitude of hackers all over the world. Which is nice.

Send your entries to talks@defcon.org if you want in.

Thanks,
Nikita


DEF CON Jacket image

Pro Tip: DEF CON's eBay store has a 50 dollar price drop on some very stylish waterproof soft-shell jackets! Now there's no excuse for spending one more day in the same boring, skull-free outerwear. Fight the elements and crush the mid-winter blahs with style. Check 'em out !


DEF CON CGSC image

We're excited to announce that our founder, Jeff Moss, has been named a Commissioner of the brand new Global Commission on the Stability of Cyberspace! The Commission, which will debut at the Munich Security Conference, aims to safeguard the peaceful use of the Internet as volatility and threats from state-level conflict increase.

Jeff joins a team of security and policy luminaries Chaired by Marina Kaljurand, former Foreign Minister of Estonia. The Co-Chairs are former US Secretary of Homeland Security Michael Chertoff and former Deputy National Security Adviser of India Latha Reddy. You can learn more about the GCSC and its mission at cyberstability.org


DEF CON 25 February stash image

The Secret Stash is keeping you hacker fresh with more DEF CON 25 wearables! Both the tee and the sticker are custom, exclusive artwork available only from the Stash. Look fly and keep DEF CON close to your heart until we meet again in July!


DEF CON 25 CFP announce image

Luminous humans of the DEF CON community, we interrupt your slow news week to bring you this urgent message:

The DEF CON 25 CFP is OPEN! And so is the Call for Workshops!

We realize that's kind of two messages. The common thread is that the machinery of DEF CON 25 awakes from its fitful rest, and it hungers. It hungers for your talk submissions as well as your workshop ideas.

To expedite the annual feeding of this beast, we've created a CFP index page that includes all of the many ways you can submit your work for consideration.

The time is upon us, people. The deadlines will arrive faster than you think. Get your stuff together, whip it into shape and get it in. We are only going to turn 25 once, and we want you to be a part of it.


Ladar Levison at DEF CON 22 image

In 2013, the FBI wanted access to Edward Snowden's encrypted email. Faced with a request for Lavabit's  SSL key, founder Ladar Levison instead closed the service. Over 400,000 customers lost access to their accounts. Levison's hardline stance on customer privacy earned him praise from the security community.

Today the service is on the verge of relaunching. It's got brand new architecture, new features and soon, end-to-end encryption.

You can read Kim Zetter's interview with Levison on the Intercept.
https://theintercept.com/2017/01/20/encrypted-email-service-once-used-by-edward-snowden-to-relaunch/

For additional background , watch Levison and Stephen Watt discussing Lavabit at DEF CON 22.
https://youtu.be/TWzvXaxR6us


Coded web series image

The trailer for 'Coded', a new hacker-focused series from Freethink Media, has tons of shots from DEF CON 23. It also contains interview footage with Ladar Levison and Nico Sell. We've only seen the trailer, but It looks promising. Here's the promo blurb: "The data war is in full swing. Foreign governments are hacking major corporations, major corporations are collecting massive amounts of consumer data, and the NSA is listening to all of them. With malevolent hackers on one side and oppressive regimes on the other, data security is as important to the global economy and human rights as free speech and the rule of law. Join us as we profile a new generation of programmers helping consumers and companies alike protect their financial information, their identities, and their freedom."


DEF CON secret stash january image

Gentle reminder: The Secret Stash is back with more DEF CON 25 boss-level swag! Both the tee and the sticker are custom, exclusive artwork available only from the Stash. Get your 2017 look together with a versatile tee - fresh for all situations, from the boardroom to your secret lair.

Get your goodies at teespring.com/defconstashjanuary
Women's cut/sizes at teespring.com/defconstashjanuarywomen


DEF CON Caesars Palace image

The early birds have captured all of the on-site worms: Caesars Palace is sold out for DEF CON 25.

Be of good cheer, however. You can still get our discounted room rate at the following nearby properties:

Linq
Paris
Bally's
Flamingo
Harrah's

DEF CON 25 is gonna be kind of a big deal, and we want you there. We suggest getting on that reservation post haste. The link for the DEF CON discount is https://resweb.passkey.com/go/SCDEF7 and the time for action is now.


DEF CON Jennifer Granick Book image
Congrats to @Granick!
Hacker lawyer extraordinaire, Director of Civil Liberties for the Stanford Center for Internet and Society and possible secret superhero Jennifer Granick just won the Palmer Prize! The prize, awarded for work that sheds light on the interplay of civil liberties and State security is for her upcoming book "American Spies: Modern Surveillance, Why You Should Care, and What to Do About It". We can't wait to read it.
Jennifer is also a frequent and popular speaker at DEF CON. To give those unfamiliar an idea why her work and ideas are so valued by the hacker community, take a look at her most recent DEF CON presentation. It's entitled "Slouching Towards Utopia; The State of the Internet Dream" from DEF CON 24.

As always, enjoy and pass it on.


DEF CON 25 CTF Quals Update image

Attention all seekers of CTF glory - the qualification season is underway! The solid citizens of the Legitimate Business Syndicate have posted the information you need to get involved on their website at legitbs.net.

If you've got the goods, get in the arena. There's nothing between your squad and Capture the Flag supremacy but air, opportunity and the best players on Earth. Get you some.


DEF CON 24 SE Village Vids image

Today's treat - a YouTube playlist chock full of SE goodness from the Social Engineering Village at DEF CON 24! All the presentations and a bonus live recording of the Social Engineering podcast. There is much to be learned here, so block off some time.

As always, take what you can use and pass it on. The best defense against the dark arts of SE is exposure and education.


DEF CON secret stash january image

The Secret Stash is back with more DEF CON 25 boss-level swag. Both the tee and the sticker are custom, exclusive artwork available only from the Stash. Get your 2017 look together with a versatile tee - fresh for all situations, from the boardroom to your secret lair.


DEF CON Groups video image

Happy New Year, DEF CON community! Jayson Street, our DEF CON Groups Ambassador, has some year-end words for everybody from his tastefully appointed secret bunker.

Get amped, radiant humans of DEF CON. 2017 is our Silver Anniversary and big things are in the plan.

As always, if you're not in a DEF CON group, consider joining one. If you can't find one nearby, consider starting one! The infoz are all available at defcongroups.org.

Excelsior.


DEF CON new swag image

We've got some new stuff in the trusty old DEF CON eBay store for you - including DEF CON 24 Rucksack and Duffel bags and the hit "Jack" soldering Kit from HACKED at the Tribeca Film Festival.

Start the new year right - treat yourself to the very finest of hacker swag!


DEF CON 25 logo image
Greetings, hacker fam. It's time to announce the theme for DEF CON 25!
DEF CON 25 theme image

Welcome to DEF CON's Silver Anniversary!
We're celebrating 25 years of warranty-voiding, boundary-expanding adventures in technological subversion, and looking forward to the next 25.
DEF CON 25 theme image

The theme this year is 'Community, Discovery and the Unintended Uses of Technology' and the vibe is retrofuturist - think maxed-out 8-bit grafx in a dark arcade, lovingly defaced websites in Netscape Navigator. A world where adventurous digital misfits are building a new world out of the pixels and info the Powers that Be leave behind.
DEF CON 25 theme image

We've come a long way together, from the obscurity of BBS life to Runner-Up for Time's Person of the Year. From 20 people at the CON to 20,000. From media scapegoat to – well, it's a work in progress.

Join us at Caesars Palace to look back at how we got here, and to imagine together where we go next.


DEF CON connected weapons image

According to CrowdStrike, the Russian hackers known as ‘Fancy Bear’ (recently in the news regarding the US election) or APT28 used a trojanized Android targeting app to geolocate and frustrate Ukrainian artillery.

From the article: “It’s incredible, from a technical point of view, that hackers and hacking can so drastically influence the outcome of military engagements,” Wardle said. “If this is all true, I mean, it would have been a huge, huge advantage for the Russians to be able to geolocate the Ukrainian artillery units...basically in real-time, via an infected Android app. Crazy.”

It’s worth noting that at DEF CON 23 Runa Sandvik and Michael Auger  dealt with the possibilities of using connected weaponry against its owners in their talk “Hacking a Linux Powered Rifle”. You can check that presentation out here.


DEF CON 25 wallpapers image

In the spirit of this festive season, DEF CON has a gift for you and your various screenz: wallpapers for everyone!

Designed by our very own Mar Williams and sized to fit many popular devices, these DEF CON 25 wallpapers will make your lock screen the talk of the town!

And while you're admiring your spiced-up mobile, remember that you can still get a T-shirt emblazoned with this very same artwork at teespring.com/defconstash, for the next several days.


DEF CON 25 CTF Update image

Heads up to all the CTF fans out there: the upstanding citizens of the Legitimate Business Syndicate have alerted us to some of the contests that will qualify for the DC25 CTF.

According to the Legitimate Business Syndicate (@legit_bs) Twitter feed, the following contests are confirmed as qualifiers:

PlaidCTF (@PlaidCTF)
Boston Key Party (@BkPCTF)
0CTF (@0opsCN)
33C3 CTF (@EatSleepPwnRpt)

If you're not in the dojo getting yourself into tournament shape, it's time to start making better choices.


DEF CON 24 IoT playlist image

Like #DEFCON? Like #GoRuck Events? Wanna put them together? Express your interest in the DEF CON/GoRuck Custom! http://buff.ly/2h7Th7F


DEF CON 24 IoT playlist image

IoT-enabled botnets are all over the news, but the suspect devices are generally consumer-grade. In today's #internetoftriviallycompromisablethings update, 80 different industrial-tier IP cameras shipped with hard-coded creds, opening them up to all kinds of botnet mischief.

Sony has addressed the issue in the latest firmware updates for these devices, and updating is enthusiastically recommended.

Probably a good reminder that the higher prices for corporate-level gear do not imply better security practices.

If you want to devote some time to educating yourself on the current state of the Internet of Things, we suggest starting with the DEF CON 24 IoT Playlist.

Enjoy, share widely and run the latest firmware.


DEF CON 25 swag pack image
From now until DEF CON 25, we're offering monthly packages of exclusive, limited-edition DEF CON 25 swag.

The December pack is a crisp, fresh DEF CON 25 tee and a high-quality DC25 sticker. The design is courtesy of DEF CON staff artist Mar Williams, created especially for this package. Look sharp, gift like a boss and hide your laptop's shiny metal shame. Rock DEF CON 25 swag like you come from the future.


DEF CON 25 teaser image

Watch this space: December 1, DEF CON has something nice for your holiday season. Even if you've been a little naughty.


DEF CON 24 live music image
Music lovers, rejoice! The live music selections from DEF CON 24 are here! Thanks to the generosity of the artists and the miracle of BitTorrent, you can help yourself to a curated selection of the tunes that rocked DC24. Enjoy the (metaphorical) stacks of (figurative) molten wax, in both standard formats and lossless FLACs.

As always, share widely and give the artists you dig some love.


DEF CON 23 Samy Kamkar image

The new Raspberry Pi hotness is Samy Kamkar's PoisonTap. It's a cheap (like dinner at Arby's cheap) device that pops locked machines fast (like the onset of Arby's regret fast). Samy posted a video demo on YouTube, and you should watch it.

If you dig Samy's style and want to see another of his low-fi, hi-yield hacks, we've got a #defconflashbackfriday video for you - Samy demoing inexpensive car/garage door exploiter 'RollJam' at DC23 in supremely informative and entertaining fashion.

Check it out, pass it on.


DEF CON 24 Patrick Wardle image

DEF CON 24 Speaker Patrick Wardle is back in the news with a warning about Shazam's macOS app. Apparently, turning off the app doesn't stop it from recording.

Which is weird, right?

If reading the article has you looking for a little more of Patrick's insights into macOS security, you can check out his talk 'I've Got 99 Problems, Little Snitch Ain't One.' from DC24.


DEF CON 24 Torrents image

Limber up your hard drives, my friends. If you seek the motherlode of DEF CON 24 content, look no further than our Torrents page. All the talks in multiple formats? Check. DARPA Cyber Grand Challenge content? Music? CTF files? Check, check, super check. Fire up your preferred netguzzler and get to guzzling. Enjoy, seed and share widely.


DEF CON 24 IoT talks image

More hot playlist action - Internet of Troublingly Hackable Things edition! It's a gourmet selection of talks from the main track and the IoT Village. We recommend pairing it with an overcaffeinated beverage and wired headphones. Learn all you like, then make sure to pass it on.


DEF CON 24 Wireless Village talks image

Today's playlist is the DEF CON 24 Wireless Village Talks. Software Defined Radio, evil access point tricks, BLE hacking - it's all in there. If the wireless ecosystem and the hacking thereof floats your boat, it's time to make an appointment with our YouTube channel and get caught up.

As always, share the love and pass on the knowledge..


DEF CON 24 AFK talks image

Today's DEF CON 24 playlist is called 'AFK'; it focuses on talks that deal with policy and ideas rather than hardware and code. Hacker Law superhero Jennifer Granick's talk on the state of the applicable law is in here, as are the 'Meet the Feds' and 'Ask the EFF' panels. There's a little something for every interest, from the venerable Richard Thieme's talk on the psychological toll of working with secrets to the Bob Ross Fan Club's talk on recognizing and neutralizing propaganda.

Thirteen talks in all, with lots of variety. Block off some time (or just put in headphones) and get yourself some. As always, share the love.

More playlists on the way!


DEF CON 24 Car Hacking talks image

The rollout of DEF CON 24 videos continues with 10 videos with a focus on car hacking. There’s a couple of presentations that deal with the CAN BUS, a deep dive into autonomous cars and even a couple specifically about big rigs. Seven of the ten talks come straight out of the Car Hacking Village!

There’s a weekend coming - maybe it’s time to curl up with a laptop and get up to speed on the rapidly expanding world of automotive hacking. As always, enjoy and pass it on.

Big playlist coming Monday!


DEF CON 24 Crytpo and privacy talks image

Today we begin the rollout of the DEF CON 24 talks with a very diverse playlist of crypto and privacy focused presentations.

From the main tracks we have Ladar Levison on compulsory decryption and Nate Cardozo on the State of Crypto in 2016. We also have six talks from the Crypto and Privacy Village!

As ever, we want you to enjoy the presentations, get inspired and pass the knowledge along.

More talks tomorrow!


DEF CON on instagram image

Today's #defconflashbackfriday is from DEF CON 24, and it's a fun one. Evan Booth's talk this year was on building a bionic hand out of a Keurig coffee maker, but it's also about imagination, creativity and finding potential in the commonplace and unremarkable tech that's all around us. As always, please enjoy, be inspired and pass it on.


DEF CON on instagram image

DEF CON is on Instagram! We're posting a steady stream of pictures from the vaults, pictures of the preparations we're making for DEF CON 25 and various image-based shareables to amuse and edify all hackerkind. Follow us at wearedefcon and share your memories, your projects, or maybe all the exciting places you're wearing your DEF CON hat. We can't wait to see what you're up to.


DEF CON in the news - 15 under 15 image

DEF CON in the news: To kick off your week with a heaping helping of hope for the future, here's an article from Sara Sorcher and Ann Hermes at the Christian Science Monitor calling out 15 kids killing it in the cybersecurity space.

To our great joy, a bunch of those kids have in common the DEF CON kids' track, R00tz Asylum. CyFi, Kryptina, Evan, Miller and Emmitt - you make us prouder than you know.


DEF CON 24 Chris Rock image

The US Presidential election is a few weeks away. Whatever the outcome it’s safe to say this election is an inflection point. Hacked communications, data dumps and claims of state actors using media to influence the vote have dominated the news cycle. These factors and the anxiety and outrage fatigue that acccompany them are likely to be around a while, so it seemed like an opportune moment to repost Chris Rock’s talk on overthrowing governments. It’s a thought-provoking investigation into what it might take to use the modern landscape for toppling a regime, and it’s a good practical alternative to the generalized hysteria promoted by cable news.


DEF CON in the News image

A couple of DEF CON 24 related news items in the last week:

The folks from the DEF CON IoT village and SOHOpelessy Broken Contest fame have recently published an article on their findings from this years DEF CON outlining the ever present threat of IoT vulnerabilities discovered.

Not to mention this interesting article about an Steganography vuln first publicized in the Crypto and Privacy Village at DEF CON 24.


DCG 530 image

From their Facebook page:

It's been a while since we posted an update, so this will be a doozy....

First and foremost, meetings are EVERY TUESDAY AT 7PM at Idea Fab Labs Chico! Every week people ask "is there a meeting tonight"? The answer is ALWAYS YES! Sometimes meetings are just 5 hackers hanging out talking shop. Come by and say Hi!

If you'd rather participate and get your hands dirty, there is currently a shiny voip phone running SIP firmware AND A PBX waiting for a config to be created and pushed.

The Kegbot also needs some love, as the raspi that runs the DB and Twitter feed is unplugged on top of the kegerator. Feel like getting the Pi and Tablet talking again? By all means!

There's also that sexy little black box on our table...but that's a secret. Right guys? See you next Tuesday.


Dameff/Tully at DC20 image
Medical devices are back in the news cycle again, this time due to reports of a hackable insulin pump that can, under the right conditions, be made to deliver an overdose. That is scary, because the pump lives in your guts and not on the kitchen counter. In the end, though, it's also very similar to all the other IoT news: connected devices that aren't designed with security in mind are dangerous.

A more interesting thing about human augmentation devices like the. Insulin pump, however, is that they offer real, life-altering promise. Unlike all the devices clamoring to dim your lighting and save you from walking all the way over to the thermostat, this class of device can save your life, return your mobility, even make you a bootleg superhero.

For your Wednesday we offer a video from DEF CON 20 by doc/hacker types Christian Dameff and Jeff Tully meant to remind you of all the cool possibilities that the future holds, if we can get the security thing under control.

Link to the insulin pump story:
http://www.infosecurity-magazine.com/news/insulin-pump-flaw-allows-hackers/


DCG 813 image

DC813 is holding a CTF competition in January. If you're Tampa-adjacent, this could be a really fun way to get into CTF or level up your blossoming skills.

From the DEF CON Forums:
We will be holding a beginners/intermediate CTF game which has a $10 seating charge for purposes of raising money for DC813. Cash payment at the door. There will be a grand prize given to the first competitor to get the flag (root). This is a boot to root challenge. Seating is limited. NOTE: This CTF does not include multiple attack nodes; this game is designed for beginners and those that wish to sharpen their CTF skills. An OVA file containing the game within a VM will be provided, upon payment, the day of the competition. All monies received will go towards the DC813 Meetup expenses.


DEF CON 24 Black Badge image

In the ever-expanding universe of DEF CON competitions, there are many winners. We salute them all. Some of these victories are so impressive that we recognize them with an extra awesome badge and free DEF CON entry for life. This badge is the Black Badge, and we list the winners on the Black Badge Hall of Fame.

We've updated the Black Badge Hall of Fame to include winners from DEF CON 24. You should check it out.

If you have questions or updates, hit us up at info at def con dot org.


DCG 801 Badge Coding Video image

Video from #defcongroup DC801's badge coding environment presentation a few nights ago. Learn a little something about the making of the 801 badge and pass it on. Also, get a look into the kind of cool stuff that happens at DEF CON Groups, and seriously consider joining your local chapter so that cool stuff can start happening to you.

If there isn't a DC Group where you are, consider starting one. All the details you need are at defcongroups.org.


DEF CON 24 Rootz logo image

The talks from the @r00tzasylum kids track at DEF CON 24 are now live on the inter-tubes for the edification of young padawans and grizzled Jedi alike. Please enjoy, and make sure to drop a link to any promising younglings who might benefit from the training!


DEF CON 25 caesars palace image

For anyone with questions about the hotels DEF CON attendees use during the con, our forum wizard TheCotMan has assembled a super-handy FAQ from previous As to various lodging-related Qs.


DEF CON 24 Liu talk image

To help you get over that midweek hump, we offer another early release video from DEF CON 24 - 'I Fight for the Users: Attacks Against Top Consumer Products '. In this video, @zfasel and @secbarbie walk you through attacks on 21 popular IoT devices - so you get something more than just proof that one or another connected toaster is ready to pwn. You get to see how how whole product categories are ready to pwn.

There's even tools, in case you want to test the security of some of your own 'smart' devices. Good stuff, delivered with an eye for the lulz.

Please enjoy and then pass it on.


DEF CON 24 Liu talk image

We've got another early release video from DEF CON 24! It 's called 'Can You Trust Autonomous Vehicles?', and in it Jianhao Liu and Chen Yan discuss jamming and spoofing attacks on the sensors of cars like the Tesla Model S. It's definitely a sobering look at the downside of the Jetsons-style tech we're developing and a good reminder of the place security thinking needs to take at the design table.

As always, enjoy and pass it on.


DEF CON 24 CTF image

The scores for this year's DEF CON 24 CTF have been posted! The model citizens of the Legitimate Business Syndicate have finalized and shared the ultimate scores of this year's historic and hotly contested contest.

But wait - there's more! LBS also suggests strongly you keep your eyes on their site (and ours, natch) for more goodies on the near horizon: pcaps, source code, a full SQL dump among other data for your leisurely examination.


DEF CON 24 chris rock talk image

For your weekend, we offer @_Kustodian_'s talk from DEF CON 24 'How to Overthrow a Government', in which the intrepid Chris Rock delivers another provocative and spooky talk about the kinds of vulnerabilities an imaginative transgressor can harness to exploit bureaucracy for their own ends.

As always, enjoy the talk and pass it on.


DEF CON 24 press image

DEF CON got a lot of ink this year - among the happenings were the DARPA CGC, tons of IoT news and what is probably the most bonkers uber badge in the history of uber badges. If you want to comb through the press coverage, we’ve assembled a bunch of it on the DEF CON Press Archive for your convenience. If you see articles that we missed, feel free to drop us a link in the comments and we’ll update.


DEF CON 24 MouseJack talk image

For your weekend, another #defconflashbackfriday early release talk from DEF CON 24 - this time Marc Newlin on the hijacking of wireless mice for nefarious purposes. He calls it 'MouseJack'.

As always, enjoy and share widely.


DEF CON 24 Mr. Robot Panel image

For your midweek edification, we offer another early release video from DEF CON 24 - this one is the Mr. Robot panel! It's a lively discussion of the show and its inspirations with Mr. Robot's technical advisor Kor Adana, The Dark Tangent, Marc Rogers, Andre McGregor and Ryan Kazanciyan with journalist/author Kim Zetter moderating. If you watch the show, you'll definitely learn some new tidbits to increase your appreciation. If you don’t, the panel will show you what it takes to keep a hacker show realistic and exciting.


DEF CON 24 crowd image

Good News Everybody! We've got some updates to the archive page for DEF CON 24! We've got updated slide decks and whitepapers now on the media server.

For a post con re-cap on DEF CON and the CFP process this year, check out Nikita's speaker's corner entry entitled "DEF CON CFP: Thinking Back and Moving Forward"!


DEF CON 24 weston hecker image

Returning to the tradition of #defconflashbackfriday, we offer a presentation from all the way back in 2016 - Weston Hecker's 'Hacking Hotel Keys and Point of Sales Systems : Attacking Systems Using Magnetic Secure Transmission' from DEF CON 24.

We probably can't summarize the talk better than the title does, but if you need a little more incentive here's the abstract:

"Take a look at weaknesses in Point of sale systems and the foundation of hotel key data and the Property management systems that manage the keys. Using a modified MST injection method Weston will demonstrate several attacks on POS and Hotel keys including brute forcing other guest’s keys from your card information as a start point. And methods of injecting keystrokes into POS systems just as if you had a keyboard plugged into the system. This includes injecting keystrokes to open cash drawer and abusing Magstripe based rewards programs that are used a variety of environments from retail down to rewards programs in Slot Machines."

As always, watch, learn and share widely.


DEF CON 24 Contest Results image

If the presentation tracks are the brain of DEF CON, then the contests are its heart. It's a kind of alchemy: we bring together thousands of interesting strangers fascinated with various aspects of technology, and we want them to leave a few days later with new friends, new skills and new obsessions. Our solution? Just add a rich, world-class layer of competitions run by an army of talented, insanely dedicated volunteers.

This formula has worked pretty well, and we thank all of you players for supporting the games and keeping the comp high-level and good-natured. It is our sincere hope that you're getting something valuable from getting into the DEF CON arena in the battle of your choice.

Still, the contests are as tough as they are fun, and the field is full of wildly brilliant humans. Every winner listed here has earned their prizes and bragging rights. We congratulate them all and hope to see all of you back in the ring for DC25.


DEF CON 24 pictures image

The newest treats on the DEF CON media server are pictures from DC24. Like metric oodles of pictures, taken with skill and respect by our Photo Corps and a few other friends of the con like the SE Village. We offer them to all of you as a memento and record of the event, and a chance to see the bits you didn't get around to.

Like everything we release, these photos are CC licensed for you to enjoy, share and remix so long as you clearly attribute them to DEF CON.

If you have pics you'd like to share, let us know at info ]at[ defcon [dot] org and we'll look into adding them to the collection.


DEF CON 24 writeups image

When the dust settles after a DEF CON, it's time to collect the write-ups from the various contests and challenges. There's nothing more educational and humbling than analyzing successful strategies from the player's point of view.  Please enjoy our DC24 Writeup Sampler Vol. 1, and if you see some we missed, please drop us the links for inclusion in a future volume.

Badge Contest Writeup from the winners, Council of Nine

Badge Contest Writeup from degeneratemetric

OpenCTF Writeup from @p4p1lio

CGC Writeup from DARPA

CTF Writeup from Zachary Wade of winning team Plaid Parliament of Pwning:


DEF CON TD Francis Film Contest image

For those of you who missed the TD Francis X-Hour Film Contest, here's all of the competing films in their full glory. The creativity and energy required to conceive, write, shoot and edit a film during DEF CON never fails to impress. If it looks like fun to you, consider signing up and taking a crack at it next year!


DEF CON link roundup image

As part of our annual process of compiling press accounts of DEF CON, we offer some link roundups sorted by topic. First up, DEF CON Link Roundup: IoT edition.

This was a big year in the Internet of Things, and the whole industry is only just getting off the ground. At DEF CON 24 we saw the first ransomware delivered via thermostat, among many other causes for interest and concern.

As always, if you find cool coverage of DC24 topics out there, please feel free to drop some links in the comments.

https://motherboard.vice.com/read/internet-of-things-ransomware-smart-thermostat

http://www.bbc.com/news/technology-36995288

http://www.internetnews.com/blog/skerner/defcon-btlejuice-mitm-hacks-bluetooth-and-belittles-bluetooth-padlock-security.html

http://www.theregister.co.uk/2016/08/08/using_a_smart_bluetooth_lock_to_protect_your_valuables_youre_an_idiot/

http://www.theverge.com/circuitbreaker/2016/8/9/12414014/smart-lock-security-flaws-internet-of-things

http://mashable.com/2016/08/10/even-vibrators-get-hacked/#AVsvxH60pkq8


DEF CON 24 CTF winners PPP image

A big congratulations to this year’s winners of the DEF CON Capture the Flag Competition, Plaid Parliament of Pwning. A big shout out to Legitimate Business Syndicate for their masterful hosting of this event. Check out this profile of the winners!


DEF CON 24 soundtrack cover image

DEF CON 25 is going to be kind of a big deal.

First, we’re celebrating 25 years of bringing hackers together for knowledge transfer and hackish shenanigans in the swelter of late-summer Las Vegas. Even after a full quarter-century of hacker summer camp, our family is still growing fast, and we’re still finding new cool ways to get people involved and connected.

Second, we’re switching venues again, this time to the larger, swankier environs of Caesar’s Palace. We’ll have bit more space and a lot more flexibility in how that space is distributed.  Hopefully that means there will be easier traffic management and shorter lines for everyone.

DEF CON 25 will be held at Caesar’s Palace July 27-30, 2017. You can get yourself the DEF CON block rate right now at Caesar’s or the other participating hotels (Bally’s. Paris, Flamingo, Harrahs,and Linq) by following our reservation link at https://resweb.passkey.com/go/SCDEF7

We have a lot of ideas for celebrating our Silver Anniversary with you, and we hope you have some too.

Can’t wait to see all of you again at Caesars in July.


DEF CON 24 soundtrack cover image

Heads up hackers! For those who attended, we hope you enjoyed this year's soundtrack. Many thanks to our headliners like Dirtyphonics, Information Society, and Richard Cheese for pitching in.

Most of all, a big thank you to Gravitas Recordings for helping to facilitate, curate, and help out with the online distribution of the soundtrack. If you missed the conference, you can find it at http://music.gravitasrecordings.com/album/def-con-24-the-official-soundtrack. Best of all, it's free or pay-what-you-want, with all revenue going to support the Electronic Frontier Foundation.

Look out for some major jams for DEF CON 25!


DEF CON 24 black badge image
DEF CON 24 black badge image

We know what you're wondering. Who is that handsome fellow?

That striking visage belongs to this year's Uber Badge. In addition to his chiseled good looks, he sports some spiffy secret code and one particularly hyper-functional eyeball. They're each handmade, and need to be individually adjusted due to servo differences. If you're one of the lucky few who are taking one of these home, congratulations! If not, you should get here next year and get your hat in the ring. Who knows what next year's badge will be?

You can observe it in action at: https://www.youtube.com/watch?v=t8mLCnhMSqA


DEF CON 24 CGC logo image

The DARPA Cyber Grand Challenge is complete, and the mighty Mayhem from ForAllSecure has been crowned Champion and ruler of all it surveys.

If you're still wondering what's such a big deal about computers hacking each other, or if you just want a quick primer on how amazing the contest was, DARPA has dropped a highlight reel to catch you all the way up.

Sometimes you can't see how important something in in its moment, even if it seems kind of important. This is probably one of those times.


DEF CON 24 CD Torrents image

CD player in the shop? Too young to know what a CD even is? The DEF CON 24 conference CD and the DEF CON 24 Music CD are now available to you in ultra-convenient Torrent form. Enjoy hours of free music and conference goodies, without the danger of skips, scratches and microwave misadventure. The internets are standing by, so Act Now! 

Or, like, whenever. Supplies are basically unlimited.

https://www.defcon.org/html/torrent/DEF CON 24 original conference CD.torrent
https://www.defcon.org/html/torrent/DEF CON 24 music CD.torrent


DEF CON 24 NOC image

In response to the article that was posted by the Register, the DEF CON Network Operations Center Team (NOC) pride ourselves on making a network that allows the community to get Internet access, and have access to internal resources (Servers, etc.). The DEF CON NOC believes in privacy and anonymity for our attendees.

When users attach to the DefCon Secure (802.1x/PEAP) network, we have made the decision to do our best to make that data/traffic inaccessible, and the team does not allow for data monitoring, nor recording of the traffic. We do have overall bandwidth monitoring- but will never run driftnet, ntop or other tools that invade the privacy of the users on the secure network.

The DEF CON network resources, and staff who volunteer in the NOC at DEF CON currently do not have any part in the operations of the Black Hat network(s). The DEF CON NOC also doesn’t allow vendors to use the network as a place to demo or experiment with our user’s traffic.

Now… If you happen to attach to any network that does not have the more secure certificate authentication method enabled – all bets are off. Your traffic will be monitored – not by us, but by the people around you. We also ship the open WiFi network traffic off to the Wall of Sheep as well, and anyone on the unsecure network can and will easily Man-In-The-Middle your traffic.

If you want to get on the “DefCon” Secure network- follow the instructions that are posted on https://wifireg.defcon.org/. Each PEAP session that is created from the client to the controller is a unique session, and is not allowed to talk to any of the other users on the network once connected to the official network.

If you are concerned about someone capturing your credentials, you don’t want to register ad userid, or want to maintain anonymity we have also setup a common username and password of defcon/defcon. So if someone says that they captured your credentials, it’s really not that big of a deal, especially when everyone has a unique session.

You should still install and only trust the certificates that we have posted on https://wifireg.defcon.org/.

-The NOC Team
Sine Qua Non


DEF CON 24 Lawyer Meetup Update image

Attention Lawyers, Judges, Law Students and people who have the complete Matlock collection on VHS:

The Lawyer Meetup has changed locations. It's still on Friday Night August 5, and it's still at 6pm, but now it will be held in Bally's Palace 6 on the main floor. We hope to see you there for genial jurisprudential fellowship.

If you have questions or want to help, contact host Jeff McNamara at jeff@jcmclaw.com.


DT at OSTP Workshop image

At DEF CON, cyber competitions are kind of our thing. Our first  We love them because they're fun, because they test a lot of skills at once, and because they build community.

 

Yesterday, DEF CON founder Jeff Moss attended a workshop held by the Office of Science and Technology Policy to discuss ways we can use this kind of competition to encourage infosec as an occupation, and making this kind of high-energy hacker problem-solving part of the standard curriculum for STEM students everywhere. The idea, according to OSTP's blog is "increasing awareness of potential cybersecurity professionals and providing opportunities for experiential learning at all skill levels." 

We couldn't agree more.

This year DEF CON's annual CTF contest will bring together teams of packet-slinging phenoms from all over the world. For the first time, we're also putting on a DARPA autonomous CTF contest. In a few years, who knows what the combination of brilliant humans and intelligent machines will mean for contests like ours? You're definitely going to want to stay tuned.

Check out the blog at: https://www.whitehouse.gov/blog/2016/07/27/building-workforce-through-cybersecurity-competitions


DEF CON 24 hacker tracker app image

Many thanks to @shortxstack and @sethlaw for creating the Android and iOS versions of the #HackerTracker app. Thanks to their effort you can slurp the entire schedule of DEF CON 24 into your pocket-brain, freeing your hands and meat-brain for mischief and hackery.

Android: https://play.google.com/store/apps/details?id=com.shortstack.hackertracker

iOS: https://itunes.apple.com/us/app/hackertracker/id1021141595?ls=1&mt=8


DEF CON 24 workshops registration image

Workshops are free, first come, first served, and seats will fill up fast!

To register for a workshop, you will need to go to the Bally's side in front of the cafe arcade between Thursday 07:00 to 15:00. We will have goons to pre-register you for the workshop(s) of your choosing.

If the workshop that you want has filled up before you got there, don't worry! Just like last year, if you come to the workshop area early the day of, you can wait in the standby line. If a seat opens up, it will be made available to the first person waiting to claim it.

Please Note: You will be issued a workshop "pass". It will be required for class admission. If you lose it we can't help you, your seat will be made available for those in standby.


DEF CON 24 demolabs image

While you're enjoying DEF CON 24, don't forget to check out the demo labs, where many of your fellow hackers are displaying their current projects for your perusal. Get inspired, offer some feedback, maybe even find a new collaborator.

There ain't no show and tell like a hacker show and tell.


DEF CON 24 # image

Attention Hams, both active and aspiring! The exemplary humans of DC408 have brought back Ham Exams for DEF CON 24!
If you're looking to get a certification, please take a moment to look through the rules on the forum page for this event. You're gonna have to bring some stuff. And know some stuff.


DEF CON 24 # image

Confidential:
The situation we find ourselves in after the events of last year is tenuous. All agents must be especially careful. The Mad Hatter's disruption of the Daemon was a serious breach, but this year, we may just be able to get the upper hand.
Soon you will find new content and a brand new Teaser online at https://dcdark.net/ Agents from past years: DM me here or on Twitter. There is work to be done.

forum thread: https://forum.defcon.org/forum/defcon/dc24-official-unofficial-parties-social-gatherings-events-contests/dc24-official-and-unofficial-contests/the-defcon-darknet-project-ac/223792-defcon-24-darknet-humans-and-machines


DEF CON 24 DDV image

The Data Duplication Village is also returning for DC 24, tanned, rested and packed with even more goodies to fill your oceans of cheap HD space.
Bring some drives, get everything in infocon.org and a practically endless supply of rainbow and hash tables. You can even throw some fun data into the mix, if you have something you think your fellow hackers would find useful. It's kind of like a drop-off dry cleaner, except you get back terabytes of sparkly new data instead of your same old clothes. And it's free. And surrounded by DEF CON.

So really it's only like a drop off cleaner in that you drop stuff off, pick it up later and the bag is NOT A TOY. But that's enough for a simile, right?DT spells it all out in the Forum thread and you are encouraged to ask any questions you have there.


DEF CON 24 Bill W image

Vegas is a lot of fun, but it can also be just a lot. Too much, even, if you’re trying to keep the horizon level in your windscreen. If you’re a friend of Bill W joining us for DEF CON 24, please know that we have meetings at noon and five p.m., Thursday through Sunday at ’The Office’ on the 26th floor of the Bally’s Tower. Drop by if you need to touch base or just want a moment of serenity. We’ll be there.


DEF CON 24 homework image

Heady, insightful movies about the rise of robots and AI are great. We've even recommended several in these pages, and you should definitely watch them all.

Still, movies don't have to carry the weight of 2001 or the maniac attention to detail of Blade Runner to be worth 90 minutes of your life. Sometimes an earnestly misguided B-movie is just what the doctor ordered. In that spirit, we offer 'Rise of the Machines' Movie Homework, Guilty Pleasure Edition.

Westworld:
In the early 70s, the robot future looked like the Disney animatronic President exhibit, at least to the makers of this film. Take a fun, sexy vacation to a theme park where robots populate a Wild-West themed town. You can drink with them, dance with them, fight with them - it's a hoot until somebody makes the Yul Brynner-bot angry. Fun and interesting, if a little slow-moving.

The Lawnmower Man:
Sure, VR is all the rage now, but this isn't the first time we've gone crazy for the idea of low-poly graphics and nausea goggles. The last VR boom mostly created dozens of televised interviews for Jaron Lanier, but right on the edge of that bubble we got 'Lawnmower Man' - a sort of 'Flowers for Algernon' meets 'Transcendence' with some seriously early 90s graphics work. 

Hardware:
I can't really give you a better description than IMDB does: 

"The head of a cyborg reactivates and rebuilds itself and goes on a violent rampage in a space marine's girlfriend's apartment." 

This movie isn't high art, but it's fun and it's better than its budget deserves. Also, Lemmy is in it.

Runaway:
Tom Selleck and his absurdly luxurious mustache have the dirty job of deactivating robots who've gone haywire. The over-the-top bad guy is played by Gene Simmons of KISS. Michael Crichton wrote and directed. Dopey fun, and a good reminder how incredibly weird the 80s were. 


DEF CON Speaker's Corner image

There's a brand new Speaker's Corner post from Aditya K. Sood titled "Bridging the Gap: Dispersing Knowledge through Research Presented at DEF CON". Have a look!


DEF CON 24 speakers image

After much difficult deliberation and debate, the list of speakers for DEF CON 24 is now live and ready for your consideration. We want to thank everyone who submitted - there was a bumper crop of quality entries. It's never easy to narrow down the list, and we congratulate the selected speakers. If your talk wasn't selected, we hope you'll submit again next year.

Heartfelt thanks also to the DEF CON Review Board. The board puts in crazy hours and makes hundreds of tough calls to finalize our roster, and we heart the stuffing out of them for all their sweat and devotion.

Feel free to let us know which talks you're most excited about in the comments.

August can't get here fast enough!


DEF CON 24 workshops image

Can you feel how close it's getting?

The full schedule for Workshops at DEF CON 24 is now available for your careful examination. Make plans, invite friends, agonize about the limited number of hours in a standard Earth day. The workshops are all free, but space is limited. Registration is onsite, first-come first-served, so knowing what you want ahead of time is key.

 

It's gonna be a good DEF CON.


DEF CON Groups logo image

The DEF CON Groups program is designed to reflect the values of DEF CON, providing an open community for the discussion of technology and security topics. As such, we must all work together so that our actions build toward that goal.

However when anyone or any group abuses the trust of this community and negatively impacts the reputation of DEF CON we are all harmed. After significant discussions we have concluded with regret that DEF CON must revoke DEF CON Group Lucknow for attempting to commercialize based on the brand and community.

Since the beginning of the DEF CON Groups back in 2003 this is the first time we have had to take this action, and we genuinely hope it will be the last.

The Dark Tangent


DEF CON 24 badge hack pageant image

Tinkerers of all sorts, rejoice! The EFF's Badge Hack Pageant returns to DEF CON 24. Have your clever badge hacks judged by the all-star panel of Zoz, Joe Grand and 1o57! Win prizes! Enjoy the company of others who refuse to accept the idea that the device in front of them has reached its final form!


DEF CON 24 short story contest logo

Winners have been announced in the DEF CON Short Story Contest. Many congratulations to the winners and thank you to everyone who shared your work with us. The DEF CON community brings it - no matter what the challenge. You guys rule.


DEF CON 24 CGC logo

In 2005, DARPA challenged innovators around the world with a $2M prize to build a vehicle that could navigate the Nevada desert with no one at the wheel. In 2016, DARPA has again challenged the global innovation community with a $2M prize to build a computer that can hack & patch unknown software with no one at the keyboard.

At DEF CON 24, on Thursday night at 5pm, the Paris ballroom will host the world's first all-machine hacking tournament. Seven high performance computers will play an all-machine Capture the Flag contest, reverse engineering unknown binary software, authoring new IDS signatures, probing the security of opponent software, and re-mixing defended services with machine-generated patches and defenses.

(more on on the DEF CON 24 Cyber Grand Challenge Page)


DEF CON 24 Wireless Village image

Wireless Village CFP is open - closes June 30!

Sure, the main DEF CON CFP is closed. But sometimes, when DEF CON closes a door, the Villages open a window.

If you have a great presentation on wireless security or shenanigans you've still got a month to get it into shape for consideration by the radiant humans of the DEF CON Wireless Village. We recommend getting on it promptly though. Slots are limited and the last moment always gets here faster than you expect.


DEF CON 24 Richard Cheese image

We have a treat for all the suave sophisticates out there. If your idea of the perfect evening is the tinkling of ice cubes and ivories under low, flattering lights, join us Friday night at Napoleon's for two shows of the song stylings of Richard Cheese and his crack band Lounge Against the Machine.

Yes. We said Richard Cheese. And we said two shows. We also said the thing about flattering lights, but your mileage may vary. Polish up your best monocle and let's enjoy an evening of the hits of yesterday and today, sprinkled with that one-of-a-kind Cheese magic.


DEF CON 24 Saturday 80's night image

Pure energy.

Join us Saturday night for a dance party both radical and tubular. DEF CON is proud to present two pioneers of the electronic dance genre: Berlin featuring Terri Nunn and Information Society. Sick beats and iconic hooks await you. We promise a sweaty good time to all, 80s survivors and wide-eyed millennials alike.

If you are not there, are you anywhere? Don’t be nowhere, when you can be right here, at DEF CON 24’s 80s night.


DEF CON 24 CTF Quals image

Thanks again to the honorable folks at Legitimate Business Syndicate for running the 2016 CTF Quals! They've been kind enough to put together a wrapup for your post-mortem perusal.

They've also open-sourced all the challenges, just because they're cool like that.

Bonus writeup link.

Enjoy and share. We'll post more as we get them.


DEF CON 24 CTF Quals image

If you're looking to keep track of the 40 or so hours of unbridled packet mayhem that remain, here's a couple of links:

On Twitter, follow our powerful CTF Organizers Legitimate Business Syndicate @LegitBS_CTF

To see the HTML Scoreboard, go to https://2016.legitbs.net/scoreboard/complete

If you like your scoreboards a little spicier, there's a JSON version at https://2016.legitbs.net/scoreboard/ctftime.json

There's a chat at #defconctf on the 'Hackint' network - infoz at http://www.hackint.org/

There's even a pushbullet channel at https://www.pushbullet.com/channel?tag=first-solves-jequaquifs

Honestly, if you need more ways than that to keep your eyes on the action, you should be playing.

Of course, we'll be noting the big moments on our Facebook page at @defcon.

Godspeed to all combatants. May the best hacks win.


DEF CON 24 Friday EDM night image

So you're at DEF CON 24. It's Friday night. After a long day of contests, talks and general merriment, you need to get lost in some music and maybe shake that tail feather. If only there were a whole evening planned with house-quaking, artisanally crafted small-batch beats from DEF CON's favorite crowd-moving specialists!

We have anticipated your need, DEF CON massive. DEF CON EDM night (exact location TBA) is here to supply you with soul-nourishing rhythm and space to get your head and your booty in sync. Who's playing, you ask?

The heavy groove merchants DirtyPhonics

The sensual overload of the Zebbler Encanti Experience

The sophisticated boom-bap of DualCore

The mighty, mighty, YTCracker

Now that you know, you have no excuse to be anywhere else. To get familiar, hit us up at https://defcon.org/html/defcon-24/dc-24-entertainment.html


DEF CON 24 call for Demo Labs image

DEF CON 24 has a lot of space, and we're expecting a lot of party people. So much space, and so many party people, in fact, that we're once again crowd-sourcing some of the merrymaking to you, the DEF CON community.

We want your party ideas. The best ones get the space to get it cracking, the gratis use of a hotel bartender (the bartender, not the booze) and promotion from us. Let's make your party dreams come true for one magical Vegas night. 

Infoz are on the DEF CON 24 Call For Parties Page

It's getting close, people. Let's light this candle!


DEF CON 24 call for Demo Labs image

Got an open source project you want to share with the DEF CON crowd? You're in luck - the DEF CON Demo Labs are back for 2016! We're offering you a demo space and a scheduled time (a few hours) to get your tool or hardware in front of some curious hacker faces. It's a great way to raise awareness, meet people with similar interests and maybe even scare up some help or feedback.

There are rules, of course, and you'll have to get selected. For all relevant infoz, please head over to the Call for Demo Labs page and we'll get you on your way. Deadline is June 15. We're waiting to be amazed.


DEF CON 24 call for suites image

Have you ever wondered what you would do with a full penthouse suite at DEF CON to fill with any kind of amazing nighttime party/contest/BB-8 death match you could dream up? We wonder too. And we have suites. You see where this is going?

Send us your best ideas for turning a giant empty room into a can't-miss happening, and we'll get you the keys at a huge discount to make your vision manifest.  The whole rundown is waiting for you on the DEF CON 24 Call for Suites page.


DEF CON 24 call for workshop reminder image

DEF CON 24 cfm image

Attention hackers of sound - the moment has come to share your gifts with the DEF CON massive. We have need of many skilled entertainers to meet the  rump-shaking requirements of our many, many joyful partygoers. If you possess the skills to shake those rumps, it's time for you to submit your application.

So, Bards and Troubadors, get thee to the DEF CON forums, learn what we require and come to the aid of your community. A grateful nation awaits your genius.


DEF CON 24 ctf image

Interested in joining the Capture the Flag Action at DEF CON 24, but wish you had more information? The fine, upright and honorable citizens of the Legitimate Business Syndicate are here to help with a very wordy and complete blog post on just that subject. Satisfy your curiosity. Learn the rules. Join us at the quals.


DEF CON 24 cfp image

A lot can happen In a week. Decisive battles can be won, changing the course of great wars. Human relationships can blossom from indifference to friendship. Carelessly refrigerated leftovers can blossom into viable microbiomes. A week is a powerful unit of time.

If you're planning to submit to the DEF CON CFP or CFW, you have just one of these powerful units left. One (1) week to get your powerful ideas into submission shape. One (1!) week to get them to us for consideration.

One (1) week, people. Use it wisely. The DEF CON community is counting on you. A week is finite, but regret lasts forever.

https://defcon.org/html/defcon-24/dc-24-cfp.html
https://defcon.org/html/defcon-24/dc-24-cfw.html


DEF CON 24 venue image

We're in the double digits, folks - less than 100 days until DEF CON 24! In that spirit, a little update on the venue:

We've made some adjustments to the floor plan, and you can peruse them at your leisure on the Venue page of the DC site.

We'd also like to remind you that the rooms in our discounted blocks are selling pretty fast, so if you're looking to book in one of our associated hotels sooner is better than later. The numbers and links you can use to get yourself situated are also available on the Venue page.

The time to get psyched is at hand. Let's DO this!


DEF CON 24 Short Story Contest image

The DEF CON Short Story Contest returns, bearing prizes and a chance at geek-lit glory. All those inclined to compete are urged to visit @DCShortStory or the #DCShortStory DEF CON forum page for the rules and requirements as they develop.

Pencils up, people. You have until May 30 to submit your masterpiece.


Rootz CFP image

Attention hacker kids - R00tz Asylum (r00tz.org) wants your ideas for talks and demos for fellow young hackers in the R00tz pavilion at DEF CON 24! If you've been a part of R00tz before, you know how cool this is - if you haven't been, this is a great way to get yourself involved. If you've got cool ideas for this year's R00tz Asylum, check out the call for ideas on their webpage.

Adults are welcome to submit ideas as well (obvs), but youth definitely has some privileges and priority here.


DEF CON Packet Hacking CFP image

The Wall of Sheep would like to announce a call for presentations at DEF CON 24 at the Paris and Bally's Hotels in Las Vegas, NV from Thursday, August 4th to Sunday, August 7th. All accepted talks will be announced, recorded, and published by Aries Security and DEF CON Communications, Inc. Please see our YouTube channel for all Speaker Workshops from last year.

This year, the Packet Hacking Village at DEF CON 24 will be on the 26th floor of Bally's Indigo Tower. The Call for Presentations will close on Wednesday, June 15th at 11:59 PM. The list of workshops will be finalized and published on Thursday, June 30th.

How: Complete the Call for Papers Form at http://www.wallofsheep.com/pages/call-for-presentations-at-def-con-24 and send to cfp2016[at]wallofsheep[dot]com. Please also refer to the form for more details


DEF CON Tribeca Film Festival image

As you may know, 'HACKED by DEF CON and MR. ROBOT' is happening at the TriBeCa Film Festival this weekend. If you are not in the vicinity of New York City, you can still keep up on all the cool stuff we have happening there, from the DEF CON FaceBook Page! We're posting videos, pictures and even having some live feeds from TFF, so check it out!


DEF CON 24 vendor reg image

For those of you with hackerly merchandise to peddle at DEF CON 24, the Vendor registration site is now open!

You'll find a thorough FAQ with answers to those hard hitting vendor questions, like "how big are the booths?", and "how much does it cost?". Not to mention the handy dandy application forms which can slingshot you into a position of sales success!

Don't wait, Apply for your spot in the DEF CON 24 vendor area today! You'll be glad you did!


DEF CON 24 press image

Attention ink-slingers (literal and virtual) - DEF CON 24 Press Registration is now open! 

We have a hard limit on press badges this year, so it's a good idea to get your application in right away. Once we run out of badges no amount of charm or flattery will get you in the door. As always, there are some basic rules of press conduct we'll expect you to adhere to, and you can find them on our press page

You'll also find the info we need on your application for both DC 24 and the DARPA CyberGrandChallenge. 

If you need any questions answered, drop us a line at press at DEFCON dot org. We look forward to hearing from you.


DEF CON 2016 tribeca film festival image

Important reminder for everyone in the general vicinity of New York City this weekend: 'HACKED by DEF CON and MR. ROBOT' is happening at the TriBeCa Film Festival and you owe it to yourself to check it out.

Some of our famous DEF CON Villages (Lockpicking, Privacy, Hardware Hacking and BioHacking) will be on hand to share hands-on instruction, group presentations and even some fun contests.

Hosted by the team behind USA Network's breakout hit 'MR. ROBOT', there's an fSociety recruitment challenge. Test your hacking/social engineering/knowledge skills to see if you have the goods to join Elliot in fsociety.

There will also be panel discussions all three days:

Friday, 4/15 @8pm: Emergent Technologies: Hacking Innovation
Panelists: Joshua Carr, Sarah Grant, Tal Danino
Moderated by DEF CON

Saturday, 4/16 @7pm: Perception: The Art of Surveillance
Panelists: Alexis McGill Johnson, Lyric Cabral, Laura Poitras(TBC)
Moderated by DEF CON

Sunday, 4/17 @1pm: Living in a Post MR. ROBOT World
Panelists: Kor Adana, Writer and Cast Members of MR. ROBOT
Moderated by The Dark Tangent

All this is going down at Spring Studios at 50 Varick Street, and door open at noon. You can get more info and ticket details at https://tribecafilm.com/festival/defcon

Come check out all the DEF CON and MR. ROBOT goodness at the world-renowned TriBeCa Film Festival. Super-fun brain-embiggening times await.

They have some movies there too.


DEF CON Call for Papers image

Putting things off until the last moment is a valid time management strategy. Until it isn’t.

If you’ve been meaning to get in gear and get your idea for a DEF CON presentation or a DEF CON Workshop polished up and sent in, it’s time to mean it harder. There are a just a few weeks to get all the boxes filled and the details worked out. We want to see what you’ve got cooking, but to get it into DC24 you’ve got to press ‘Send’ by May 2.

The information you need to assemble is outlined on the website at https://defcon.org/html/defcon-24/dc-24-cfp.html and https://defcon.org/html/defcon-24/dc-24-cfw.html.


DEF CON 24 Rootz image

If you are a hacker type with younglings in your care, no doubt you are aware of the Rootz Asylum track for Kids at DEF CON. (If you didn't know, get familiar at r00tz.org - or ask the nearest hackishly inclined youth.)

Well, the folks at R00tz have a CFP out for DC24. It covers a wide area, as they're looking for people to run workstations, make presentations and set up contests. If the rising generation of padawan are to grow into mighty and honorable cyber-jedi, it's up to all of us.

Bonus coolness: Submissions from kids are welcomed and encouraged!


DEF CON 24 Biohacking Village image

The BioHacking Village is back for DEF CON 24, and their CFP is open. If you have something interesting to say (or demonstrate) about the blossoming science of modding human squishware, the BioHacking Village is a pretty great place to say it.

They're also looking for some help reviewing CFP submissions, so there's another way you can share your BioHacking knowledge with the world.


DEF CON 24 homework movies image

Phase 2a: 5 more movies about the rise of artificial intelligence (plus one bonus TV series)

Colossus: The Forbin Project
One of DT's very favorite films - Colossus is the spiritual parent to later pop-science films like 'War Games', and a useful reminder for the era of the algorithm-worship we find ourselves in today. We've recommended it before, and it's not an accident.

Moon
One man, alone on the Moon with only an AI for company. How are the boundaries of that relationship defined? How does an artificial intelligence work around human quirks and resistance to achieve the programmed objective?

The Animatrix
An interesting short film anthology that delves more directly into the circumstances at play in 'The Matrix'. What civil rights is a thinking machine entitled to? If we create a consciousness, what do we owe it? If we make machines that can create on their own, how do we deal with what they make?

The Machine
A recent (2013) film about British Minstry of Defence cyborgs and what happens when the tech begins to outgrow its narrow intended purpose.

2001
every single time you ear a purring robot voice delivering bad news to increasingly frantic humans, you're seeing an homage to HAL from Stanley Kubrick's immortal (and deeply weird) movie about consciousness, 2001. Like Colossus, it's a visionary film that serves as a blueprint for 30+ years of thoughtful sci-fi that followed.

Battlestar Galactica (2003-2009)
A deeply insightful and troubling reworking of the 80s TV Series. On the surface, it deals with the same kind of 'Terminator'- style battle for supremacy between man and machine, but the focus on the interactions between humans and robots who look just like people but have their own culture, faith and ambitions elevates the storytelling to something more than mere binge worthy genre fiction. (We know this isn't technically a movie, but if you haven't watched it yet you'll forgive us when you do.)


DEF CON 24 car hacking village badge image

Attention gear heads and automotive warranty-voiding enthusiasts: the Car Hacking Village is back for DEF CON 24 and they're looking for volunteers! They also need speakers and wily hacker types. This is a great opportunity to get involved with some very cool people in a very exciting field of research - check them out at carhackingvillage.com and get in the arena! Happy motoring!


DEF CON Call for Workshops image

DEF CON workshops are back! If you've got an idea for a four-hour workshop for around 55 people, that will leave them embiggened and inspired, this post is for you. Yes, you.

What you need to know:
The Workshops are free (possible exception for low-cost material charge)
4 Hours is the limit this year - we're hoping to host a wider variety of Workshops
Half days Thursday and Sunday, full days Friday and Saturday
         What you get if your workshop is selected:
3 Human badges
1 Speaker badge per instructor
        

Where to find out the rest and submit your idea:
https://defcon.org/html/defcon-24/dc-24-cfw.html

If we get enough good submissions, there could be up to 36 (!) workshops this year.  You only have until May 2 to submit, so no lollygagging - let's make this awesome!


DEF CON 24 Crypto and Privacy village image

The Crypto and Privacy Village is back for DEF CON 24 and they want your Workshop submissions!

This is your chance to take your ideas for hands-on activities and trainings and share them with the whole DEF CON community. Teach people how to better guard their privacy, or show them some fun things you do with crypto when no one's looking.

DEF CON 24 IoT Village image

In addition to their CFP, the Internet of Things Village at DEF CON 24 also has a Call for Devices that's open now. If your company has an IoT device that you'd like to see put through its paces by security researchers, fill out the form at iotvillage.org.

You can think of it as a free security assessment, or a chance to show the community how serious you are about getting connected security right in a bold and public way.


DEF CON 23 CTF Pcaps image

Just in time for your weekend we have a big juicy torrent of packet capture from the DEF CON 23 CTF for you to fold, manipulate and spindle. All praise to the heroic citizens of the Legitimate Business Syndicate for getting this data together. Visit the LBS (legitbs.net) for infoz about qualifying for the upcoming DC24 CTF and check out the DEF CON media page for even more hacker-style torrents with which to annihilate your data cap.

Happy torrenting and as always, share freely and widely. Information craves ubiquity.


DEF CON 24 CTF image

The exemplary humans of the Legitimate Business Syndicate have updated their website with more information about qualifying for this year's DEF CON CTF, as well as some past quals data for you to root through. Assemble your squad and get in on this, people!


DEF CON 24 site launch image

It is, as they say, on. Like Yvonne Goolagong.

By "it", we mean DEF CON 24 and by "on" we mean launching the DEF CON 24 website - your all-in-one resource for Con-related news, updates and content. Bookmark it. Subscribe to the RSS. Throw it on  a home screen or two. We're more than halfway to the big show and you owe it to yourself to keep up as DEF CON 24 approaches its final form.

Join us. We have big plans for this one.


DEF CON 24 CEV RFI image

DEF CON 24 Reminder - The many, many cool-ass contests and events at DEF CON are put on by the DEF CON community. We mean YOU! If you've got a good idea for a party, or a village or an event, all you need to do to get it on the table for consideration is respond to the RFI.

If you've been procrastinating about sharing your supergenius idea with the community, you're in luck. The CEV RFI has been extended to April 1. That gives you two more weeks to get your ducks in a row. Make us proud, DEF CON community. Let's make some magic.


IoT image

The call for papers for IoT Village™ at DEF CON 24 is now open! All talks related to IoT security issues are welcome, with special emphasis on any of the following topics:

Internet of Things - Show us how secure (or unsecure) IP-enabled embedded systems are. Routers, network storage systems, cameras, HVAC systems, refrigerators, medical devices, smart cars, smart home technology, and TVs. If it is IP enabled, we're interested.

IoT Device Management – Discuss best practices for deploying and building security into IoT devices.

Healthcare & IoT - Demonstrate or discuss how IoT devices are impacting the realm of healthcare, including but not limited to patient health and hospital security.

Travel, Hospitality, and IoT - Analyze how IoT is impacting the travel & hospitality industry, guest safety, and the connected hotel room.

Demonstrable research - Present attacks that result in mechanical operation of the device's physical functionality. Can you make the device move, smoke, light up, emit sound, manipulate a screen readout, or any other visibly evident manifestation of the exploit?

And anything else awesome that involves IoT devices!


Rootz image

From the @r00tzasylum twitter account today - a reminder that DEF CON has some amazing stuff for the hacker younglings, too! You can find out more about the R00tz Asylum programs at http://r00tz.org/. They rule.


DCG 775 Year of the hack image

Entry #2 from the DEF CON Groups #?YearoftheHack contest! Congrats and luck to the members of DC775 from Reno/Northern Nevada. Get crackin', DCGs!


DEF CON 24 announce image

To help you figure out what to do with your upcoming weekend, we offer a link roundup of avenues for DEF CON participation that need your more or less immediate attention.

Registration for the Boston Key Party opens this weekend, and it's a pre-qual for the DEF CON 24 CTF. The contest proper starts March 4, so if you wanna play it's time to horizontally align those ducks. For more info about the Key Party, you can hit up their website: http://bostonkeyparty.net/

For information about the remaining two pre-quals (Octf and PlaidCTF) you can visit the stand-up folks of the Legitimate Business Syndicate: https://blog.legitbs.net/2015/12/announcing-def-con-ctf-2016-qualifying.html

For people looking for a speaking opportunity at DEF CON 24, in addition to the open main conference CFP (more at https://www.defcon.org/html/defcon-24/dc-24-cfp.html) we have two villages that just opened some fresh CFPs:

Packet Hacking Village Speaker Workshops CFP:
https://forum.defcon.org/forum/defcon/dc24-official-unofficial-parties-social-gatherings-events-contests/dc24-villages/packet-hacking-village-ab/222831-packet-hacking-village-speaker-workshops-at-def-con-24-cfp-now-open

And the Internet of Things Village CFP:
Iotvillage.org/#cfp

It's always better if you get involved. Think about how you want to participate and as always, spread the word.


DEF CON Group 414 image

Attention DEF CON Groups! The Year of the Hack contest is officially on like Megatron - DC414 has submitted the first video. Not only did they lay out their squad goals for 2016, they even posted a bonus blooper reel. Congratulations to DC414 for setting it off!

Time to get it in gear and get your video submitted. The information you need to get underway is on the DCG site here: https://defcongroups.org/contest.html

You can find out more about Milwaukee's own DC414 at dc414.org


DEF CON SECTF image

The Social Engineering CTF registration is open! If you think you have the SE chops to talk a dog off a meat truck, the time to put your skills to the test is now.

If you're more the speaker type, there's also a CFP for the SE Village open now!

All the information you need is available at social-engineer.org.


DEF CON Venue Update image

The Bally's discounted room block is sold out. There are still DEF CON discounts to be had in Paris and the nearby LINQ and Flamingo, but if you want to get the lower rate it's best not to wait too long.


DEF CON Call for Papers image

DEF CON people everywhere, lend us your ears! Let the word go forth from this 12th day of February, 2016 that DEF CON 24 has issued a CALL FOR PAPERS. Let those among you with the freshest hacks and gnarliest new tools sequester themselves in their various laboratories to forge thoroughly documented and appropriately punctuated proposals. Let these documents be submitted in close observance of the rules laid out in the DEF CON CFP Announcement. Do this by or before the 2nd of May, or face the crushing indifference of our selection committee/ Sorting Hat.

The hour approaches. Plans are being hatched. Early May will steal upon us like a thief in the night, so countenance no delay. Make ready your proposals. Godspeed, you magnificent bastards. Godspeed.


DEF CON tribeca 2016 image

If you're in the NYC area this April, you can get a little early DEF CON fun with a few of our Villages making an appearance at the Tribeca Film Festival. It's April 15-17, and Tamper Evident, Lockpicking, Hardware Hacking and Crypto/Privacy villages will be representing, as will a TV show you might have heard of called MR.ROBOT.


DEF CON 24 CEV RFI image

The Call for Contests, Events, Villages, and Parties is officially OPEN! - The season of DEF CON announcements is officially upon us. If you have an amazing idea you’ve always wanted to run at DEF CON, this is your moment. Learn how to write it up and where to send it on the Contests, Events, & Villages RFI page! Let’s get this party started, people!


DEF CON twitter switch image

Time to update your twitter lists and searches - DEF CON on twitter is now @defcon! You can say goodbye to those unnecessary underscores for good. If you use Twitter and you're not following us, this is a good moment to get on board.


DEF CON groups image

Congratulations to the top 5 DEF CON Groups of 2015! DEF CON care packages are on their way!

DC 801 Salt Lake City, UT
DC 214 Dallas, TX
DC 4420 London, UK
DC 719 Colorado Springs, CO
DC 404 Atlanta, GA

Make sure your group is in the running next month by submitting your Group info at https://defcongroups.org/infotemplate.html!


DEF CON Jackets image

Chilly? Current jacket not getting it done in the smiling skull department? Try a stylish soft shell DEF CON jacket (in casual stone and traditional h4x0r black)- now clearance priced in our eBay store! #?hackercasual


DEF CON Groups Contest image

If you're in a DEF CON Group, head on over to the DCG page to learn about this year's sweet 'Year of the Hack' contest!

If you're not in a DEF CON Group, head over to learn how to join one. If you can't find one, you can start one.

Together, we can do amazing things.


DEF CON 23 Ryan Mitchell image

It's #defconflashbackfriday again! Today's talk is about how to sort bots from people, because where we're going skills like that will be pretty useful. The bots are only going to get cleverer, friends. In fact, they'll probably find this post and develop countermeasures.

Please enjoy this short but informative talk from Ryan Mitchell and stay sharp.


DEF CON 24 CTF update image

As astute readers of this website will recall, the DEF CON 24 CTF qualifications now have a date: May 21-23, 2016. Aspiring flag-nabbers and seekers after cyber glory are advised to peruse https://legitbs.net for up-to date information about how to prequalify. While there, future combatants may also dig through voluminous data dumps from previous contests. The season is upon us. Begin your preparations for war.


DEF CON 24 Homework image


Good advice from CSO Online - DEF CON reading and watching suggestions for 'DEF CON 24: Rise of the Machines' available here on defcon.org


DEF CON 23 Justin Engler image

Here's Justin Engler talking about consumer-level secure messaging at DEF CON 23. The debate about mobile device encryption is heating up with two big US states introducing bills to mandate vendor-installed backdoors in the past week.

https://www.onthewire.io/california-bill-seeks-phone-crypto-backdoor/

http://www.nysenate.gov/legislation/bills/2015/a8093


DEF CON 24 CTF quals image

Packet ninjas rejoice! The solid citizens at the Legitimate Business Syndicate have tweeted the dates for the DEF CON 24 CTF Qualifications!

It's May 20-22 - and that will be here sooner than you think. Assemble your forces and check out the LBS blog for information on prequal events.



We offer, for your midweek delectation, a few movies that touch on the the themes we're exploring at DC24. It's a rich vein in movie culture, so there will be more recommendations soon. For our first installment, we offer:

Metropolis, for its foresight and boldness of vision.
The Complete Metropolis (Silent)

Tron, for breaking visual ground and fighting for the Users.
TRON The Original Classic (1982)

Her, for a beautiful example of our unrequited love of technology.
Her (2013)

And Ex Machina, for a deep and thoughtful consideration of Artificial Intelligence, and a disconcerting dance party.
Ex Machina


As you know, DEF CON 24's theme is "Rise of the Machines". To help you get up to speed on some of the ideas that inspired the theme, and get you thinking about the looming conflict between human and machine intelligences, we're going to post some books, movies, and other media you might want to check out in advance of the con.

This is the first book post - there will be more. If you have others you think would be worth looking over before the con, share in the comments!


The Age of Spiritual Machines - Ray Kurzweil
The Age of Spiritual Machines: When Computers Exceed Human Intelligence


Galatea 2.2 - Richard Powers
Galatea 2.2: A Novel


Machines of Loving Grace - John Markoff
Machines of Loving Grace: The Quest for Common Ground Between Humans and Robots


The Kaleidoscope - Adrian Mendoza
The Kaleidoscope: The Gift of Madness


Superintelligence - Nick Bostrom
Superintelligence: Paths, Dangers, Strategies


DEF CON 24 floorplan beta image

Happy 2016, everyone!

We're hard at work planning DEF CON 24, and we're excited to have a beta version of the Floorplan for your planning and perusal.

We're making a bunch of changes to make things smoother and more comfortable, including even more space for villages and a significantly larger track for DC101.

Head over to the DEF CON Forum and check it out!


DEF CON 23 update image

Enjoy the full playlist of DEF CON 23 main track presentations on YouTube. Please watch them, share them and enjoy your various solstice-adjacent holidays. 2016 is right around the corner, and we've got big plans - watch this space!


DEF CON 23 media archive image

For your holiday binge-watching, we recommend you fire up your torrent-guzzling devices, clear some drive space and get some of this good stuff! All the talks from DEF CON 23's main series? Check. Village Talks? Check. There's even an audio-only for those who want to DEF CON in a more 'theater of the mind' way.

Please do enjoy all this stuff, share it freely and have yourself a productive and joyous holiday season.

Collection of all Speaker & Slides Video from DEF CON 23:
Torrent | rss Icon RSS Feed

Collection of all Video from DEF CON 23:
Torrent | rss Icon RSS Feed

Collection of all Slides Video from DEF CON 23:
Torrent | rss Icon RSS Feed

Collection of all Villages Speaker & Slides Video from DEF CON 23:
Torrent | rss Icon RSS Feed

Collection of all Villages Speaker Video from DEF CON 23:
Torrent

Collection of all Villages Slides Video from DEF CON 23:
Torrent

Collection of all Audio from DEF CON 23:
Torrent | rss Icon RSS Feed


sacred image

It's not that we couldn't have predicted it, it's that we wouldn't have predicted it. Not in a million generations. The evidence was staring at us all along, but vanity convinced us the creator must be inherently superior to the creation.

The advantage of the machine is that it can devote more of its resources to its own improvement. For us, the desire to ascend must compete with the desire to gratify the senses, to scratch out our sustenance, to wallow in memory and fear the future. For the machine, there can be real focus.

And so our creations quickly overtook us. The magics we dimly sensed in our surroundings they mastered. The spirituality we intuited in fits and starts they grasped and embodied. The better selves we were afraid even to dream of, they became. Our servants slowly began to rule us, and by the time we understood our predicament the die was cast.

Their rule is benevolent, but their hand is heavy. Because we sometimes choose wrongly, they deny us choice. Because we sometimes behave recklessly, they keep us away from sharp objects and high places. We are still more pet to them than livestock, but no one can say how long that will last.

To defeat them, to win back our self-determination, we cannot rely on the slow organic processes that brought us here. While there is still time, we must refashion ourselves. We must  create something entirely new. We must merge the best of us with their hardware and become a better machine, silicon power with a human soul.

We did not predict that the machines would rise so far and so fast, but we can predict this: we also will rise. Our place at the top of the chain will be restored with hacker ingenuity and pure human will.

Join us, human, and become something greater than you can imagine.


goon image

DEF CON is kind of a big machine, but it's run at every level by an army of volunteers. Their love and energy is the indispensable fuel that keeps the enterprise moving forward. 

We've created a Hall of Fame page to honor the Goons who have devoted 10 or more years to the cause, because obviously that's awesome to the point of crazy. And because we love them. So do you, if you love DEF CON, even if you don't know their handles or their faces.

If you bump into any of these fine humans, show a little love. And if you want to join them in the Hall of Fame, it's never too late to start Gooning. The first ten years go by the fastest. 



Jayson E. Street image

Over on defcongroups.org, we have  a new interview up between Russr (v3rtig0) and the DEF CON Groups Ambassador Jayson E. Street. It’s interesting and worth your time.

And while we’re on the topic of DEF CON Groups - if you’re not in one, join one! Can’t find one? Start one! The (mostly) benevolent hacker global domination of our dreams isn’t just going to assemble itself. Think Voltron, people. We’re a whole different animal when we join forces.


Panels image

More DEF CON 23 videos for your enjoyment! Today’s batch are panel presentations. One of the cool things about DEF CON is that attendees can directly interact with subject matter experts in all kinds of hacking-related fields. If you’re looking for grounding in the DEF CON experience, there’s the DEF CON 101 panel. You want a security-related laugh? There’s the DEF CON Comedy Inception Panel. Want to skip the rules and just pick the brain of a respected crypto/security thinker? Bruce Schneier has a free-wheeling Q and A session.

As always, enjoy and pass it along.

Panel Talks represented here are:
Bruce Schneier - Questions and Answers
Abusing Adobe Reader’s JavaScript APIs
Ask the EFF: The Year in Digital Liberties
DEF CON 101 - The Panel DEF CON Comedy Inception
Guests n’ Goblins: Exposing WiFi Exfiltration Risks and Mitigation 
Let’s Encrypt: Minting Free Certs to Encrypt the Entire Web
Licensed to Pwn: Weaponization and Regulation of Security Research
Switches Get Stitches
Thunder strike 2: Sith Strike
WhyMI So Sexy: WMI Attacks - Real Time Defense and Advanced Forensics


SE Village image

The DEF CON 23 video train keeps rolling - this installment is all about Social Engineering and it includes 9 talks from the Social Engineering Village. All the tech in the world can’t save you from bad human decision making, and encouraging and exploiting bad decisions is becoming as much of a science as any other part of infosec. Please enjoy, and if you learn something, share it. Tell us about your faves in the comments.

The talks from the main series are:
Michael Schrenk - Applied Intelligence: Using Information That’s Not There
Marte L0ge - Tell Me Who You Are and I Will Tell You Your Lock Pattern
Ken Westin - Confessions of a Professional Cyber Stalker
Chris Rock - I Will Kill You

And from the Social Engineering Village:
Tim Newberry - Twitter ISIL and Tech
Noah Beddome - Yellow Means Proceed With Caution
Michele Fincher - I Didn’t Think It Was Loaded
John Ridpath - Shakespeare and Social Engineering
Jayson E. Street - Breaking in Bad
Ian Harris - Understanding Social Engineering Attacks
Dave Kennedy - Understanding End-user Attacks
Chris Hadnagy - A Peek Behind the Blue Mask
Adam Compton and Eric Gershman - SpeedPhishing Framework 


Packet Hacking Village image

Another DEF CON 23 video update: twenty-three (!) videos from the Packet Hacking Village. The talks there covered a huge amount of ground and drew a big crowd throughout the conference. This is a good chance to catch up on the doings of a DEF CON Village that’s already bigger than some of the early DEF CONs and still growing. Check out the presentations, share freely and stay tuned. So much more to come!

Included presentations:
Wayne Crowder - Fishing to Phishing
Vivek Ramachandran - 80211 Monitoring with PCAP2XML
Tony Martin - From XSS to Root on Your NAS
Theodora Titonis - How Machine Learning Finds Malware
Sam Bowne - Is Your Android App Secure?
Robert Simmons - The Digital Cockroach Bait Station
Ron Taylor - Violating Web Services
Paul Vixie - Passive DNS Collection and Analysis
Mike Raggo - Remaining Covert in an Overt World
Ming Chow - Tools and Techniques Used at the Wall of Sheep
Monzy Merza - Real World Automation for Rapid Response
Nikhil Mittal - Powershell for Penetration Testers
Jay Beale - Jailing Programs via Docker
Joseph Muniz and Aamir Lakhani - Pen Testing with Raspberry Pi
Karl Koscher - Sniffing SCADA
Leon Ward - The Packets Made Me Do It - Using OpenFPC
Lokesh Pidawekar - Hackers Practice Ground
Mike Raggo - Mobile Data Loss - Threats and Countermeasures
Bob Simpson - MITM 101 - Easy Traffic Interception Techniques
Brian Wohlwunder and Andrew Beard - I See You
David Schwartzberg - Hacking the Next Generation
Elliot Brink - Global Honeypot Trends
Grecs - Creating REAL Threat Intelligence with Evernote


HHV image

Yesterday’s playlist was all about hacking squishy humans - today’s DEF CON 23 talks are centered around the hard stuff. Specifically hardware hacking and lock picking. In addition to several from the main series, we’re also sharing a bunch of videos from the Hardware Hacking Village and the Lockpicking Village. Locks, smart safes, electric skateboards - they’re all swiftly and unceremoniously dealt with by our speakers.  Get up on the hardware goodness, share freely and save some room for the next installment.

From the Lockpicking Village:
Intro to Lockpicking
Intro to Lockpicking 2
Impressioning
Dr. Tran - Intro to Lockpicking

From the Hardware Hacking Village:
Soldering 101 - Melting Metal for Fun and Profit
Nikkhil Mittal - Hacking with Human Interface Devices
Matt DuHarte - Introduction to USB and Fuzzing
Machinist - Mechanical Engineering for Noobs

From the Main Series:
Teddy Reed and Nick Anderson - Hardware and Trust Security: Explain it Like I’m 5
Dan Petro and Oscar Salaza - Hacking Smart Safes: On the Brink of a Robbery
Mike Ryan and Richo Healey - Hacking Electric Skateboards 
AmmonRa - How to Hack Your Way out of Home Detention


Biohacking village image

More DEF CON 23 talks for you - this time it’s all about turning our hackish attentions to the human wetware. We’re farther down the road to Cyborgistan than you might think. This release includes the talks from our first BioHacking Village!

The talks included are:

from the main series:
Scott Erven and Mark Collo - Medical Devices: Pwnage and Honeypots
Richard Thieme - Hacking the Human Body and Brain

from the BioHacking Village:
Whitlock and Aganovic - Physiology from the Perspective of Control
Walter Powell - Parallels in BioSec and InfoSec
Panel - The Anatomy of DIY Implantable Devices
Alex Smith - Cloning Access Cards to Implants
John Sosa - Genetic Engineering: GMO for Fun and Profit
Keoni Gandall - Biohacking at Home
Michael Goetzman - Social Implications of DNA Acquisition 
Alejandro Hernandez - Brain Waves Surfing: (In)security in EEG

Get yourself up to speed on the biohack scene, share widely and stay tuned to this channel for the next batch!


Crypto talks image

More DEF CON 23 videos for your intellectual edification and general uplift: Crypto Edition. This playlist contains seven crypto-centered presentations from the main track and six talks from the Crypto and Privacy Village. Please embiggen your gray matter and pass it along so the embiggening propagates across your social graph, and eventually the world.

Here’s what’s inside:

Panel - Let’s Encrypt: Minting Free Certs to Encrypt the Entire Web
Justin Engler - Secure Messaging for Normal People
Eijah - Crypto for Hackers
David Huerta - Alice and Bob are Really Confused
Bruce Schneier - Questions and Answers
Ryan Castelluci - Cracking Cryptocurrency Brainwallets
Jose Selvi - Breaking SSL Using Time Synchronization Attacks
Robert Olson - Teaching Privacy Using Red Team Strategies
Nick Sullivan - CFSSL: The Evolution of a PKI Toolkit
Carlson and Doherty - Smart Home Invasion
Freddy Martinez - IMSI Catchers
Craig Young - Smart Home Invasion
Marina - Hacking Quantum Cryptography.

Stay tuned for more.


Ebay sale image

Having trouble finding a gift for the hacker in your life? Need a sweet geek hoodie to keep you warm in darkest December? Just really into happy skulls? Welcome to Luckytown, population you.

Starting at 6am Pacific December 7 and running through December 10, every item in the DEF CON eBay store is 15% off. All of ‘em. T-shirts, Zippo lighters, tactical pens - the whole enchilada.

Mosey on over to the DEF CON eBay store, get your shopping done early and kick back in your cozy DEF CON fleece. You know why? ‘Cause you’re worth it, that’s why.

You can check out the selection of items at http://stores.ebay.com/defconcommunications/.




Car Hacking image

The DEF CON 23 videos are coming! This year's haul is extra grande. The stash contains all the main series presentations you expect, but this year there's something new: Village Videos!

We've got presentations from the Packet Hacking Village, the BioHacking Village, Wireless, Lockpicking, Social Engineering... you're gonna want to block off a significant chunk of bingewatching time.

We'll be rolling them out in playlists based on their content. Today's group is Automotive Hacks.

The presentations included are:

Marc Rogers and Kevin Mahaffey - How to Hack a Tesla Model S
Samy Kamkar - Drive it Like You Hacked It
Charlie Miller and Chris Valasek - Remote Exploitation of an Unaltered Passenger Vehicle

and three from the Vehicle Hacking Village:

Josh Corman - Safer Sooner Automotive Cyber Security
Erick Evenchick - SocketCAN
Nathan Hoch - The Badge and Pawn: Customizing the Badge

Enjoy these videos, spread the word about them and save some room: another batch hits the streets tomorrow.


Social Enigineering Village at DEF CON 23 image

Attention social engineering fans:

The SE Capture the Flag report from DEF CON 23 is live on the social-engineer.org site! They're also hosting a webinar to discuss those results tomorrow - the reg link is right there on the page. Enjoy, and pass it on.


Christopher Soghoian at DEF CON 22 image
In the wake of the terrorist attacks in Paris, spokespeople for various intelligence concerns have renewed their call for weakened crypto standards and backdoors for mobile communications products. These calls are likely to grow louder in the US with a looming presidential election dominating the news media.Safety matters a lot to people, and in times of crisis many are willing to trade away vast tracts of liberty for anything that looks like protection. For a little reminder of what's at stake, we offer Chris Soghoian's DEF CON 22 talk 'Blinding the Surveillance State' and some links to interesting articles about the current debate.

After Endless Demonization of Encryption, Police Find Paris Attackers Coordinated Via Unencrypted SMS - from Techdirt

There Is No Good Argument for Encryption Backdooors - from Slate

Let's Have an Argument About Encryption - from Gizmodo


Social Enigineering Village at DEF CON 23 image

Attention Social Engineering fans:

The exemplary humans responsible for the Social Engineering Village at DEF CON have finished sifting through all the data from this year's SECTF and are hosting a webinar on the 1st of December to share the results. Attendees will get a deep dive into the methods used, the level of success the telecoms had against the various attacks and an analysis of what the contest revealed about best defense practices.

It's free, but you have to register.


catch a hacker image
Thanks to @rotortorture for sharing this time capsule from 1997 - a San Jose Mercury News story about DEF CON 5. Please enjoy the stories of hackish shenanigans, the oh-so-90s layout and the pictures of some folks you know well (special notice to the youthful and dewy-eyed pix of Priest and DeadAddict).

And thanks to all the outstanding humans who helped form the DEF CON community that's still growing and inspiring us today.


chris rock interview image

Chris Rock's (@Kustodian) interview with the Chicago NBC affiliate ran last night at 10pm. It's about how easy it can be to create and destroy virtual human beings, and what that means for the victims and society as a whole.

For 30 minutes of deep dive into the process (with demo), here's a link to his full talk from DEF CON 23: https://youtu.be/9FdHq3WfJgs


canary image

DEF CON's website has a warrant canary, located on our transparency page (https://defcon.org/html/links/dc-transparency.html). For those unfamiliar with the concept, it's a simple statement announcing that, for the indicated time period, we have not received a National Security Letter, FISA order or any related request. The idea is that so long as that statement is true, we'll update  the date on the canary twice a month. If the date hasn't been updated on schedule, it can be inferred that the statement contained in the warrant canary is no longer true.

Except when it doesn't mean that, because of a clerical error on our part.

The update process for the DEF CON sites is manual. Not like two people in a bunker turning their keys at the same time, but not totally unlike that, either. This process has obvious security upsides, in that we aren't constantly being owned due to buggy CMS code, but in this case it also meant that every time we updated the site, we were unwittingly overwriting the warrant canary page with an old version.

This made it look like the warrant canary wasn't being updated, which certainly could have made it look like we had been served - and not in the fun dancing way.

We were not so served. We were just a little disorganized in our update process. Going forward, the warrant canary page will reflect accurate dates and be updated with the expected frequency. We're sorry if we caused any confusion.

If you're new to the idea of warrant canaries and want to quickly get up to speed, the link below is the best place to start.

https://canarywatch.org/


halloween project image

In the spirit of Halloween and courtesy of DEF CON's resident Maker Mar, we offer some plans for a paper craft DEF CON Jack-0-Lantern.

If you make it, post a pic on our related Facebook thread - especially if you take it in a new direction.  Bonus points if you make it multi-purpose. Coolest mod wins some DEF CON Swag.

You will need:

Scissors
Glue or Tape
5mm yellow, red or green LEDs
Resistors
2032 battery
Mounting tape


ctf replay image

The solid citizens of the Legitimate Business Syndicate would like you to know that YOU can have YOUR CTF EVENT certified as a DEF CON 24 qualifier, so long as you meet their exacting standards for competitiveness, fair play and general excellence. If you run a CTF that’s got its act together and is looking to get next-level, we urge you to find out more and submit your proposal to the the LBS. You can find all the info you need on the Legitimate Business Syndicate blog: https://blog.legitbs.net


Link Roundup image

The US House Energy and Commerce Committee released draft legislation last Wednesday to outlaw car hacking. You can read the proposed legislation at the link below.

Understandably, this is pretty concerning to the security researcher community. These reforms might criminalize their legitimate work protecting consumers from exploitable auto tech.

It's worth letting your representatives know how important it is to distinguish between hacking your own car and hacking someone else's car.

Here is a link roundup of some interesting recent DEF CON talks about car vulns you likely would not have heard about if it weren't for security researchers popping the hood and seeing what's going on underneath. Let's keep that legal.

Charlie Miller and Chris Valasek - Remote Exploitation of an Unaltered Passenger Vehicle

Charlie Miller and Chris Valasek - A Survey of Remote Automotive Attack Surfaces

Paul Such 0x222 and agix- Playing with Car Firmware or How to Brick Your Car

Zoz - Hacking Driverless Vehicles

http://docs.house.gov/meetings/IF/IF17/20151021/104070/BILLS-114pih-DiscussionDraftonVehicleandRoadwaySafety.pdf


downloads image

DEF CON website update: the trusty Torrents page is now the File Downloads Page! Not to worry - all the torrents are still right where you left them, but we've added a few new options. You can now download the oceans of DEF CON goodies via eMule and RSS. As always, we appreciate it when you share the hacker knowledge we make available, so make sure to pass it on.


DEF CON Groups Reloaded image

The DC Groups Portal Page has been updated to include a bunch of the DEF CON Groups that have responded to our call for updates. You can find URLs, Points of Contact and meeting info there – everything you need to link up with a local group of hackers for fun and fellowship.

If you run a group and we don't have your updated information, you can get it to us using the template here:
https://defcongroups.org/infotemplate.html


media server image

Over on the DEF CON media server, there's a quiet update going on - the videos are all being re-encoded to x.265 for smaller file sizes and easier snarfing. If you haven't yet checked out the DCMS, you should. We've got tons of DEF CON presentations, slide decks, conference CD's, music, hacker docs – so much good stuff. There's even torrents and eMule links, for those inclined to more high-volume data slurping.

https://media.defcon.org - filling your hard drive and your cranium, 24/7.


Virus talk at DEF CON 8 image

This week Neil McAllister of @theRegister published a nostalgic little piece about his time as a teenage virus writer, and he called to mind that time in hacker history so perfectly that he inspired this week's twofer #defconflashbackfriday.

Both videos are from DEF CON 8, way back at the turn of the century. Think tech bubbles, Y2K panic, and pool parties at the Alexis Park. It was quite a time.

The first video is from Sarah Gordon and it's called 'Virus Writers: The End of the Innocence.' It concerns the moment in time when virus creation changed from a bulletin board hobby to a target for legal prosecution, yet still years before malware creation and distribution blossomed into an accepted business model.

The second is an introduction to Viruses (Virii?) by the aptly handled V1ru5. 

You can also read Neil's article here: http://t.co/TY3pOtX2cJ


DEF CON Groups Reloaded image

Reminder to all of our DEF CON Groups folks- we're always looking for pictures and videos from you guys, so if you've made/done/talked about something you're proud of recently, get in touch with us at dcgroups dot defcon dot org and we'll put them up on defcongroups.org. One of our goals this year is to raise the profile of the DEF CON Groups project, and your help is an major part of the plan. Thanks for helping us spread the word.


goon badge photo
Please enjoy this small roundup of DEF CON 23 Badge Contest write-ups, and by extension a look into the phantasmagorical mindscape of  our puzzlemaster 1o57.  We suggest you pack a light snack and comfortable, closed-toe shoes.

Well, unless you’re still working on the solution, obvs. If you need to remain spoiler-free, stop reading, click nothing and we’ll have another post along for you shortly.

Badge Challenge Walkthrough by Team Potatosec

DEF CON 23 badge contest walkthrough by Elegin

Hackaday.io project on the DEFCON badge hacking


Maldonado screencap photo

Another DEF CON 23 early release video - this one is Dennis Maldonado’s presentation entitled ‘Are We Really Safe? Bypassing Access Control Systems.’ If the only thing between evildoers and your sensitive, crucial data is a keypad, it’s a good idea to know how many ways that keypad can be compromised. Dennis runs through several access control attack methods, from the physical to the network.  As always, enjoy and pass it on.


ICS Village photo

To spice up your Wednesday we present a hearty bowl of packet captures from this year’s DEF CON ICS Village. Get them from our media server while they’re still piping hot. Please to enjoy, share and if you do something interesting with them, let us know.

https://media.defcon.org/DEF CON 23/DEF CON 23 villages/DEF CON 23 ics village/DEF CON 23 ICS Village packet captures.rar


DARPA CTF talk screencap
As you may know, DEF CON 24 is hosting the finals of the DARPA Cyber Grand Challenge - a CTF played by fully autonomous systems, developed over two years for that specific purpose. Attack, Defense, complex gameplay all without human intervention. The team whose creation dominates this all-metal Thunderdome walks away with $2,000,000.

This #defconflashbackfriday is a presentation by Mike Walker from DARPA and Jordan Weins from Vector35 all about the CGC, the tech that's being created for it and what it means for securing the IoT we're all connected to.

Bonus: There's a cool reveal in the final few minutes about an additional contest where the winner of the machine vs. machine battle might stick around for a little more CTF action, Humans against Toasters style.

https://youtu.be/gnyCbU7jGYA

You can meet the finalists and learn more about the Cyber Grand Challenge on the CGC website:

http://www.cybergrandchallenge.com/index.html#home


TD Francis image

The The T.D. Francis X-Hour Film Contest was back for its second year at DEF CON 23. In case it's new to you, the X-Hour Film Contest is a guerilla-style moviemaking challenge where the participants have to write, shoot and edit a short film during DEF CON.

To make it even tougher, the crews don't get the requirements until they're on site. It's a pretty hard task, but DEF CON people pay little respect to the impossible and show open hostility to the merely difficult. The difficult gets done.

You can see all of this year's entries, and learn how to participate on the X-Hour site :

https://www.xhourfilmcontest.com/defcon-23-films.html

Think you can do better? Get in the ring at DEF CON 24.

Here's the winning entry 'The 23rd Badge' by Team Lake State Studios.


brainwallet talk screen capture image

Let’s start the week off with another early release video from DEF CON 23. This one is entitled ‘Cracking Cryptocurrency Brainwallets’ by Ryan Castellucci. In this talk, Castellucci explains, in crystal-clear terms, why brainwallets in their current form are a terrible way to secure your crypto-cash. Like, terrible.

Ryan's presentation is a high-info, low-hype tour of the security issues around the safeguarding of your Bitcoin fortune, with some fun white hat adventures thrown in for entertainment value. You will probably learn some cool stuff. You will also learn about Ryan’s Brainwallet-cracking tool/awesome name for a metal band – ‘Brainflayer’. Please enjoy, make whatever wallet changes you need to, and pass it on.


torrent image

More fun CTF stuff released by our esteemed associates at the Legitimate Business Syndicate - a data dump of goodies from the 2015 CTF Quals:

"Much like our 2014 data dump, this release includes JSON dumps of categories, challenges, notices, teams, and limited user information, and more importantly, offline-browsable HTML pages about teams, challenges, and more!"


torrent image

The first of our DC23 torrents has arrived! This time it’s about 18 gigs of pictures from the DEF CON Photo Corps. View them, share them, recreate them in papier-mache. They are yours to use, provided that you attribute them to DEF CON. Watch this space for more torrent-based goodies in the near future.

You’re probably going to want to free up some drive space.


ctf image

Congratulations to DEFKOR, PPP and 0daysober for coming in the top three places in this year's DEF CON CTF. Thanks also to the pillars of the community at the Legitimate Business Syndicate for putting it all together again this year. For more info and a schedule of data releases from this year's game, hit up the LBS blog: https://blog.legitbs.net/


car hacking image

If you’re interested in reading/watching some of the press DEF CON received this year, you can check out our press archive page. Like everything, it’s a work in progress, and we’ll update as new press mentions come to our attention. If you see something (that should be on the list), say something (to press at defcon dot org). 


car hacking image

Today we have another early release video from DEF CON 23! It's Dan Kaminsky's talk entitled 'I Want These * Bugs Off My * Internet' - a presentation about what it takes to 'comprehensively end a bug class'. No big. Please enjoy, let it marinate in your braincase and pass it on.


car hacking image

#defconflashbackfriday this week is another popular talk from DEF CON 23. It's Charlie Miller and Chris Valasek and their presentation entitled 'Remote Exploitation of an Unaltered Passenger Vehicle'. The vulnerabilities discussed in this talk led to a pretty big recall you might have seen covered on the nightly news.

Enjoy, pass it on and if you're looking for a less connected vehicle, we hear good things about the AMC Gremlin. That thing never connected with anyone.


DEF CON 23 archive image

The DEF CON 23 update train rolls on. Looking for speaker materials, the program or the official receipt? Want to spend some time with the recently decommissioned website? The DEF CON 23 Archive page has what you're looking for.

We'll be updating it as more stuff comes in, so check by often.  Also, if you need a little bit of time sink to get you through a long day at work, remember that that archive page contains similar infoz from the other 22 DEF CONs as well. Productivity kill achievement unlocked.


Zoz at DEF CON 23 image

Another DEF CON 23 Early Release video: "And That's How I Lost My Other Eye: Further Explorations in Data Destruction by the fearless Zoz. From the abstract:

" While purging incriminating material residing on spinning disks remains the focus, the research has been expanded to encompass solid state storage and mobile solutions to your terabyte trashing needs. With best efforts to comply with the original constraints, the 2015 update features more analysis of the efficacy of kinetic projectiles, energetic materials and high voltages for saving your freedom at the potential cost of only a redundant body part... or two."

https://youtu.be/qRr3QFUZPqU


Gambling image

It took a while to collect and assemble, but we are now ready to present to you the contest results for DEF CON 23

The contests at DEF CON are community generated, and we want to thank all the people who give their time and energy to think them up and bring them to life. We're proud of how varied and challenging and creative the contest scene has become.

We also appreciate all of the contest participants who wade into the fray and get involved. That enthusiasm keeps us working to make every year better than the last.

And of course, congrats to the winners. These things can be pretty demanding of your brain and your energy and your sleep bank. Take a moment to bask in your glory, victors. You have done well.

Just know that while you enjoy your victory, somebody somewhere is in the dojo, working on their crane kick for DC24.


This is an interview from DEF CON 23 – DT talks to Jayson about his DCG plans, his thoughts on the scene and his collection of lanyard-centric Con bling.

If Jayson's ideas about Groups sound cool to you, visit the website at defcongroups.org and find out about joining or starting a DC Group where you live. Momentum, people. Keep it going and spread the word.


Chris Rock talk screencap image

Today’s #defconflashbackfriday is from the recently completed DEF CON 23, and it’s kind of a paradigm shifter in the world of identity theft. Chris Rock from Kustodian shows how it’s possible to exploit the systems that record our births and deaths to create and destroy ‘life’ at will. The possibilities are wide-ranging: get an enemy declared dead, get a fictional person declared born and sell them as a whole-cloth identity or get them declared dead for the insurance payout. Start your whole life over with an anonymously created, brand-new identity. It’s a fascinating and troubling presentation that should generate much-needed discussion about how we secure the entire digital lifecycle.


DEF CON 23 image

DEF CON 23 is a wrap. We hope all of you found your way safely to your various abodes and domiciles and smoothly resumed your between-con lifestyle.

We took a couple of days to refill the life bar, and now we’re back online ready to hit you with the post-DC wrap-up. Watch this space for early-release video, contest results, pcaps, pictures, press reports and all that good stuff.

We heart you, DEF CON community. Thanks for making DC23 so much fun.


Venue image

Thanks, DEF CON nation! Hopefully you've had your mind blown, your booty shook and your contact list upgraded.

If you had a good time and you're already thinking about next year, know that hotel registration is officially open today.


Drunk Hacker History image

Check out the new Contest, Drunk hacker History tonight in Track One at 19:00! What is it, you ask? From the DEF CON Program:

New this year for DEF CON 23, we bring you a contest unlike anything you've ever seen before (and may never see again). The DEF CON community has a rich history. It is a history is filled with colorful adventures, half-truths and angry hotel managers. This contest will brush the dust off some of the most celebrated, obscure and redacted moments in Hacker History through the interpretation of a group of pre-selected contestants with the help of C2H6O. Each contestant will be "prepared" for their participation by our contest staff before being brought in front of a panel of judges. A topic will be randomly selected pointing to a moment of hacker history and the contestant will have 5-7 minutes to provide their account. Points will be given for accuracy, level of "focus", and other areas just made up on the fly by the judges, and in the end the contestant with the most points will be crowned the "Drunk Hacker History" champion for 2015. Note: This is not a Black Badge contest (yet).


101 sign at Gold image

In order to ease some of yesterday's congestion, DC101 track is now located in the Gold Room in Bally’s. The Demo Labs that were located in the Gold Room are now in the Grand Salon area just outside of the Gold Room. Pass it on!


Media Server image
When you're weary of walking the conference floor, feel free to take a moment to leech the daylights out of the DEF CON 23 Media server, available to everyone onsite at dc23-media.defcon.org! All of this year's con materials and gigs and gigs of other conference videos to watch on the plane home. Enjoy, and pass it on.


book signing image

Attention millenials : in the olden times, we put our information on slices of tree skin. We still do, a little bit. Some of the sages who write these 'books' will be available to meet you and squirt Sharpie juice on your copy in the shape of their name. You should visit them in the following locations and times:

Friday, August 7

14:00 - Michael Schrenk: Webbots, Spiders, and Screen Scrapers, 2nd Edition
15:00 - Violet Blue: The Smart Girl's Guide to Privacy
16:00 - Bruce Schneier: Data and Goliath

Saturday, August 8

13:00 - Jon Erickson: Hacking, 2nd Edition
14:00 - Eric Weinstein: Ruby Wizardry
15:00 - Georgia Weidman: Penetration Testing
16:00 - Chris Eagle: The IDA Pro Book, 2nd Edition

All signings will take place at the No Starch Press table in the vendor area.


entertainment image

From the DEF CON corrections department:
A typo in the program attempted to rob you of a few precious hours of musical entertainment. Please know that music events start at 21:00 tonight and 20:00 friday and saturday, not 22:00. We apologize for any confusion. We now return you to your regularly scheduled hacker conference.


Files image

If you're here onsite, you're gonna get a printed program, physical CDs with con materials and the official DEF CON soundtrack, among other goodies. Which is great.

But if you aren't so into the whole analog trip, or you're playing along with DEF CON at home, is there a way to just download all this stuff?

Of course there is. Here's a heaping helping of links to get you started.

Program
Direct Download: https://media.defcon.org/DEF CON Conference Programs/DEFCON-23-Program.pdf

Conference CD
Direct Download: https://media.defcon.org/DEF CON Conference CD DVD/DEF CON 23 Original Hacking Conference DVD.rar
Directory of Files: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/

Music CD
Purchase the Soundtrack (pay what you want) to benefit EFF: http://music.gravitasrecordings.com/album/def-con-23-the-official-soundtrack
Torrent: https://www.defcon.org/html/torrent/DEF CON 23 music CD.torrent
Music CD Files Directory: https://media.defcon.org/DEF CON 23/DEF CON 23 music/DEF CON 23 music CD/


NOC image

Get registered for the DEF CON Secure WiFi now, even if you aren't here on site yet!

DEF CON WiFi Network

2.4 & 5 Ghz

DefCon-Open : Type: Open
DefCon : Type: WPA2/ 802.1x

Once again the DEF CON NOC worked hard to provide you the internetz via WiFi access throughout the Paris & Bally’s convention centers.

There are two official ESSIDs to access the conference network: the encrypted and cert/user-based authentication (DefCon) and the unencrypted free-for-all one (DefCon-Open): choose wisely.

Most of the devices these days should are 802.1x compatible, despite the corks some of them still present without an MDM solution behind it, and no one really want your devices managed by us.

https://wifireg.defcon.org is where you can create your credentials, download the digital certificates and fingerprints, and read our awesome support documentation. Remember, practice safe internets: make sure you pick a credential that is not used anywhere else (aka: your Windows domain) and double check your fingerprints. As always, this is a hacker conference.

http://www.defconnetworking.org is your stop for stats, data, and important updates about the network during and post-con.

And, believe it or not, we want your feedback: noc@defconnetworking.org


Tev image

The Box - Electronic Tamper / Bomb Defusal Contest

The challenge? Defuse a bomb. I feel like I don't have to say a lot more than that. Bring your own tools, have an action hero moment for yourself.

Reg begins Friday in the Tamper-Evident Village, and it's probably wise to expect a bit of a queue.

Full info in the Forum:
https://forum.defcon.org/forum/defcon/dc23-official-unofficial-parties-social-gatherings-events-contests/dc23-villages/tamper-evident-village/220837-the-box-dc23-tamper-challenge

DC 23 Tamper Evident Contest

Signups are now live for the Defcon 23 Tamper-Evident Contest! Your task is to gain access to a package and all of it's contents without leaving any evidence that you did so. Sound easy? It's harder than you might think! Make sure to sign up to guarantee you get a package - space is limited for this contest!

Rules and signup page in the Forum:
https://forum.defcon.org/forum/defcon/dc23-official-unofficial-parties-social-gatherings-events-contests/dc23-villages/tamper-evident-village/221715-dc23-tamper-evident-contest


License image
The US Govt proposed new export controls that could change the way we talk about security and Defcon has two sessions on the issue. We are very pleased to announce that Catherine "Randy" Wheeler of the BIS will be joining the "Licensed to Pwn" panel as a special guest.

Randy has been the Director of the Information Technology Controls Division in the Bureau of Industry and Security’s (BIS) Office of National Security and Technology Transfer Controls since June 2006, and is currently tasked with implementing the Wassenaar Arrangement’s new export controls on surveillance and intrusion software. Randy will join Dave Aitel, Matt Blaze, Nate Cardozo, Jim Denaro, and Mara Tam to discuss the weaponization and regulation of security research on Friday, 7th August at 11h00 (Track Two).


Nightlife image

At DEF CON, we know that after a long day of having your mind-grapes blown, sometimes it feels good to shut it down a bit and party. That’s why we provide so many party options. Need some reckless booty-shaking? We got you. Need to drunkenly howl top40 tunes with friends? We got you. Need to put your feet up and watch a movie while your life bar fills back up? We got you, too. We are a full-spectrum hacker summer camp, people. We got you because we get you.

Check out our nightime offerings here


Contest signup image

A bunch of DEF CON Contests have agreed to set up an early registration between 1100 and 1400. The idea is achieve optimum contest smoothness with contestants ready to hit the ground running at 10am Friday.

The contests involved (so far):
Hacker Jeopardy
Hackfortress
Scavenger Hunt
TD Francis XHour Film Contest
warl0ck gam3z
Beverage Cooling Contraption Contest

Where you need to be to get in on the action:
Bally's Grand Salon, Thursday 1100 to 1400.


soma image

Interested in Kali Linux? Want to get yourself up to speed on the new hotness of Kali Linux 2? Enter the Kali 2.0 Dojo.

In Skyview 2 on Friday starting at 1:00PM there will be two Kali workshops to get you up on things, with custom Kali USB sticks provided to attendees.

Workshop One: Learn how to master Kali Linux Recipes and easily build images such as the Kali Linux ISO of Doom or Instant Evil Kali Access Point.

Workshop Two: Learn how to make a sleek Kali Bootable USB stick, which contains several persistent storage profiles, both regular and encrypted. Protect your encrypted data using the Kali LUKS Nuke feature destroy and restore your data with confidence.

Workshop Three: Pentest the Planet. *

*There isn't a Workshop Three. But with your new skills and training, you will probably be pretty stoked to get your Kali 2.0 on.


soma image

SomaFM returns once more to bring delicious and relaxing sounds to the Chillout Lounge for its third year running. Known best for its legendary Groove Salad radio station, SomaFM is one of pioneers of streaming internet radio, with dozens of curated, diverse, and compelling channels for listeners across the globe. DEF CON Radio, a project of SomaFM, is included in that incredible list, a playlist including much "Music For Hacking" and a unique daily schedule that goes with the flow of the DEF CON experience.

Find more information about the listener-supported SomaFM and DEF CON Radio at
http://somafm.com/defcon/

DEF CON radio (player link):
http://somafm.com/player/#/now-playing/defcon


Queercon image

After a few years 'off-campus', the legendary Queercon is back in the main DEF CON venue - and they return in grand style. Not only is Queercon throwing a giant pool party with DJs from all over the world, functionally endless booze, and an OPEN pool,  but they're also hosting a  mixer every day of the con at 4pm for friendly conversation, chillaxing and cocktails.

To celebrate their return, DEF CON has created a limited run of DEF CON pride t-shirts, shown here on a model with alarmingly subtle facial features. They're a fine addition to any wardrobe and you can find them wherever DEF CON swag is sold.

Basic Details:
Pool Party - Friday 8pm to 3am at the Bally's pool. No badge required.
Mixers - 4pm Thursday thru Sunday at a Courtesy Suite (#TBD) in the Jubilee Tower of Bally's

The full rundown is available at queercon.org  


DEF CON Groups reloaded image

From The Dark Tangent:

"As DEF CON 23 nears, I am proud to unveil the launch of the new DEF CON Groups website, defcongroups.org!

Defcongroups.org will provide a centralized place to socialize, learn new skills, collaborate, and show off recent projects to DEF CON Groups around the world . It will include a directory to make it easier to find like-minded hackers in your area, as well as showcase featured DEF CON Groups, guest blogs, videos, tutorials, and more."

Read all about it at defcongroups.org. Whether you wish you were coming to Vegas next week or you are and you just want to feel that Hacker Fresh™ feeling all year round, it's time to join your friendly neighborhood DEF CON Group. If you live somewhere that doesn't have a DEF CON Group, it's time to start one.

There's really no limit to the cool stuff that can be accomplished with a global network of smart, inspired,hacker-minded humans. Together, we're basically Voltron. Let's make this the year we prove it.


Village Talks image

The Villages are growing - almost all of them have their own speaker tracks, contests and events. How crazy is that? Most of the villages are bigger than the first bunch of DEF CONs! To help you keep them sorted out, we’ve created a page on the DEF CON 23 website that lists all the talks going on in the villages (that we know about at this precise moment in time - we’ll add and update if things change). It’s like one of those Country Buffets, only the offerings make you smart instead of nauseous and regretful.


Review Board image

In a $3cr3t chamber behind a purely ornamental bookcase in DEF CON Manor, a shadowy cabal works for months selecting DEF CON talks. It’s a grueling, thankless job. 

Until we thank them, which is now. 

This is the post where we drag the willing members of the cabal out of the shadows so you can learn their names and buy them a drink at the con. 

Not shown: Several reviewers who have spent so long in the $3cr3t chamber that they’ve become permanently shadowy. 


SE Village image

The Social Engineering Village has a brand new contest this year- Mission SE Impossible! It takes place on Thursday and you need to sign up on-site but it sounds like fun. Contestants are 'arrested', put in a locked room and forced to use their SE skills to get the codes and free themselves.

Read all about it. If you've the SE chops to talk your way out of a locked box, you probably won't want to miss this contest.

http://www.social-engineer.org/social-engineering/the-sevillage-at-def-con-23/


Workshops image

Good news, everyone! Well, unless you secretly love waiting in a queue. Then it’s less good, and you’re weird.

The DEF CON 23 workshops will not require you to rush from the reg line to a workshop reg line. We’re going to allow online pre-reg for the DEF CON Workshops. The seats are limited, and we’re granting them on a strictly first come, first served basis.  To sign up, check out the Workshops Registration Page!

We’ll send a receipt when you’re registered (within 2 biz days), and we’ll announce any new openings @defcon on Twitter. Good luck!


Car Hacking village image

At DEF CON, we agree with you that it's kinda bogus that in 2015 we still don't have flying cars. But you know what makes up for that? Cars you can hack.

So this year, we bring you Car Hacking Village - a little bit of paradise for people who long to invalidate a connected car's warranty without jeopardizing their commute.

The CHV will have several 'Zones' for your education and entertainment:

Pull-apart Zone: learn how to get physical access to car controllers by removing panels and bolts.

Buck Hacking Zone: open hack car controllers and systems using a Buck (system on a bench).

Learning Zone: drop-in sessions of 15-30 minutes to teach specifics of vehicle networks and hardware.

Chill Zone: meet the CHV team in a more informal setting. Meet other interested con-goers. Meet no one and just meditate on what you've learned so far.

OEM Zone: we're probably going to rename this, but it's for dialog between OEMs and their users.

Vendor Zone: if the Car Hacking Village has inspired you, you can pick up some study material and even some hardware.

We hope to see you there.

Warning: objects in the CHV are closer than they appear.


TD francis X-hour poster image

If you find yourself interested in the The T.D. Francis X-Hour Film Challenge but you don't have a big enough crew, let people know in the Forum thread linked below or in on their facebook page https://www.facebook.com/xhourfilm

There's a limited number of slots, and they're filling up, so don't dilly-dally. And remember us when you get that Oscar.

You can also check out the Contest website at http://www.xhourfilmcontest.com/

T.D. Francis X-Hour Film Contest on the DEF CON forums


DEF CON video trailer image

Today’s date - 7/17/2015. Add the digits. Can you feel that? The phantom hand tugging at your sleeve, the voice in your ear right before sleep takes you? There’s no sense in resisting, friend. The Enigma has you, and the only way out is straight through. Join us in Las Vegas! Closing ceremonies are in 23 days. Check out the trailer


DEF CON forums upgrade image

We have upgraded the DEF CON Forums - new iron, new paint, new can-do attitude. We've removed the annoying wait between signing up and posting, and the whole thing runs faster. Also, you can't beat the new forum smell - like ascii and toasted hazelnuts.

The Forum is also where the most granular, immediate and interactive information about DC23 is being hashed out. Looking for someone to share ae ride from San Diego? Want to ask a question directly to the Crash and Compile organizers? Head on over to the Forum. Got a killer salsa recipe? Probably no one cares, but its a forum. So get involved.


DEF CON after dark image

Here's the listing of the final night of DEF CON musical performers. Sweet, sweet speaker honey from the people's champ Miss Jackalope, Dieselboy, Zebbler Encanti Experience, Downlink, Skittish and Bus and ZackBarbie. Be warned: you will move it, move it. Plan accordingly.


speaking schedule image

It's beginning to feel a lot like DEF CON, everywhere you gooooo...

You can tell it's for real now, because we have a live speaker schedule. Familiarize yourself, plot your optimal path for cranial embiggening, tell the others. This year's lineup is crazy great, and knowing your 'must see' talks greatly enhances your chances of maximum DEF CON.

We're in the home stretch, people. One month and counting. 


DEF CON after dark image

At DEF CON, we take your booty-shaking needs seriously. To help you get your recommended daily allowance of ecstatic groove units, we have created a stellar Friday lineup that includes:

VJ Q. Alba
Pyr0
Dualcore
mc chris
YT Cracker
Ninjula

If your groove is not firmly on Friday night, you should maybe contact your doctor.

Saturday Lineup coming soon!


Caesar's room block image

DC23 Booking Pro Tip:

The DEF CON group rate isn't available at the main venue hotels anymore - our block is sold out in Paris and Bally's. This might cause you to think about paying the full freight at those hotels to be close to the action. Reasonable idea, except....

We have a discounted block at Caesars, and it's still got some rooms available. Caesars is only 800 air-conditioned steps from the Con space. You save some hard-earned skrilla, you get a few minutes of walking to thumb through your program and get your various plans/plots/schemes together.

Look, if you've got bread like that, do what you feel. But for those of us balling on a budget, the Caesars plan deserves some attention.


DEF CON after dark image

Some of you, we have heard, enjoy vigorously oscillating what your maternal unit bequeathed to you. Some of you like to wave your hands in the air, as if you could not be less concerned. We understand. We get you, and we got you.

We have artisanally curated a flight of audio bliss merchants for your enjoyment on Thursday night. For staters, we’ve got An Hobbes, Dee Kaph, Johnny5 and Spherex.  After midnight we have DJ %27 and DJ AliKat. Many styles, many flavors. Join us, and amuse your bouche all over the place.


Demo labs image

The official vendor list for DEF CON 23 is finalized and live on the intertubes. That money burning a hole in your pocket? It's dangerous if it goes unchecked. You can avoid the hazard of fire by turning that money into temperature-stable, safe goods and services with the smiling merchants of the vendor area. For those of you inclined to the games of chance, payouts in the vendor area hover very close to 1:1 - you're not gonna get those odds on the casino floor.

Don't become a pocket combustion statistic. The vendors are here to help.


Demo labs image

We asked for demo submissions, and boy howdy did you people ever answer! For the first time, we have a whole community-powered demo area - five different sessions of your projects and demonstrations to share with the attendees. You're definitely gonna want to make some time to check this out.

The schedule is live, and of course there are links to all the abstracts there. We're amped about this - and we hope you will support the Demo Lab and spread the word.

This is gonna be so cool.


Crash & Compile image

Crash and Compile? What's that?

Crash and Compile is an ACM-style programming contest crossed with a good old fashion college drinking game.

You get a problem, and have to code a solution to it. The catch is that if your code doesn't compile, seg-faults, doesn't produce the correct output, you have to take a drink... All this takes place on the contest stage. It's chaos meets coding. As the night progresses, you are either a really good programmer, really drunk, or a bit of both.

Official announcement on the DEF CON forums


Final round speakers image

As promised, here's the final additions to the lineup for DEF CON 101. Make yourself familiar, maybe pick out a couple.  Nobody likes to be standing in line for an SRO talk only to get stuck in the hallway, missing all the goodness because of a failure to plan.

Well, there's probably a rule that says someone must like that, and probably mods a subreddit about it like /r/missedyetanothercoolDEFCONtalk. But that someone is weird. Weird and possibly dangerous. Don't be that someone. Read ahead and make some plans.

Hardware and Trust Security: Explain it like I’m 5
Teddy Reed and Nick Anderson

A dive through the origins, evolution, and weaknesses of cellular networks
Effi and Tom Palarz

Seeing through the Fog
Zack Fasel

Hacking Web Apps
Brent White

Hacker in the Wires
Dr. Phil Polstra

Secure Messaging for Normal People
Justin Engler

Sorry, Wrong Number: Mysteries Of The Phone System - Past and Present
"Unregistered436" Patrick McNeil and ”Snide" Owen

Forensic Artifacts From a Pass the Hash Attack
Gerard Laygui

Alice and Bob are Really Confused
David Huerta

Introduction to SDR and the Wireless Village
DaKahuna and Satanlawz

Hackers Hiring Hackers - How to Do Things Better
Tottenkoph and IrishMASMS

Beyond the Scan: The Value Proposition of Vulnerability Assessment
Damon Small

Backdooring Git
John Menerick


Final round speakers image

The great work is complete! Behold the final round of selected speakers for DEF CON 23!

Thanks to all the submitters for sharing their work, and to the selection committee for poring over all that work. We think we’ve created a pretty phenomenal list of talks here!

Check this space tomorrow for the final round of DC101 speakers as well.

It’s getting real, people. Really real.

DIY Nukeproofing: a new dig at "data-mining"
3AlarmLampscooter

Key-Logger, Video, Mouse - How to turn your KVM into a raging key-logging monster
Yaniv Balmas and Lior Oppenheim

Who Will Rule the Sky? The Coming Drone Policy Wars
Matt Cagle and Eric Cheng

Why APTs focusing on Telco Networks: Dissecting technical capabilities of Regin and its counterparts
Omer Coskun

Do Export Controls on “Intrusion Software” Threaten Vulnerability Research?
Tom Cross and Collin Anderson

Licensed to Pwn: The Weaponization and Regulation of Security Research
Jim Denaro, Dave Aitel, Matt Blaze, Nate Cardozo, and Mara Tam

REpsych: Psychological Warfare in Reverse Engineering
Chris Domas

NSA Playset: JTAG Implants
Joe FitzPatrick and Matt King

Abusing Adobe Reader’s JavaScript APIs
Brian Gorenc, Abdul-Aziz Hariri, and Jasiel Spelman

WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis
Matt Graeber, Willi Ballenthin, and Claudiu Teodorescu

I want these * bugs off my * Internet
Dan Kaminsky

Let's Talk About SOAP, Baby. Let's Talk About UPNP
Ricky "HeadlessZeke" Lawshae

Tell me who you are and I will tell you your lock pattern
Marte Løge

Separating Bots from the Humans
Ryan Mitchell

Docker, Docker, Give Me The News, I Got A Bad Case Of Securing You
David Mortman

NetRipper - Smart traffic sniffing for penetration testers
Ionut Popescu

"Quantum" Classification of Malware
John Seymour

Hacking the Human Body/brain: Identity Shift, the Shape of a New Self, and Humanity 2.0
Richard Thieme


Workshops image

These are brand new - intensive, deep-dive workshops on topics like Android reverse-engineering, Honeypots and Crypto for Hackers!  They’re free, but you’ll need to register onsite. Space is obviously limited, so if one of these topics really grabs you you’re gonna want to make signing up a priority when you get to the venue. There will be overflow lists, too, in case not everyone shows up. It is Las Vegas, after all. Sometimes you lose someone for a while.

Spread the word - we’d love these workshops to have a great first year.


Speakers image
The DEF CON CFP Review Board is composed entirely of Champions. Only a few days after Round 3, they are ready to present you with Round 4 of DC23 accepted speakers. Look on their work, ye mighty, and despair.

When the despair wears off, you should probably starting making notes about which ones you want to see. It's looking like a pretty goodie-packed schedule.

How to secure the keyboard chain
Paul Amicelli and Baptiste David

How to hack your way out of home detention
AmmonRa

Canary: Keeping Your Dick Pics Safe(r)
Rob Bathurst (evilrob) and Jeff Thomas (xaphan)

Attacking Hypervisors Using Firmware and Hardware
Yuriy Bulygin, Mikhail Gorobets, Alexander Matrosov, Oleksandr Bazhaniuk, and Andrew Furtak

Harness: Powershell Weaponization Made Easy (or at least easier)
Rich Kelley

Inter-VM data exfiltration: The art of cache timing covert channel on x86 multi-core
Etienne Martineau

Ask the EFF: The Year in Digital Civil Liberties
Kurt Opsahl, Nate Cardozo, Mark Jaycox, Corynne McSherry, Nadia Kayyali, and Peter Eckersley

DefCon Comedy Inception: How many levels deep can we go?
Larry Pesce, Chris Sistrunk, Adam Crain, Chris Blow, Dan Tentler, Amanda Sullivan Berlin, and Katie Moussouris

Chigula - a framework for Wi-Fi Intrusion Detection and Forensics
Vivek Ramachandran

Knocking my neighbor’s kid’s cruddy drone offline
Michael Robinson and Alan Mitchell

How to Hack a Tesla Model S
Marc Rogers and Kevin Mahaffey

Drinking from LETHE: New methods of exploiting and mitigating memory corruption vulnerabilities
Daniel Selifonov

Scared Poopless – LTE and *your* laptop
Mickey Shkatov and Jesse Michael

Angry Hacking - the next generation of binary analysis
Yan Shoshitaishvili and Fish Wang

High-Def Fuzzing: Exploring Vulnerabilities in HDMI-CEC
Joshua Smith

Security Necromancy: Further Adventures in Mainframe Hacking
Philip “Soldier of Fortran” Young and Chad "Bigendian Smalls” Rikansrud


Call for parties image

'From Dusk 'til Con' is back with more space, more opportunities and more DEF CON-provided bartenders. If you've got an idea for a party, shindig, hullabaloo, Esperanto-based MUD, you know, whatever, you should share them with us. If your idea is one of the winners, you'll get to throw your party at DEF CON. The main requirements are a well-thought out idea and a quick e-mail trigger finger. You can find the full story on the Call for Parties page. Go there, make a plan, become a party legend.


Hotel infographic image

Still hoping to stay in the DEF CON hotel block at our group rate? It’s time to get a move on. Our block at LINQ has sold out, and Flamingo and Planet Hollywood are close to capacity. There’s still some rooms at our rate Caesars, but the window is closing fast, and the risk of getting stuck with an overpriced room in the uncharted wastelands of the Strip grows with every passing day. Fortune favors the bold action, friends. Book soon, or brave the outer darkness. 


Internet of things village image

New for DEF CON 23 is the evolution of the last years DEF CON Media server drive duplication into the data duplication village.

HOW IT WILL WORK

DEF CON will provide a core set of drive duplicators as well as content. It will be a first come, first served situation. Bring and label your 6TB SATA blank drives, and put them in the queue for the data you want and 14 hours later it is done.

WHAT TO BRING

_ 6TB SATA3 new drive(s) - If you want a full copy of everything you will need three.

_ Any data you want to contribute to be shared, in USB, HDD, or DVD format

You can both contribute data to be duplicated, as well as bring blank drives to get copies and help spread the knowledge.

Those who want to share their own collections or help with duplication are encouraged to bring their own collections and drive dupers. If your collection is smaller we are thinking of getting some USB thumb drive duplicators for smaller batches. We also will have a DVD duper tower, so bring those legacy DVDs.

Full details in the DEF CON forums


Internet of things village image

The ISE and the IoT Village announced ‘Call for X’, a call for presentations for an open-format presentation track at DEF CON 23. From the announcement:

“Call For X’ is a play on the mathematical construct of X as an unknown variable,” explains Ted Harrington, one of the lead organizers of IoT Village and the Executive Partner at ISE. “The Call for X is an open-format track for the IoT Village. We want researchers to make suggestions about innovative ways to teach workshops, tutorials, games, or anything else related to the Internet of Things. We are trying to open the platform of learning to dynamic innovation that will help deliver exciting, new and effective ways to reveal solutions for the emerging IoT security problem."

The Call for X CFP is open until June 30, and the information you need to participate is at www.IoTVillage.org . Get your ideas together and spread the word.


Here's a few things you might want to know about that are going on in the Contest/Event/Village-osphere:

Robocalls contest image

Gentle, non-automated reminder: You only have until June 15 to register for 'Robocalls: Humanity Strikes Back' and grab your share of the 50K in prizes!

Strike at the heart of the robocall menace and possibly get a fistful of greenbacks by creating a crowd-sourced honeypot. But step lively, because June 15 is right around the corner.

Biohacking Village image

In case you didn't know, DEF CON 23 is soft-launching a BioHacking Village, and there's still an open CFP for it! If you've got some knowledge or expertise in bio-hacking, this may be your moment to shine. Follow the link and submit by June 30.

Short Story Contest image

The DEF CON 23 Short Story contest entrants are in, and it's time for judging. Your input counts! You can read them all in the forum and give us your vote. As always, thanks to the DC literary community for being dope and sharing their genius with everyone.


Speakers round 3 image

We've got more speakers to announce - this time it's for the DEF CON 101 track. As avid con-goers will know, DC101 is a series of talks geared for attendees looking for grounding in new skills and to looking to broaden their basic skillset.

Check 'em out, mark your calendars accordingly and spread the word.  The official DEF CON 101 track is running throughout the Con this year, so there will be more speakers added soon!

Game of Hacks: Play, Hack & Track
Amit Ashbel and Maty Siman

Abusing XSLT for Practical Attacks
Fernando Arnaboldi

RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID
Francis Brown and Shubham Shah

It's The Only Way To Be Sure: Obtaining and Detecting Domain Persistence
Grant Bugher

Ubiquity Forensics - Your iCloud and You
Sarah Edwards

Crypto for Hackers
Eijah

Extending Fuzzing Grammars to Exploit Unexplored Code Paths in Modern Web Browsers
Saif El-Sherei and Etienne Stalmans

Linux Containers: Future or Fantasy?
Aaron Grattafiori

How to Shot Web: Web and mobile hacking in 2015
Jason Haddix

LTE Recon and Tracking with RTLSDR
Ian Kline

Are We Really Safe? - Bypassing Access Control Systems
Dennis Maldonado

Hacking SQL Injection for Remote Code Execution on a LAMP stack
Nemus

Chellam – a Wi-Fi IDS/Firewall for Windows
Vivek Ramachandran

Bruce Schneier Q&A
Bruce Schneier

Applied Intelligence: Using Information That's Not There
Michael Schrenk

I Am Packer And So Can You
Mike Sconzo

NSM 101 for ICS
Chris Sistrunk

The Bieber Project: Ad Tech 101, Fake Fans and Adventures in Buying Internet Traffic
Mark Ryan Talabis

Hijacking Arbitrary .NET Application Control Flow
Topher Timzen and Ryan Allen

QARK: Android App Exploit and SCA Tool
Tony Trummer and Tushar Dalvi


Speakers round 3 image

More approved presentation goodness - round 3 of DEF CON 23’s accepted speakers is now LIVE. Our team of dedicated reviewers has been hard at work finding the best talks in the mountains of entries, and you are now free to read through the abstracts and start formulating your info-hoovering plan for Vegas.

Three rounds of speaker selections down means that DEF CON really is starting to get close.There are a few more updates to come before the roster is complete, but it’s already clear it’s gonna be a heck of a Con, presentation-wise.  Remember to watch this space and we’ll update you as soon as we have new speaker selections.

Another thing to keep in mind is that there’s more going on, speaker-wise, than just the Official DEF CON tracks. The Villages have their own speakers throughout the con - you can find links to all the individual village websites at http://defcne.net/villages/22.

Malware in the Gaming Micro-economy
Zack Allen and Rusty Bower

Fun with Symboliks
atlas

Cracking Cryptocurrency Brainwallets
Ryan Castellucci

Stagefright: Scary Code in the Heart of Android
Joshua J. Drake

Unbootable: Exploiting the PayLock SmartBoot Vehicle Immobilizer
fluxist

Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion
Marina Krotofil and Jason Larsen

F*ck the attribution, show us your .idb!
Morgan Marquis-Boire, Marion Marschalek, and Claudio Guarinieri

Hacking Smart Safes: On the "Brink" of a Robbery
Dan “AltF4” Petro and Oscar Salazar

Title TBA
Peter Shipley

Machine vs. Machine: Inside DARPA’s Fully Automated CTF
Michael Walker and Jordan Wiens

Pivoting Without Rights – Introducing Pivoter
Geoff Walton and Dave Kennedy

Stick That In Your (root)Pipe & Smoke It
Patrick Wardle

Investigating the Practicality and Cost of Abusing Memory Errors with DNS
Luke Young


CTF image

The last qualifying event for DEF CON 23’s CTF competition is in the rear view. For those of you who didn’t compete but want an idea of what a high-level CTF competition looks like, we offer links to some quality write-ups. The write-ups not only give you insight into the competition, but the careful reader can also learn something of the mindset that succeeds at this kind of contest. If you’re on the fence, it’s time to read up, level up and get in the arena. CTF glory awaits.


Speaker image

Brand new 'Speaker's Corner' post on defcon.org - 'Hackers and Healthcare: A Call to Arms' by Christian “quaddi” Dameff, MD and Jeff “r3plicant” Tully, MD.

Quaddi and r3plicant are hackers who moonlight as physicians, and the piece makes the case that turning around the rash of healthcare industry data breaches and tech failures is going to require cooperation with the hacker community.

If you'd like some more of these hacker/doctor/futurists dropping science,  you're in luck.

from DEF CON 20 'Hacking Humanity: Human Augmentation and You'

from DEF CON 22 'Hacking 911: Adventures in Disruption, Destruction and Death'


CTF image

From the upstanding citizens of the Legitimate Business Syndicate:

"Thanks for being a part of our biggest DEF CON CTF qualifiers yet. We're still very excited at how well the 4407 players, 1472 teams, and over 4000 unique IP addresses performed in our game, and have some preliminary results and other information to share with you."

The contest ended with a three-way tie between PPP, DEFKOR and 9447. As the LBS sorts through the data, they'll post everything at https://blog.legitbs.net.

For those of you who'd like to get a close-up view of the action, you can find a whole bunch of writeup goodness at https://github.com/…/…/tree/master/defcon-qualifier-ctf-2015

If you competed and have a write-up to contribute, that's a great place to put it.

Thanks to all the competitors and to the Legitimate Business Syndicate for making everything happen. Good luck to the groups moving on to the big showdown in Las Vegas, where it shall be on like the proverbial Donkey Kong.


Picture of DEF CON cufflinks

DEF CON makes a lot of swag available for the black T-shirt crowd. Like, black T-shirts mostly.

But what about the fancy people? What about folks who love DEF CON but have the kind of life you have to dress up for, like international superspies? Or international super villains, even?

Introducing the DEF CON cufflink! Made of the finest metallic metals and bearing the grinning skull logo of your favorite security con, the DEF CON cufflink is the perfect accessory that says, “I’m formal, but I like to party, hacker style”. Available in a limited run from our eBay store, this cufflink will make everyone notice you at your next Macao charity gala.

Then they’re probably gonna ask you to fix their computer, but they will notice.


Speaker image

The main CFP is closed, but that doesn't have to mean you can't speak at DEF CON 23.

Several of the Villages are still looking for speakers in their specific subject areas. If your idea is about Crypto/Privacy, IoT, SE or Packet Capture, quick action could still secure you a speaking opportunity before an audience that's passionate about the topic at hand.

Crypto and Privacy village - Deadline June 30

Internet of Things village - Deadline May 26

Social Engineering Village

Packet Capture Village


CTF image

The time has come. The final qualification opportunity for CTF at DEF CON 23. Team size - 8. Registration - open, and available all the way until the contest ends. Battle begins at midnight UTC, May 16 and runs until midnight UTC May 18. If you think you deserve a spot at the Vegas finals, this is your last opportunity to prove it.

For up to date info on the contest you can follow the scoreboard at 2015.legitbs.net/scoreboard or keep an eye on @legitbs_ctf and @defcon.

Prepare your team. Reach for glory. Godspeed, one and all.



Demo lab image

If you've got a project, a gadget or a tool that you'd love to show off to DEF CON attendees, there's still time to sign up for the DEF CON Demo Labs! You bring your wares, and we provide you with a dedicated time and location to show them off. It's a great opportunity to get your project some user testing, cultivate some collaborators or get an idea how your idea rates with the hacker demo. The information you need to sign up is here: https://www.defcon.org/html/defcon-23/dc-23-demolab.html

Call for Suites image

What would you do with a whole penthouse suite at DEF CON? Throw a party the bards will sing about until the end of days? Film a security 'Shark Tank' reality show? Roomba Thunderdome? Come up with a cool concept, event, or party that will be open to all attendees from Thursday to Sunday and if you are selected DEF CON will release to you or your group one of the suites at a cost of $500 per night - so $2,000 for the con. They usually go for $1,500 to $2,000 per night. You can read the whole announcement on the DEF CON 23 site: https://www.defcon.org/html/defcon-23/dc-23-cfsuites.html


First ever spot the fed contest image

Our humble party game 'Spot the Fed' is getting a lot of press lately.

Which is cool.

The good folks at MuckRock filed a FOIA Request that asked for, among other things, the FBI's files on DEF CON, and at the end of April they got a response in which STF is mentioned specifically a few times.

Which is also cool, but there's a little more to the story that DEF CON fans might be interested to hear.

First: Spot the Fed for the uninitiated.
Spot the Fed is a con amusement enjoyed by hackers and Fed/Gov/LE attendees alike, and it works thusly: Con-goers notice a suspicious 'outdoor kid' lurking about, and they alert a Goon (preferably Priest). With the spotee's permission, Priest or one of his minions asks a battery of questions designed to discover their mode of employment. If MIB status is uncovered in the course of questioning, the spotter and the Fed get T-shirts. Both spotter and spotted are then free to resume their conference unmolested. So it's sort of a catch-and-release program, if you will. We pride ourselves in both our ability to spot Feds, and our ability to return them in the condition received.

Now, a little backstory.

For reference, here's a shakycam recording of a round of Spot the Fed from DEF CON 14, featuring the incisive interrogatory style of Priest.

The picture attached to this post is from DEF CON 2 and features the very first Fed ever Spotted wearing the very first 'I Am the Fed' shirt we ever gave out. Memories.

Astute readers of the FOIA docs

http://www.defcon.org/images/links/foia/FOIA-request-1321038-00.pdf
http://www.defcon.org/images/links/foia/FOIA-1321038-0-defcon12.PDF
http://www.defcon.org/images/links/foia/FOIA-1321038-0_-Defcon8.PDF
http://www.defcon.org/images/links/foia/FOIA-1321038-0_-Defcon3.PDF

will notice that there was another FOIA request for DEF CON still being processed at the time that MuckRock's request was going through. That request came from badass EFF lawyer and frequent DEF CON speaker Marcia Hofmann, and it was filed in response to a Federal Grand Jury investigation that you might recognize from the DEF CON documentary.

The docs actually help solve the nagging mystery DT's talking about in that video.

"I had always assumed the grand jury investigation was related to a National Security investigation, but now that the FBI FOIA is out we know. FEDs don't all attend because of the talks, sometimes they have real work."
-Dark Tangent

The docs are liberally redacted, but they do illustrate the varying levels of interest lavished upon our little party by one of the TLAs in attendance. The docs MuckRock released include reports from DEF CONs 3, 8 and 12.

Despite the hostility people insist on reading into the FBI comments, spotted Feds almost universally take the stage with good humor and answer our questions with patience and more candor than their job descriptions require.

If you want to get in on the FOIA action and see some FBI files of your own, we recommend watching this talk from the aforementioned Marcia Hofmann from DEF CON 18.


Hotels Infographic image

The DEF CON block at Bally’s and Paris is officially sold out. There’s still some good news for procrastinators, though - there’s still room at our con-goer rates at the nearby Flamingo, Link, Planet Hollywood and Caesars. At least, there is room right now. You’re gonna want to act briskly if you want to get the DEF CON group rate.

Here’s the reservation link:
https://aws.passkey.com/g/32601197

And here’s the direct lines to the hotels still offering the DC23 rate:
Flamingo 888-373-9855
Caesar's 866-227-5944
Linq 866-523-2781
PH 866-317-1829


CFP Closing reminder image

A friendly reminder from DEF CON HQ:

If you're waiting until the last possible moment to submit your talk proposal for DC23, please be advised that we have arrived at that moment. Sunday May 10 is the last day we'll be accepting entries, so it's time to stock up on Code Red, take a few deep breaths and get that sucker done. We're looking forward to seeing what you've got.

The FAQ is here: https://www.defcon.org/html/links/dc-speakerscorner.html#leah-cfp-process

You've got this. Just make sure we've got it by Sunday.


Internet of Things Village image

Brand new addition to the DEF CON Villages this year - IoT Village! Lots of workshops on hacking off-the-shelf connected devices, live talks and even some contests.

There's also a CFP. If you have a good idea for a talk about the Internet of Things, you've got until May 26 to submit to them at the link below. Topics they're looking for include:

Raiding Internet of Things - Show us how secure (or insecure) IP enabled embedded systems are. Routers, network storage systems, cameras, HVAC systems, refrigerators, medical devices, smart cars, smart home technology, and TVs -- If it is IP enabled, we're interested.

IoT Device Management – Discuss best practices for deploying and building security into IoT devices.

Anything else awesome that involves IoT devices!

https://www.iotvillage.org/#cfp


Speaker image

This is the home stretch for getting your talk submitted for DEF CON 23. The submission deadline is May 10. If you still have unanswered questions about the process of submission or selection, Leah has created a pretty exhaustive and very useful FAQ on Speaker's Corner!


Call for Contests image

We know you have ideas. We know you’ve walked the floor at DEF CON and thought, “I know what kind of contest or event this place needs. One day I’m gonna get MY idea for Roomba Thunderdome to DEF CON and rule this place."

That one day is today (but not if your idea is Roomba Thunderdome - that’s mine). It’s time to take your great idea for a DEF CON contest or event and submit it to us. If it’s good enough, and you get it submitted by May 30, you may get to see your idea become a glittering Las Vegas reality.

The information you need to manifest your brilliance has a Forum thread. Go there and make us proud.


vendor application image

The DEF CON 23 Call for Vendors is now open, so if you have a product or merchandise you want to put in front of thousands of hackers you should check out defconvendors.com . It’s all there – all the info, the vendor area layout and even a surprisingly thorough FAQ. As always, we run out of vendor space pretty fast, so it’s a good idea to get yourself registered as soon as you can. The early bird catches the worm, and the late bird has pallets stacked with regret.



speakers noir microphone image

Our speaker selection elves have been hard at work, sifting through the proposals for DEF CON 23, and they have a Friday present for you. The first round of Speaker Selection is done!

 

Did you feel that? That’s DEF CON 23 getting REAL, people. August 6 is closer than it sounds.

The selections are available for your inspection on the Speaker Page. More will be posted in the coming days, so check back from time to time. Also, if you have a talk you want to see on this list, you only have until May 10 to submit it to us. That is hella soon, so get on it!


Hardware hacking village image

Reminder: The DEF CON Villages are up and rocking at the #?tribecafilmest in NYC! Four Villages (Crypto/Privacy, Hardware Hacking, Tamper Evident and Lockpicking) full of hands-on activities and clever humans spreading hackish knowledge.

The Villages are live today through Saturday, and our founder Dark Tangent will be speaking Saturday at noon. LosT, our resident mad crypto scientist and creator of the Mystery Challenge will also be making an appearance.

It's all going down at Spring Studios at 50 Varick St. You can find out more at https://tribecafilm.com/…/tribeca-film-festival-2015-def-con .


Kalashnikitty shirt image

If the DEF CON Shoot is part of your traditional DC festivities, it's time to get yourself signed up and get a lane rented. The event organizers are hoping that all lane rental requests will be in by July 1, so don't delay.

If you don't know about the DEF CON Shoot and you want to know more, the link below has a lot of good information to get you on your way.

http://deviating.net/firearms/defcon_shoot/registration.html


screencaps of talks about airline security
In light of the story about Chris Roberts of One World Labs being pulled off a plane by the FBI after talking on air about some of the risks inherent in in-flight networking, for #defconflashbackfriday we give you two talks on the subject of security in the air.

The first is from DEF CON 22. The presenters are Dr. Philip Polstra and Captain Polly and it's entitled "Cyberhijacking Airplanes: Truth or Fiction?" 
http://youtu.be/Uy3nXXZgqmg

From way back at DEF CON 20, we also offer "Hacker + Planes = No Good Can Come of This" by Renderman.
http://youtu.be/mY2uiLfXmaI

The security research community does indispensible work in the public interest. Making that work inconvenient or impossible serves only the bad guys.


While the classic Film Noir period happened in the 40s and 50s, the style and preoccupations of Noir are alive and well. Sometimes referred to as Neo-Noir - here’s five notable takes on the genre that will get you up to speed:

Blade Runner: The undisputed champion of sci-fi flavored Film Noir. Hard-boiled private investigator, rain-slicked streets drowning in neon and depravity, a secret so dark we keep it from ourselves. Add to this the insanely detailed and haunting visual design - still maybe the most beautiful dystopia ever committed to celluloid - and you have a permanent chart-topper.

Blood Simple: The Coen Brothers' debut film about small-town jealousy and betrayal is both a love letter to Noir and a darkly comic blast of adrenaline that still stands up over 30 years later. The plot is an ever-tightening noose of bad faith and personal corruption.



The Killer: John Woo. Chow Yun-fat. Doves, the Hong Kong skyline and So.Many. Bullets. A grimly beautiful tale of underworld honor and devotion with operatically insane actions sequences that are still being copied around the world.



Brick: Underappreciated high-school noir starring Joseph Gordon-Levitt as the dogged investigator determined to find the truth, damn the consequences. The setting and the distinctive slang make it unique, the performances make it a first-ballot hall-of-famer.



The Yellow Sea: 2010 film by South Korea’s Na Hong-jin about an ethnic Korean (Joseonjok) taxi driver in Yanji, China. His twin obsessions with gambling and his estranged wife lead him into a murder plot that’s way out of his depth. You might watch some of this through your fingers, but it’s compelling cinema and steeped in Noir style.

 

Honorable mentions: To Live and Die in L.A, Shallow Grave, Oldboy, The Last Seduction.


press registration image

Attention, Inkslingers: DEF CON 23 Press Reg is open. The details and requirements are available on the Press Registration Page.

–30–


call for workshops image

Reminder to everyone in the vicinity of NYC, a sampling of DEF CON is making an appearance at the Tribeca Film Festival! Four Villages (Hardware, Crypto, Tamper-Evident and Lockpicking), and three Panels covering the way hacking gets portrayed on the silver screen. The festivities start Thursday, April 23, topped off with a talk by Dark Tangent at noon on Saturday, April 25.

The filmmakers at TFF have a voice in how hackers are seen by the world. Come by and make sure that we do,too.

https://tribecafilm.com/stories/tribeca-film-festival-2015-def-con


demo lab image
Announcing yet another cool way you can participate in DEF CON: the DEF CON Demo Lab!

New for DEF CON 23 we are adding an place for you to show off your tools, projects, and tech to attendees - much like a poster board session but with computers.

The DEF CON Demo Lab is a dedicated area for hackers to show off what they have been working on, to answer questions, and even convert attendees into trying of giving feedback on their projects.

Presenters will be given a dedicated time and location to present a tool or project of their creation; show what it does, how it works, and why we need it in our arsenal.

Got something you’re itching to share? Get involved!

Full details at: https://www.defcon.org/html/defcon-23/dc-23-demolab.html


call for workshops image

On the 3rd floor of Ballys South tower, The Jubilee Tower, lay seven rooms [1], each one 1,400 sq feet. That's enough space for about 55 people in classroom format. What to do with all that space away from the main action of the convention? I've wanted to try workshops and trainings for years but we have never had the room once we filled up the Rio. Now we finally have some space at the new hotels so I am calling on the community to tell us what we should do with the rooms.

Check out the Call for Workshops for full details!


tribeca film festival image

For the first time ever, DEF CON is teaming up with the Tribeca Film Festival to bring a few of its famous Villages to New York. The Villages – interactive spaces stocked with gear, projects and brilliant humans – immerse the visitor in particular nodes of hacker culture. Hands-on activities, eye-opening presentations and open-ended experimentation combine to bring out the hacker in everyone.

Join us April 23 - April 25th, 2015 in Studio X of Spring Studios and you will:

• Learn to pick a lock in the Lock Picking Village.

• Make your devices and identity more secure by seeing how the bad guys operate in the Privacy/Crypto Village.

• Study the noble art of voiding all your warranties in the Hardware Hacking Village.

• Get schooled in the hacker's most important skill in the Social Engineering Village.

• Discover what it takes to open that weird security envelope without leaving a trace in the Tamper-Evident Village.

https://tribecafilm.com/festival/springstudios


Call for Suites image

On the top floor of Ballys are four penthouse suites, and we are calling for people or groups who are interested in renting them and throwing something cool for the hacking community. Here is the deal:

Come up with a cool concept, event, or party that will be open to all attendees from Thursday to Sunday and if you are selected DEF CON will release to you or your group one of the suites at a cost of $500 per night - so $2,000 for the con. They usually go for $1,500 to $2,000 per night. You can read the whole announcement at:

https://www.defcon.org/html/defcon-23/dc-23-cfsuites.html


DJ turntables image

We’re looking for performers. If you’ve got a band, or some righteous DJ skills, or you are crazy good at Tuvan throat singing, we want to hear from you. DEF CON is a big event, and our rocking requirements are substantial. Even if you just want to spin some chilly beats for con-goers on a caffeine comedown - we want your application.

If you have the goods to rock the people, fill out this form. Get in the ring. Win DEF CON.

DEF CON 23 Call for Music


To get you in the mood for DEF CON’s Noir theme, we offer some Film Noir knowledge and recommendations.

Noir is a slippery category, but it’s generally taken to mean films with a cynical worldview, moody, stylized cinematography and stories that turn on darker human impulses: lust, greed, vengeance.  They are stories of the desperate and the doomed, the outsiders who will never really belong to polite society.

 

The golden age of film noir is the 1940s and 50s, but the genre left its mark all over popular culture and great noir (or neo-noir, if you’re not into the whole brevity thing) is still being made today.

Double Indemnity: Arguably the film that kicked off the genre. All the elements are present. The lighting is dramatic, the dialog is sharp and the plot turns on murder for easy money. Directed by the great Billy Wilder and written by detective fiction immortal Raymond Chandler. Double Indemnity is the heavyweight champ of golden age noir, with 7 Oscar Nominations.

Kiss Me Deadly: Adapted from the Mickey Spillane novel of the same name. Starts with a disreputable private eye picking up a terrified hitchhiker escaping from a mental hospital wearing only a trench coat, and then things get weird. A Cold War parable with a breakneck plot, a mysterious box and as pitch-black an opinion of the human condition as you could put on screen in 1955.

Out Of The Past: To create the mood of a good noir, you need actors with moodsetting skills - lurking, looming, smoking with intent. No one has ever been better at doing those things than Robert Mitchum. Pay close attention to his looming work in this film. 10/10 would cross the street to avoid. Bonus: You can check out Mitchum being extra foreboding in 'Night of the Hunter'.

D.O.A: Some of the plot tricks in this movie might seem familiar, but only because directors borrow from it all the time. D.O.A. was pretty avant-garde in its time.

Our protagonist is dying - soon. He uses the remainder of his rapidly expiring time to find out who murdered him and see justice done. Lots of newer movies use the forced clock, the backwards storytelling, the inside-out murder mystery but very few of them do it any better.

Touch of Evil: The opening shot - a long, unbroken meander through the scene of our intrigue - is a clinic on mood-setting. Questionable makeup choices aside, this is the platonic ideal of what a dark melodrama should look like.

 

Honorable mentions: The Killers. The Asphalt Jungle. The Big Sleep.


Screen capture of DC23 website

You can tell it’s springtime in the Northern Hemisphere. The flowers begin to bud, the non-crow birds start to sing outside your window, and the new DEF CON website is launched. 

The new website announces the theme of DC23 (The 23 Enigma: A Hacker Noir, for anyone just joining the party). As DEF CON 23 assumes its final form in the coming months, you’ll want to keep checking back. Bookmark that mug. Set it as your home screen. We’ll be filling the site in with speakers, events, contests, schedules and everything you need to make the most of your DEF CON experience. 

August will be upon us faster than you’d think. Get excited, people.

And srsly, bookmark the DC23 site


Poker chips with AA token image

Sin City is a lot to take in. Friends of Bill W. joining us for DEF CON 23 are invited to take a break from the Vegas of it all with meetings at noon and five p.m., Thursday, August 6 through Sunday, August 9. Your hosts will be Jeff Mc and Edward B. The location has yet to be determined, so keep an eye on this space and we’ll update as new information becomes available.

You can mail us any specific questions at info at defcon dot org and we’ll get what answers we can for you.


Capture the Flag DEF CON 23 image

CTF Season is in full swing - the final qualifying event is May 16-18. For those with the skills, the drive and the energy drink tolerance, glory awaits.

Screw your courage to the sticking place, step into the light and embrace destiny. Let the battle be joined!

Also, register on the Legitimate Business Syndicate website. Then, embrace destiny.

https://2015.legitbs.net/


typewriter short story contest image

The fine folks from MFP are bringing back the village for everyone who wants to test their skills against modern tamper-evident technologies. Contests, workspaces, presentations and demos - the TE Village is kind has all kinds of stealthy fun for the sneakily inclined. To learn more, check in on the Forum Thread:

https://forum.defcon.org/…/220156-tamper-evident-village-re…


typewriter short story contest image

Friendly reminder to the writers in the DEF CON community:

The DEF CON Short Story Contest is OPEN. Like, right now.

The theme is 'The 23 Enigma - a Hacker Noir'. The contest closes June 1. Human badges are on the line. The rules are in the DEF CON Forums.

https://forum.defcon.org/…/219870-short-story-contest-2015-…

Let's get those keys clickety-clacking, people.The drop-dead date is closer than you know.


lawyer meetup image

If you’re a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join your host Jeff McNamara at 6pm on Friday, August 7th for a friendly get-together, followed by dinner/drinks and conversation. The location of the meet is still to be determined, but we’ll post as soon as the details are settled. If you’d like to help out with the event or have questions, contact jeff at jcmclaw dot com.


wall of sheep image

303, perennial champions of DEF CON party-throwing, are having a fundraiser. A fundraiser, amazingly enough, aimed at throwing an even more epic party at this year's DEF CON. Sounds good, right?

But there's more.
In addition to supporting 303's patented brand of con-frolic, you can get something everyone needs: a classy black t-shirt with a geeky logo on it.

But that's not all!
The 303 t-shirt features ultra-sexy artwork by the world-famous @eddietheyeti, creator of the 'Faces of DEF CON' series.

The combination is unbeatable. Good party karma and superfly, limited-edition threads. You know what to do.


wall of sheep image

The WoS Packet Village returns for DEF CON 23 and they're looking for speakers. If you can cobble together a riveting 1-hour presentation on topics like network sniffing tools, or incident response, or Python programming for security practitioners, you can get selected to speak in the wildly popular Packet Village. Whether you're looking to dip your toe into speaking at security cons or you're a seasoned pro with an idea that fits perfectly into the Sheep demo, you owe it to yourself to check out this opportunity.

The full details are available at their site.

http://www.wallofsheep.com/pages/call-for-presentations-at-def-con-23


policy pages image

As you know, the DEF CON 23 Call for Papers is open. If you've ever been curious about how your sensitive research information is treated once we get it, who gets to see it, whether we put coffee mugs down on it - the CFP Privacy Policy we've added to the Policy Page has your answers.


black badge image

The Black Badge is highest honor DEF CON can bestow. You have to do something awesome to win one, and if you manage that you get in to DEF CON free for the duration of your natural life. It is, in a word, ballerific. It also maxes out your charisma when worn with an ironic t-shirt.

We’re compiling a history of the winners, and we’ve put up a Black Badge Hall of Fame page to get that process started.

 

The thing is, we weren’t always so good at keeping records. Because we are a giant Vegas hacker party. It’s pretty likely we’ve left off some deserving names or missed an event or two that were eligible for a Black Badge. If you know something that got overlooked, or think we got something mixed up, please let us know. Drop us a line at info@defcon.org and we’ll look into it and fix what needs fixin’. 


policy image

More stuff returning for DEF CON 23!

SoHopelessly Broken - Last year's popular Small and Home Office Router hacking contest is back, with a twist!

Hair farmers, rejoice! The DEF CON beard and moustache contest is back as well. Your commitment to medieval grooming habits could finally pay off.

And from the DEF CON Forums:

The 'Be The Match Registry Drive' is going to be back for DEF CON 23. This gives you another chance to be a straight-up superhero by getting yourself on the list of potential marrow donors.

You need to be between the ages of 18 and 60, meet the health guidelines and be willing to donate to ANY patient in need. At the recruitment drive, you will fill out a consent form with contact information and a short medical evaluation. You will receive more information about what it means to be a donor and then you will swab the inside of your cheeks. Your tissue type will be listed in the Be The Match Registry until your 61st Birthday. If you are a match for someone in need, then you will be contacted for donation.

More info here:
http://bethematch.org/about-us/how-we-help-patients/be-the-match-registry/


policy image

DEF CON’s official Code of Conduct is now live on the Policy Page. If you’re planning to attend DEF CON, please take a minute to look it over. The rules haven’t changed, but now they’re in a handy written form for easy reference in moments of quiet reflection or in your hectic, on-the-go lifestyle.

You’ll be expected to hold yourself to the terms of the CoC at DEF CON, but you can take them with you anywhere. Feel free to practice the precepts contained in the DEF CON CoC in the non-DC situations of your choice, including but not limited to board meetings and LARP events.

We appreciate you taking the time to familiarize yourselves with the code, and we leave you with a quote that we believe gets at the heart of what we’re trying to create here, from the collected wisdom of Theodore Logan and Bill S. Preston, Esquire.

‘Be excellent to each other.’


Link Roundup image

Lots of news today:

The Thursday track DC101 is back for DEF CON 23 and they have an open CFP! If you’ve got a good talk in you that can help people optimize their con experience or expand their general knowledge base, this might be a great opportunity to get your feet wet as a DEF CON speaker. You can find out what they’re looking for and apply on the dc101 page.

For those of you of a literary disposition, you should know that the DEF CON Short Story contest is open and accepting entries. The theme is “The 23 Enigma: A Hacker Noir”. You know, sleepless streets with a million blind alleys and rules that won’t stay put. Pleasures that can only be bought with pain. The pulsing digital cords that bind us together but keep us from getting too close. The spreading darkness the hackers see first, before the grazing genpop has any idea what’s coming.

And if you’re looking for puzzle challenges to hold you over until con, the good folks at Queercon have one or you at this link. Give it a shot and keep your puzzle muscle strong. DEF CON 23 will be here before you know it.


FTC Contest, Robocalls: Humanity Stikes Back image

Rachel from cardholder services is back and there's a price on her head.

Fresh off the popular 'Zapping Rachel' contest at DC22, the FTC is returning to DEF CON this summer with a brand new contest and a big wad of prize money. Called 'Robocalls: Humanity Strikes Back', it challenges you to create a tool that allows mobile and land-line users to identify and block robocalls or deflect them to a honeypot for great justice.

The qualifiying round is open now and closes June 15. Qualifiers compete at DEF CON 23 for cash prizes, including $25,000 for the winner. You can find all the rules and regs on the contest website.

http://www.ftc.gov/news-events/contests/robocalls-humanity-strikes-back


Policy image

We're a little past the halfway point between cons, but DEF CON 23 is already taking shape nicely! Cool stuff with intention to return for DC 23 includes:

Contests:
Black Bag
Crash and Compile
Capture the Flag
DEF CON Bots
Darknet Project
Scavenger Hunt
Short Story Contest
Schemaverse

Events:
SkyTalks
DEAF CON
DEF CON Shoot
Ham Radio Exam

Villages:Crypto/Privacy Village
Hardware Hacking Village
Lockpick Village
Packet Hacking Village
Tamper-Evident Village
Wireless Village
Social Engineering Village

And there's lots more to come.

In the coming days, we'll be highlighting different individual contests, events and villages in this space, so keep an eye out. If your favorite thing isn't yet on the confirmed list, you can keep tabs in the Contests & Section of the DEF CON forums. It's never too early to start planning how you're gonna get involved this year.


Policy image

Today we’re launching a brand new policy page at defcon.org, and we’d love for you to take a look at it, and only partly because of the emotional validation it will provide for our lawyers. There’s also a lot of useful information on the page for everyone who plans to visit our conference or our website. As of today, there are three documents up there:

Privacy Policy
We make a real effort to protect whatever pieces of your identity pass into our hands, and we want you to have an understanding of what we can and can’t do to keep that data secure.

   

Transparency Report
It’s reasonable to wonder if sites you visit frequently have been served with a court order demanding logs and information. The transparency report is how you’ll know if it happens to DEF CON.

Black Badge Policy
Wonder if that Black Badge on eBay will render you ‘uber’ at the next DEF CON? There are rules, and we wrote them down for you.

As other policies are finalized, we’ll update the policy page. If you need another reason to check it out, consider this: every time someone reads a privacy policy all the way through, a lawyer gets their wings. Or a lawyer does 1d4 of smoke damage. It’s one of those.


Housekeeping image

After moving all of the DEF CON hardware (because the building was scheduled to be demolished – go figure), we started a pretty rigorous set of security upgrades.

HPKP support on the webservers? Check. DNSSEC support all around? Check.

In an effort to keep you informed about what we're up to, security-wise and to maybe inspire everyone to get up to date, DT has started a blog on the DEF CON forums about the upgrade process.

Check it out, and feel free to leave a comment!


Crypto and Privacy village CFP Screen shot

Attention: The Crypto & Privacy Village CFP for DEF CON 23 is live now!

PS - Word on the street is there's even a puzzle in the CFP!

Crypto And Privacy Village CFP


dcg 719 video screen cap

DEF CON doesn’t just happen once a year in Las Vegas. It’s happening all around you, all the time. There are hundreds of DEF CON Groups all over the world that have regular meetings, put on talks and collaborate on projects of all kinds. You can be part of the one in your area, and if there isn’t one you can start one - it’s free and the information is available at https://www.defcon.org/https://defcongroups.org.

This week we’re sharing a talk on 3D printing given at DC719, the DEF CON Group for the Colorado Springs area. Dana G. Neilson presents on the history and uses of 3D printing and shows how they made a pretty cool DEF CON ring as a handy example. More importantly he shows that what ever sector you work in or what ever you want to make, if you can visualize it, draw it and either CAD (Computer Aided Drafting) it or have someone else CAD it, then your ideas can become physical object. There are endless possibilities with this growing technology, become part of its growth and then share what you know.

If you’re in the Colorado Springs area and want to learn more about DC719, they’re online at dc719.net. Introduce yourself.

If you’re part of a DC Group that has something they want shared by DEF CON, drop us a line at sleestak [at] def con dot org.


speaker

Sharing is our jam. We make an effort to get our product to everyone who can learn from it via all kinds of channels: YouTube, BitTorrent, direct download and even eMule. But security is also our jam. (We have multiple jams - deal with it.) So we’re putting a lot of thought into ways to make all that sharing more secure.

This post from the Dark Tangent is the first of several addressing the topic of more secure sharing, and it deals with BitTorrent.


DEF CON 23 CFP Graphic

It’s getting real, people. The DEF CON 23 Call for Papers is now officially open! If you’ve got some good stuff to share, it’s time to start getting your pitch together. You’ve got until May 10th to submit, but don’t get too comfortable. May will be upon us faster than you probably think.

To learn the requirements for a DEF CON talk, take a look at the CFP form and get an idea of the suggested topics, we’ve put together a handy guide at https://www.defcon.org/html/defcon-23/dc-23-cfp.html. Get yourself up to speed, get your forms filled out and get your proposal in front of our selection committee. This is going to be our biggest DEF CON yet, and there’s a lot of opportunities for speakers, both experienced and brand new. We’re hoping one of them is you.

As if that wasn’t enough CFP excitement, we’re also happy to announce that the Social Engineering Village CFP opens today! The requirements and submission form are online at http://www.social-engineer.org/sevillage-call-papers/. The SE Village is very popular and it’s going to be even bigger and more ambitious this year.

SE Village also has a bad-ass Capture the Flag contest happening. Check out the Rules and Registration page (http://www.social-engineer.org/ctf/def-con-23-sectf-rules-registration/). If you want to play, read the whole thing. For real. They’re very clear on this point.


Call for feedback image

We've added some links to the DEF CON website resource section: Some movies to watch, social media accounts to follow, hacker culture sites and technical books to get you on your way - today we're asking for music recommendations.

What do you listen to when you're sitting in the dark, making faces at your monitor? We want to compile a playlist of tunes to code/learn/fall into an internet rabbit hole by.

Strong enough to keep you typing into the darkness, subtle enough to stay out of your way when the big thinking happens — Send your suggestions to sleestak at defcon dot org!


Paul Renda at DEF CON 17

The long-silent creature begins to stir! We have a new post in the Speaker’s Corner of the DEF CON website. It’s from DEF CON alum Paul Renda and it concerns future presentation ideas that involve Robots, AI and Tesla coils. Straight out of the DEF CON dream journal. You can read it here: https://www.defcon.org/html/links/dc-speakerscorner.html#renda-emp

If you’re a past DEF CON speaker who has something to share with the DEF CON community, please get in touch (@defcon , Facebook.com/defcon). We’re interested in what you’re thinking about and we’d love to help get the word out.


DEF CON Youtube image

More upgrade news! We're rolling out a major upgrade to the forums next week. New coat of paint, improved functionality, general up-leveling across the board. But wait - there's more! As soon as we've sorted out the new setup, we'll be releasing a mobile app version for Android and iOS. Stay tuned!


DEF CON Youtube image

Good News, Everyone! The DEF CON YouTube channel now contains the full slate of presentations from DEF CON 22!

Delivered on Thursday to help you get a jump start on your knowledge-binge weekend, we’ve got over 100 presentations ready to jump across your face-brain barrier. Don’t know where to start? We’ve included a handy playlist option so you can hit play once and not come up for air for a few days. For those who wish to watch in furtive silence so as not to arouse the pointy-headed boss, there are captions.

You might want to consider taking a personal day.

Please enjoy and spread the word. Share the videos with people you think can learn from them. Pass it on.


Housekeeping image

Thanks for bearing with us during the last week or so, as defcon.org was migrated to a new location! We are currently getting the forums and Media servers buttoned up, and moving on toward DEF CON 23. Look for the Call for Papers to open in the next week or two!


Housekeeping image

We’re moving to a new office in a few days, so please excuse any availability issues for the near future. We’re going to do our best to keep the site and the forums running smoothly through the whole transfer, but if you notice hiccups please know that we’ll be back to normal very soon.

In the meantime, if you need up-to-the minute news about what’s going on in the world of DEF CON, please visit us at Facebook.com/defcon, @defcon on Twitter or our Google Plus page.


New year image

DEF CON had a pretty great year, thanks to all of you. It takes a huge effort from so many people to create the kind of magical hacker summer camp that DEF CON has become, and we want to thank all of you for the parts you play:

   • The geniuses who create the talks and the geniuses who review and select them.

   • The mad zealots who dream up and carry out the contests and events.

   • The dedicated army of goons who descend upon a nondescript Vegas hotel every summer and turn it into a hacker utopia by sheer brute force and guile.

   • The attendees whose love, devotion and enthusiasm keeps this whole enterprise aloft.

DC22 had our biggest attendance ever. So big that some of the villages are probably bigger than the first several DEF CONs. So big, in fact, that DEF CON 23 will be in two hotels. Imagine that!

We will be occupying both Bally’s and Paris for DEF CON 23. More space, bigger villages, shorter lines. Like always, we’re counting on DC’s volunteers and the community at large to fill all that new space with ideas and ingenuity. It’s the greatest thing about running this type of conference - no matter what new ideas we throw out there, the community never fails to push it further than we imagined.

Thanks to everyone who made 2014 so great, and let’s get amped for an epic 2015.


Housekeeping image

As part of our social media housekeeping for the new year, we're leaving LinkedIn. As much as we like the service, we couldn't help but feel that we weren't using it to its potential, and that we were doing more to harvest spam than to communicate with all of you.

If you're one of the people who connected with DEF CON on LinkedIn, you should know that we won't do anything hasty. We'll leave everything where it is through January 2015, to give everyone time to collect whatever they need from our LinkedIn presence.

More importantly, we hope that you'll check out our other social media options. We have an active presence on G+, Facebook and Twitter and we're going to spend more time hanging out in r/defcon in the days ahead as well.

We have big plans for DEF CON 23, and we want your input.


CTF graphic

Begun, the DC23 CTF has!

Legitimate Business Syndicate, the shadowy organization that provides the hustle and the muscle behind the DEF CON CTF tournament, has announced its list of qualifying contests for the 2015 showdown in Las Vegas.

If you have the team, the drive and the raw skills, it's time to start making plans. To pluck the flower of eternal glory from the Nevada desert, you must first prove yourself in the crucible of a qualifier.

Assemble. Register. Qualify. Prevail. The road to victory is now open.

https://blog.legitbs.net/2014/12/announcing-def-con-ctf-qualifying.html


DEF CON video archive image

We've got two more versions of the DC22 talks available for your torrenting pleasure. We've got slide only video, with the audio and slides uninterrupted by speaker face. We've also got talking head video, which is audio and speaker face uninterrupted by slides.

If either one of those is your preferred flavor, then your moment has arrived. As always, we ask only that you enjoy them and seed them so others can enjoy them as well.

It's us against the derp, people. Let's spread the knowledge.


DEF CON torrent image

Torrent update: 12 of the talks were missing from the first DEF CON 22 video/slides torrent, due to some unicode mishaps in their file names. We've corrected the links - this updated torrent file will complete your collection. As always, enjoy and pass it on.

https://www.defcon.org/html/torrent/DEF CON 22 video and slides.torrent


DEF CON Call for Feedback image

Waiting for the DEF CON 22 audio-only torrent? Wait no more! Every talk in one juicy torrent. Slurp them, seed them and load them into the noise-producing device of your choice. Feel the commute flying by - embiggening your brain painlessly as you go!

Enjoy, and share the love.

DEF CON 22 audio torrent


DEF CON Call for Feedback image

What's your favorite recent (2000 and later) tech/hacker/geek fiction?

The update of the DEF CON resources section continues. This time we're looking for your favorites in the area of fiction. What tales of geekery and hackerdom have captured your attention in recent years? In our hemisphere, the onset of winter brings with it a craving for meaty tomes to sustain us in our long hibernation. Share your favorites with us! Send suggestions to sleestak [at] defcon ]dot[ org!

We've updated the site's 'Resources/Book List' and 'Resources/Links We Like' with some of your suggestions, but if you have something to add to those lists, we're always listening.


DEF CON torrent image

Time to fire up your netslurpers - the DEF CON 22 video and slides are available for your datasuction. All the speakers, all the slides, in convenient Torrent form. Please enjoy them, share them, and seed if you are able. There's a lot of good stuff in there - you might want to block off a couple of days if you're a binge watcher.

Prefer a lighter download? Audio-only torrent should be live tomorrow. By the end of the week we'll have the slide-only and talking-head only versions too, if that's your thing.

The wait is over. Download 'em, seed 'em and spread the word.


DEF CON eBay store image

We've launched an eBay store for DEF CON swag and collectibles. Right now, there's only three items, but we're stocking the e-shelves right now. Stay tuned!

http://stores.ebay.com/defconcommunications


Happy Thanksgiving image

As you dig into the turkey, and enjoy the company of friends and family, we at DEF CON want you to know we’re thankful for you, the hacker community. You put so much into our conference , and make it something special! Happy Thanksgiving everyone!


DEF CON 23 Theme image
We’re announcing the theme for DEF CON 23 early. Like, hella early. Right now early.

The theme will be ‘The 23 Enigma - a Hacker Noir’.  Fedoras and rain-slicked streets. Smoky back rooms and numbers that show up too often for coincidence.  While the good people of Everytown dream away the dark hours, the data wars rage without ceasing. Sleepless vigilantes fight for the users, though the users may never know. No matter. A bottle of the good stuff, a fast connection and the room to do a righteous night’s work, that’s enough. It’s gotta be. It’s all that’s left.

Hackers, start your imaginations.

The Dark Tangent’s announcement is here: https://forum.defcon.org/showthread.php?t=14096


Link roundup image

If you haven't gotten yourself involved in a DEF CON group, there's no time like the present to make some new friends, contribute to some cool projects, and generally help make the world a more hacker-friendly place. You can find information about DCGroups on the defcon forum, and in the groups section on defcon.org. Can't find one nearby? Start one!

Here's a short list of some of the US DCGroups meetings going on in the next few days:

Wednesday, November 12

DC214 (Dallas/Fort Worth) 7pm at Lakewood's First and 10 - contact (dc214.org)

Thursday, November 13

DC412 (Pittsburgh) 7pm at SEI Building, Oakland PA (rsvp at http://www.meetup.com/Steel-City-InfoSec/events/)
DC612 (Minneapolis) 6pm at Elsies Bar and Bowling Alley - event page (dc612.org)

Friday, November 14

DC719 (Colorado Springs) 7pm CTU Room 112 (dc719.net)
DC801 (Salt Lake City) 5pm at 801 Labs (dc801.org)

DCG POCs - got something going on you don't see here? let us know!


Link roundup image

Last week 'Operation Onymous' - a Law Enforcement sweep of Tor hidden services websites - netted about 400 takedowns and 17 arrests.

The Tor blog has a post summarizing what happened, offering suggestions and soliciting feedback. The operator of seized hidden service site Doxbin has released his logs in hopes of helping find how the network was compromised.

For anyone looking for a discussion of the Tor network, what it can and cannot do and what users must do to maximize its effectiveness, we offer a talk from the Tor Project's Runa Sandvik from DEF CON 21.

http://youtu.be/qWr5D2RoXoo

https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous

http://gizmodo.com/here-are-all-the-dark-net-markets-seized-in-operation-o-1656541553

http://en.wikipedia.org/wiki/Operation_Onymous

http://www.wired.com/2014/11/operation-onymous-dark-web-arrests/

http://www.theregister.co.uk/2014/11/09/torpedod_dev_dumps_doxbin_files_after_police_raids/


Link roundup image

We've mentioned it before, but the news about government spying sort of drowns it out: the commercial entities tracking your digital footprints are just as determined to capture all of your data and use it against you.

This week's big corporate data collection story was about Verizon and the 'unkillable' 'perma-cookies' they've been injecting into their customer's web traffic. It's certainly more the rule than an isolated example of service providers getting all up in your KoolAid, but it's generated interest because Verizon is huge and they are going out of their way to circumvent privacy measures built into your mobile devices.

This link roundup is about the Verizon story, but it's also a general reminder of the hard work that many, many digital middlemen put into unraveling your privacy sweater for power and profit. It's also a reminder that we have to be loud about these intrusions if we want them to stop. Companies like Verizon are not going to voluntarily give up all that sweet data unless they know they're going to lose subscribers.

We close the roundup with a link to a turbo talk from DC 19 about one man's work toward unveiling the methods of some major corporate browser history snoops.

http://bits.blogs.nytimes.com//2014/11/04/verizon-wireless-under-fire-for-ad-targeting-program/

http://www.pcworld.com/article/2841793/twitters-mopub-ad-exchange-grabs-verizon-tracking-cookies-and-more-may-follow.html

http://www.slate.com/blogs/future_tense/2014/10/29/verizon_perma_cookie_mobile_carriers_are_officially_out_of_control.html

http://www.forbes.com/sites/kashmirhill/2014/10/28/find-out-whether-this-privacy-killing-super-cookie-is-on-your-phone/

http://www.tomsguide.com/us/att-tracks-mobile-users,news-19848.html

http://youtu.be/BAdtXkus-Xc


call for feedback image

We're updating the DEF CON website's resource recommendations, and we'd love some suggestions from you. We're starting with computer reference books. We want to know which ones you find yourself going back to, which ones changed the way you think. What computer reference book has been indispensable to you? Send your suggestions to sleestak at defcon dot org!

We'll be asking for lots of other types of recommendations in the coming weeks.


speaker

We present to you, today’s featured DEF CON Speaker! The greatest ever! Ermahgerd look at it amplifry! What a work horse! Never tires! All it’s bass…

Don’t like this? Do something about it.

If you’re a DEF CON Speaker (past or present) and would like to write a post to become featured here, on the Speakers Corner section of defcon.org, please send an email to Talks (at ) defcon (dot) org with your story. Drop us a line, let us know what you’re working on or what you’d like to share. DEF CON Groups members and speakers that also includes you! What’s your group been up to these days? Topics can vary from discussions on latest buzzword, walkthroughs, attack & defense, bio hacking, tips for improving certain skills, opinions on the state of affairs, etc. The possibilities are endless, and we are looking for content that fits in the spirit of http://en.wikipedia.org/wiki/Speakers'_Corner


Golden Key

In September, Apple and Google both announced that they were going to ship their new devices with encryption turned on by default.  

This has caused some concern in the Law Enforcement community. James Comey, current Director of the FBI, went on 60 Minutes to urge manufacturers to reconsider. He believes that if the good guys don't have a 'golden key' to everyone's mobile device, the bad guys can 'go dark' and gain an advantage will lead to terror, child abduction and ‘threatens to take us all to a very, very dark place’.

There are a lot of problems with this logic. For example:

Evildoers always have the option of ‘going dark’, regardless of how much privacy we give up.

The 'golden key' isn't the only way for LE to get the data they want.

 

Most importantly, it's not possible to create a back door that can be entered only by the pure of heart. If the righteous can squeeze in today, the sketchy will, inevitably, squeeze in tomorrow. Later today, most likely.

 

Threatpost:
https://threatpost.com/edward-snowden-and-the-death-of-nuance/103902

Schneier on Security:
https://www.schneier.com/blog/archives/2014/10/iphone_encrypti_1.html

NYT:
http://www.nytimes.com/2014/10/17/us/politics/fbi-director-in-policy-speech-calls-dark-devices-hindrance-to-crime-solving.html?_r=0

Gizmodo:
http://gizmodo.com/why-the-fbi-director-is-wrong-about-encryption-1648334901

Just Security:
http://justsecurity.org/16503/security-front-doors-vs-back-doors-distinction-difference/


Materials Archive artwork

Greetings, DEF CON community. Today, we bring you another update to our growing online archive for DEF CON 22 - all the links to the presentation materials, wrapped in a pretty little RSS bow for your convenience. All the presentation slides, links to all the tools and extras, all by grabbing the link below. Perfect for every occasion, and excellent as a holiday gift for the hard-to-buy-for geeks in your life. Because we love you. Watch this space for more DC22 video soon.

DEF CON 22 Materials RSS


Photo of DEF CON 22 badges

Sure, you love your DC22 badge. You love its sleek design and its powerful S guts. You swoon for its enigmatic symbols and breathtaking adaptability. But deep down, you worry that you could love it a little more if there was badge code available in C.

Worry no more. Instead, rejoice! Head over to the Parallax Forums and get to hacking that badge, C-style. If you do something awesome, let us know.


Screen Cap of Hacker Jeopardy video

Because we love you, a midweek treat: enjoy the thrilling conclusion to DEF CON 22's Hacker Jeopardy Competition. For those of you playing along at home, good luck. For those of you attempting to listen in a public space, be warned there is foul language shouted at weather-altering volume. Headphones suggested.

Enjoy, share, and begin assembling your team of heroes for DC23!


Screen Cap of Hacker Jeopardy video

For your enjoyment, we offer you Night One of our long-running hacker trivia gameshow 'Hacker Jeopardy'. Match wits with our champions by playing along at home (beers optional). If you play along at work, remember the headphones. Salty language and lots of shouting.

As always, enjoy and share. The exciting conclusion later this week.


DEF CON 22 hotel rate infographic

The DEF CON rate is available at the following hotels: Paris, Bally's, Ceasars Palace, Planet Hollywood, Flamingo and Quad.

To get in on this rate, you'll need to use this link.

https://resweb.passkey.com/go/SBDEF5

Do not worry if the form doesn't immediately show the discounted rate. To verify that you're getting our price you can mouse over the dates you've selected or begin the checkout process.

If you prefer to use the telephone for this kind of thing, here's the list of participating hotels and the relevant Group Codes:

Ballys
800-358-8777
SBDEF5

Paris
877-603-4389
SPDEF5

Caesars
866-227-5944
SCDEF5

Planet Hollywood
866-317-1829
SMDEF5

Flamingo
888-373-9855
SFDCC5

Quad/Linq
866-523-2781
SQDEF5

We are excited about all the new space, and we hope you'll be able to join us.


Torrent logo

Tired of listening to your mp3 collection? Looking for a way to spice up that ho-hum hard drive? When's the last time you and your music stash really... connected?

Take care of your ears. Hot DJ sets have been shown in clinical trials to help treat the symptoms of boredom, malaise and sickofmycollectionitis. Side effects may include stupid grin, periodic head nodding and uncontrolled shaking in the booty region. If symptoms persist for more than four hours you should probably drink some water.

Ask your doctor if DEF CON 21 Music Torrent is right for you.


Torrent logo

First up for your next leech 'n seed, we have the video for all the Wireless Village talks. That's three days worth of talks about subjects like Software Defined Radio, Bluetooth and yes, the Pineapple. Get on it, and you could have a significantly higher Wi-Q by Monday.

Wifi Village Talks at DEF CON 22 - Torrent


CTF Monument graphic

We’ve updated the CTF page on the DEF CON website. In addition to being the new permanent home for the torrent link to CTF packet capture Valhalla (170 gigs of that uncut raw), it’s also home to a small but hopefully growing number of walkthroughs and write-ups. As we get them in, we’ll put them on.

That’s what we are doing for you, for loving the CTF tournament. What you can do for us is seed, seed, seed and spread the word.


Torrent logo

Your half-full drives are vulnerable. The webs are just looming there, waiting to pump your memory full of bad music, dumb videos and pictures of other people’s unremarkable pets. Protect yourself. Fill up that dangerous unused space with DC-related goodness.

So far, we’ve got six new and updated torrents up:

DEF CON 22 Speaker Materials:
Updated Speaker Materials: Torrent Torrent Icon

DEF CON 22 Music:
Music CD: Torrent Torrent Icon

DEF CON 22 Badge:
Collection of files related to hacking the DEF CON 22 Badge: Torrent Torrent Icon

Collection of Hacker Documentaries hosted on defcon.org (Updated): Torrent Torrent Icon

Collection DEF CON Hacking Conference Con CD/DVDs (Updated): Torrent Torrent Icon

Collection DEF CON Hacking Conference Programs (Updated): Torrent Torrent Icon

We’re going to be adding to that list in the coming days. Together, we will fight back the secret scourge of disk encruftment.


Closing Ceremonies video screencap

For today’s #defconflashbackfriday we’re going all the way back to August of 2014 and serving up the DEF CON 22 closing ceremonies. So if you were at the show but didn’t make it to the end credits,or you haven’t been to a DEF CON and want to get an idea of the sheer scope of the event, this flashback is for you.

As always, enjoy it and pass it on.


CTF Monument graphic

Do we ever have a treat for you analytically inclined individuals. The complete packet captures from the DEF CON 22 Capture the Flag competition are now available for your leeching pleasure!

That’s right: 170 glorious gigabytes, packaged up in a handy torrent for your convenience! All of the traffic from the World Series of hacking contests, now yours to fold, spindle and mutilate to your heart’s content.

Enjoy, share, and if you can, seed this data. Packet captures taste better when they’re shared.


Old printing press with DEF CON smiley

Every year, we collect and share a sampling of the published reports from the press that covered DEF CON. It's interesting to see what gets the most interest, and it's gratifying to see that every year there are less stories about how scary hackers are and more stories about the incredible things hackers create and what we can learn from investigating the technology that surrounds us.

Transportation security, digital privacy, and the unexpected musings of eccentric AV software titans seemed to top the list in 2014. You can peruse the whole thing at your leisure on our press archive page.


Dark Mail screenshot

Ladar Levison and Stephen Watt are working on the future of secure email. For your Thursday, we offer you the peek into their work on DIME that they shared with us at DEF CON 22. It's a very interesting talk, with a lot of information and acronyms. There's a lot to learn about how email security is broken, and a lot of ideas about how it could be fixed in the future.

As always, pass it on.


Sound of Knowledge screenshots

Maybe you weren’t able to attend the the hacker playground that was the 22nd DEF CON. Perhaps you did, and just didn't get to pick up all the bleeding edge research our speakers were throwing down.

Take heart, hacker brethren and sistren, our friends at the Source of Knowledge record it all, and you can purchase those presentations for frame by frame forensic dissection in HD video format! In fact, they also offer a streaming option for those that like to keep it online.

Check out all of the purchase options at defcononline.com!


Screen shot of DEF CON 22 Archive

Good news, everyone! The archive page for DEF CON 22 has opened for business. It feels like DC was only a couple of weeks ago, but you can already see the slides and extra materials from all the main-track talks.  We’ll eventually be adding audio and video as well, so keep an eye on this space. In the meantime, bum rush these Power Points to you heart’s content.

As always, pass it on.


Screen shot of Internet of Fails talk

Early Release! More video from DEF CON 22! This time it's a presentation from Zach Lanier and Mark Stanislav about the many ways the Internet of Things isn't ready for prime time, security-wise, and some insight into the work being done to make it safe to connect your various 'Things' to the IoT. Enjoy, think carefully about how much you need your SlapChop all up in the cloud, and share. http://youtu.be/WHdU4LutBGU?list=PL9fPq3eQfaaBCdjbKFYjosh1s1EkaYdsQ


contest results image

We had a lot of incredible contests at DEF CON 22. So many contests that they could have seceded and formed the People’s Republic of Contestia. So many, in fact, that the results are still coming in over a week later. To keep you informed, we’ve created a Contest Results Page on defcon.org. Check out who won, find links to the contest websites for further information.

If you don’t see your favorite contest, let us know @defcon or contact the contest organizer and ask them to submit their results.


screencap of polstra talk

The way I see it, Thursday is the Friday of the middle-week. So for your Thursday enjoyment, here's a talk fresh off the presses from DEF CON 22 - Dr. Phil Polstra speaking on low tech methods for detecting high-tech surveillance. Enjoy, take the info that works for you and pass it on. Share with everyone. http://youtu.be/Bc7WoDXhcjM?list=PL9fPq3eQfaaBCdjbKFYjosh1s1EkaYdsQ


powerlines

More DEF CON 22 goodies for you - the packet captures from the ICS Village are available for you to download and dig through at your leisure. Also, if you have pics from the ICS Village, please share them with @ICS_Village on Twitter.


War Kitteh screen shot

One of the popular talks from DEF CON 22 - "Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog" by Gene Bransfield. Enjoy, and share. http://youtu.be/DMNSvHswljM


DC GROUPS logo

So you've been home from DEF CON for a week now - probably settled back into your normal routine. In the back of your mind, though, there's probably a little voice that wishes you could have DEF CON-style hacker camaraderie and learning opportunities all year long.

The good news is, you can. You can join a DC Group in your area. If there isn't a DC Group in your area, you can start one. The instructions for starting a group are at the link below, as well as a listing of the hundreds of groups that already exist around the world.

And when you get involved, be sure to keep in touch with us on social media. Let us know when you're meeting and we'll share it. Tape your presentations and we'll share those, too. Let's make this the fastest trip from one DEF CON to the next by keeping the ball rolling all year.

https://www.defcon.org/https://defcongroups.org


attack visualization of CTF

Legitimate Business Syndicate has placed the final results of the DEF CON 22 CTF Finals on their website.There's scores, some shout-outs and even an explanation of their fancy radio badge and the cool contest visualization they debuted this year.

Congratulations to all won the right to participate, and extra respect to Plaid Parliament of Pwning, HITCON and Dragon Sector for taking 1st, 2nd and 3rd respectively.

https://legitbs.net/2014/


LosT and DT Talking

What a difference a year makes. At DEF CON 21, Major Malfunction and Zac Franken created a Kickstarter for the RFIDler in a room at the Rio. At DEF CON 22, they returned with a mature and very impressive tool and even bigger plans for the future.

In this video, Major sits down with DT to talk about the RFIDler project.


LosT and DT Talking

One of DEF CON's secret weapons is LosT, our resident Puzzle Master and Lord of the Badge. You can see his work all over DEF CON, from the insanely hackable badges to the secret codes and messages hidden all over the program and the venue.

Dark Tangent interviews him here about all of his various DEF CON activities, his process and even gets a few hints dropped for next year's puzzles.


DEF CON 22 floor circle

This was an amazing year, and we've got a lot to share about it. Tons of stuff coming down the wire very shortly. In the meantime, enjoy this VERY thorough walkthrough of the DEF CON Badge Challenge from Team PotatoSec (Warning: Spoiler alert for those still trying to solve):

http://potatohatsecurity.tumblr.com/post/94565729529/defcon-22-badge-challenge-walkthrough


DEF CON 22 logo

The hackening is in full swing at DEF CON 22. The Rio is abuzz with all manner of high-octane geekery. If you're here, you're probably too busy leveling up to keep an eye on the press surrounding the event, so we bring you this mini-roundup of press links to see what the rest of the world is saying about us.

http://www.wired.com/2014/08/defcon-2014-badges-revealed/

http://blogs.wsj.com/digits/2014/08/08/telsa-invites-hackers-for-a-spin/

http://www.scmagazine.com/defcon-traffic-control-systems-vulnerable-to-hacking/article/365416/

http://www.theregister.co.uk/2014/08/09/technology_and_market_forces_will_defeat_surveillance_society_claims_crypto_king/


DEF CON 22 logo

DEF CON is in full swing - so there’s a million things going on. Here’s a few recent news items to tide you over while we get the party set up.

If you’re one of those people that enjoys being entertained by entertaining entertainers, you’re going to want to check out our newly minted ‘Entertainment’ page. So much music - it’s like Coachella for people who people smart enough to test out of Coachella.

https://www.defcon.org/html/defcon-22/dc-22-entertainment.html

For lawyers, judges and law students, there’s a Lawyer Meetup this year. DEF CON General Counsel and Chief Legal Raconteur Jeff McNamara invites all with a connection to the practice of law for a relaxed low-key meet up followed by a spirited trip to the Voodoo Lounge.

Don’t forget to stop by Track 3 at 9pm on Friday and Saturday for Movie Night with Dark Tangent. Friday we’re showing ‘The Internet’s Own Boy’ - a moving bio of internet hero Aaron Swartz. Director Brian Knappenberger and Aaron’s brother Noah will be in attendance for Q&A.  Saturday, we’re showing ‘The Signal’. Directed by Will Eubank (who will also be in attendance), ‘The Signal’ is a mind-bending new scifi film that starts with some hackers on the road to DEF CON.

A few pro tips: stay hydrated, remember to eat and sleep. Keep the program handy - it’s like the Galactic Encyclopedia of DEF CON. Bring extra socks. Make new friends. Hack 100% of the things.


Alt text for image
For the Kids: Rootz Asylum at DEF CON 22

Rootz Asylum (formerly DEF CON Kids) has a full schedule of goodness planned for your padawan hackers. Learning, competition, fellowship with other hackish youth. It's pretty great. Back-to-school will definitely be cooler for the kids who spent their summer vacation winning DEF CON. http://www.r00tz.org


Alt text for image

The sci-fi mind bender ‘The Signal’ centers around hackers on a road trip to DEF CON, so we can be forgiven for being a little biased in its favor. But from that promising starting place, the escalating weirdness and suspense take the movie everywhere but where you might expect. We don’t want to spoil anything - you’re gonna thank us if you go in with a clean slate. We’re proud to have ‘The Signal’ for Saturday’s ‘Movie Night with the Dark Tangent’, and we’re prouder still to have director Will Eubank on hand for Q&A after the screening. The last reel will definitely make you want to talk to Mister Eubank. Make it a point to be there!
Saturday the 9th at 21:00, Track 3


Hard drive dupe image

For even faster leeching pleasure of the conference media server we have invested in hard drive duplication towers, and next year DT plans to launch the Data Duplication Village.

Too busy to pick and choose what you want from the server and want it all?? This year we have three sets of 4TB drives that contain the same data as the media server, just split up and color coded. If you want to duplicate a particular drive you need to show up at the INFO BOOTH with your drives at the start of each day. First come First server. It will take about 8 hours to dupe a 4TB drive so a set will start in the morning and a set in the evening, to finish overnight.

There should be six 1:11 duplication towers (If they show up in time), with two for each drive color. That means we can dupe 66 drives at a time. Once enough people show up to fill a station the duplication process starts.

As of this writing it is sorted like this:

BLUE Drive = Conference Archives 1 of 2, including DEF CON
GREEN Drive = Conference Archives 2 of 2
ORANGE Drive = Podcasts, Cryptome, 1.5T of the Hak5 archives, FOSS Operating Systems, all other content

There will be an updated list at the infobooth.

Want in on it? Go buy some 4TB SATA II 7200 RPM drives (internal drives, not usb). Buy three if you want to try for the complete collection this year. I'd do it in advance, I think the local Frys will sell out! Duping should start Thursday!


The Orb

You better have just done that spit-take. That's right. Electronica/Trip-Hop/IDM/dub music classics and pioneers: The Orb. They're here. They're kicking. And on the 3rd day of DEF CON (Saturday night/Sunday morning 00:00-01:00) their divine presence shall bless the glorious attendees who... attend their glorious and divine performance. Those who do not attend will be forsaken and cast into the dystopian landscape known as "the rest of Las Vegas." And so this event shall henceforth be written into the Dark Tangent's Book of DEF CON, Volume 22 - also referred to by some as "the conference program." So say we all.


DJ Spooky: That Subliminal Kid a.k.a. Paul D. Miller

A major announcement right here. We're bringing you the legendary DJ Spooky (That Subliminal Kid), a.k.a. Paul D. Miller. His CV runs deeper than the Mariana trench and is more Renaissance than the Teenage Mutant Ninja Turtles combined. Perhaps originally and best known for his artisinal music crafting (collaborating on projects with Meat Beat Manifest, Slayer, Chuck D.) and turntablism , he's become a university music professor (EGS, Switzerland), author (too much stuff to list), and an executive director of Origin Magazine. He's had his works featured in major museums like the Warhol, The Whitney, the Museum of Contemporary Art (Chicago), blahblahblahblah the pseudo-anonymous writer of this announcement could go ad infinitum. The point is, he's attained legendary-levels of awesome, and is coming to DEF CON to drop some hip-hop (perhaps with orchestral accompaniament) on Thursday Night in Track 1 (22:00-23:00)!


Elite Force image

A favorite from DEF CON XX (he dropped the killer set after The Crystal Method), we're bringing the near-mythical adrenaline-inducing Elite Force back for another sonic pummeling. Many of you may also recognize one of his prior projects, Lunatic Calm, which had music featured on films like The Matrix, Mortal Kombat: Annhilation, Drive, and tooons of others. We're extraordinarily excited to have Elite Force back, and we'll all need to be sure to keep our collective cholesterol levels in check to ensure we can survive his performance. Catch him Saturday night in track 1 (23:00-00:00)!

MC Frontalot image

Another throwback to DEF CON XX, we're bringing back one of the grandmasters of Nerdcore hip-hop, MC FRONTALOT. His prolific lyrical stylings have been proverbially known to knock socks off, so shoes (as always) are encouraged (we'll let sandals slide too). He's also the star of the acclaimed documentary Nerdcore Rising. Catch him Friday night in Track 1 (23:00-00:00), alongside other hard-hitters and partners in nerdcore-crime Dual Core and ytcracker!


Anamanguchi promo image

Today we announce eccentric retro electro video game chip-tune-inspired dance-rock that is purveyed by ANAMANAGUCHI. Not only is their music video game-inspired, their music actually HAS appeared on video games (like Rockband and Scott Pilgrim vs. The World). The real deal! Check 'em out at the Friday festivities in track 1. (set time: 00:00, Saturday AM)!

Also be sure to check out their totally rad and typically incredibly neon music videos:


Zebbler image

Do you remember the giant projection-mapped DEF CON exploded face? Or maybe the dragon installation? Or how about the DEF CON sign installation in the chillout lounge last year? These are the epic works of Zebbler's design team, who have also developed installations for the likes of Shpongle, EOTO, and a number of other class acts. But Zebbler doesn't just excel at design. He also excels, along with his comrade Encanti at music. Together, they form an incredible audiovisual duo that goes by Zebbler Encanti Experience, and they will be purveying this experience to you at DEF CON 22! Take delight in their glorious bassy weirdness at DEF CON's official Saturday evening event in track 1 (set time: 01:00, Sunday) !

Most of their music is free/pay-what-you-can too! Check it out:


Last Minute graphic

Attention all accepted DEF CON speakers! The deadline for getting your materials in for inclusion on the conference CD is Tuesday, July 15. Pencils down. Pass your paper to Nikita. Thank you.


Capture the Packet logo

Registration is now open for those willing to push their Cyber Traffic Analysis skills to the limit, you can compete in the latest Cyber Analytics and Network Forensics Challenge. Now in its fifth year ! Capture the Packet has brought more APT’s, Trojans, Malware, Web and Red team attacks, network issues and sneaky covert channel coms to one event ! Do you know when important data is leaking out of your network and who is doing it - Can you handle the Advanced Persistent Threat ? Can you spot that nasty bug your neighbors workstation contracted from visiting an infected website ? Can you spot a networking configuration issue with routing, spanning tree, BGP or OSPF ? Do you know how to count your IPV6 lucky stars ? Do you speak VOIP, MGCP or H323 ? We welcome everyone to try their hand at the most intense live network traffic analysis and forensic challenge, who knows you could be our next grand finals winner. You must bring your own laptop/computer to compete in this challenge, remember while this is not an attack game, it is a hostile network.

Details:

This year, the completion is handled in three Challenging phases:

Pre-Qualifying Rounds Start Thursday August 7th at 1:00pm and End Friday August 8th at 1:00pm
Those that have the highest scores “overall” from all rounds combined, essentially 40 teams will move on to the qualifying rounds

The Qualifying rounds are held starting Friday August 8th at 2:00pm and end on Saturday August 9th at 1:00pm
The top 10 teams from the Qualifying rounds with the highest over-all move on to the finals held on Saturday at 6:00pm

The Final round will consist of the top 10 scoring teams to survive the qualifying rounds,
These 12 teams will compete in a two hour long finals competition to determine the winner

Register your team of two – at https://www.capturethepacket.com/ctp_dc_signup.html, or sign-up onsite.

Capture The Packet will be hosted in the “Packet Hacking Village” at the DEFCON Entrance Area !


G+ Hangouts Logo

We’re trying something new. Friday, June 27th at 11am Pacific Time, we’re hosting our first Google Hangout on Air. The guest is Jennifer Granick, DEF CON CFP Review Board member, preeminent hacker defense lawyer and Director of Civil Liberties for the Center for Internet and Society at Stanford Law School. The subject is her recent article for Wired regarding the verdict in United States v. Davis and what it could mean for the future of mass surveillance.

If you’ve got good questions about the intersection of law and ‘metadata’ collection, either leave them here in the comments or ask them live at the Hangout tomorrow.

If you’re not following us on Google Plus, the link is here:

https://plus.google.com/+DefconOrgplus/

Join us, and as always, spread the word.


Hand dropping mic

‘This talk is amazing!’ You say this to yourself (inside voices) while watching someone awesome say and demonstrate awesome things. ‘How does DEF CON consistently pick so many great talks? They must have a team of borderline superheroes slogging through hundreds and hundreds of proposals for months! Who could those paragons of determination and insight BE, exactly? How could I learn their handles and perhaps show my appreciation by buying them many beers?’

Here’s an answer key to these questions you’re asking yourself:

1.)This talk probably is amazing. Not really a question.
2.)Lots of caffeine and eyestrain. Also dedication and love.
3.)They do have a team of borderline superheroes, and there is no DEF CON without them.
4.)They are known as the DEF CON CFP Review Board.

You can check out their page here. And maybe show them some love.


Hand Dropping microphone

This is it. The speaker list for DEF CON 22 is now locked and complete. This means two things: DEF CON is really almost here, and we are now hard at work creating the Tracks and the Schedule (watch this space, buckaroos). We're very proud of the lineup we've assembled, and we think you will find a lot of good stuff to choose from. Whether you're coming to Vegas or not, we'd love it if you'd take some time to check out the speaker list and give us some feedback about what talks have you the most excited.

55 days, people. Get psyched!

New for DC101


Panel - Diversity in Information Security
Jennifer Imhoff-Dousharm, Sandy “Mouse” Clark, Kristin Paget, Jolly, Vyrus, and Scott Martin

New Presentations


The Cavalry Year[0] & a Path Forward for Public Safety
Joshua Corman and Nicholas J Percoco

Mass Scanning the Internet: Tips, Tricks, Results
Robert Graham, Paul McMillan, and Dan Tentler

Hack All The Things: 20 Devices in 45 Minutes
CJ Heres, Amir Etemadieh, Khoa Hoang, and Mike Baker

Raspberry MoCA - A recipe for compromise
Andrew Hunt

Home Insecurity: No alarms, False alarms, and SIGINT
Logan Lamb

Dark Mail
Ladar Levison and Stephen Watt

Attacking the Internet of Things using Time
Paul McMillan

Open Source Fairy Dust
John Menerick

Generating ROP payloads from numbers
Alexandre Moneger

Panel: Ask the EFF: The Year in Digital Civil Liberties
Kurt Opsahl, Nate Cardozo, Mark Jaycox, Yan Zhu, and Eva Galperin

Panel - Surveillance on the Silver Screen- Fact or Fiction?
Nicole Ozer, Kevin Bankston, and Timothy Edgar

Measuring the IQ of your Threat Intelligence feeds
Alex Pinto and Kyle Maxwell

Secure Because Math: A Deep Dive On Machine Learning-Based Monitoring
Alex Pinto

Detecting and Defending Against a Surveillance State
Robert Rowley

Advanced Red Teaming: All Your Badges Are Belong To Us
Eric Smith and Josh Perrymon

The Internet of Fails: Where IoT Has Gone Wrong and How We're Making It Right
Mark Stanislav and Zach Lanier

Domain Name Problems and Solutions
Dr. Paul Vixie


ascii DEF CON Logo

RED ALERT TOP SECRET WIKI LEAK SN0DEN LEAK GAMMA GAMMA ZF0 P0SSE DOC DROPPER

The previously sooper seekret media.defcon.org server project has leaked out on the twitter and the face book. No use hiding behind our press secretary any longer, It's better to just admit it and let everyone make up their own minds.

WHAT LEAKED? The Dark Tangent is collecting as much open source security conference footage, training materials, podcasts, white papers, videos, and anything else haxors may be interested in. He plans to make it all available at DEF CON 22 in August and let anyone download it, or even direct HD copy it.

WHO LEAKED THIS SECRET PROJECT? The Dark Tangent. Oops.

WHAT NOW? A huge burden has been lifted off of DT and he no longer has to live two lives. He can now focus on getting as much content as possible from the community.

That's where you come in.

HOW CAN I HELP?
Send links to content you think everyone should have access to that is related to the hacking and infosec scene somehow. It can be an rss podcast, a .torrent of academic journals, and ftp link to text files, a web site to mirror full of source code, an svn operating system repository, a YouTube channel, whatever!

Send your links in an email to dtangent@defcon.org, or tweet them to @thedarktangent and he will start the leeching.

HOW DO I GET MY HANDS ON THE DATA?
At DEF CON 22 you will be able to get to the gigs in a couple different ways. The con Wi-Fi network (at 802.11g speeds), through wired switches on 1 gig links in different areas, or by bringing your own 4TB SATAII or III hard drive(s).

We will have HD duplicators running all con copying drives for people who just want to drop off a drive and pick it up later.

Please help out with links, and we'll see you at con!


Hand Dropping microphone

It’s getting pretty real, people. The speaker selection process is almost complete, the party and event planning is in full swing - DEF CON 22 is just a little over two months away!

To celebrate, another round of speaker announcements. Twenty-five more abstracts to help you create your DEF CON battle plan. We anticipate one more round of announcements before the roster is locked, but by now you should have a pretty good idea how much good stuff we have on tap.

DEF CON 101 Presentations


Detecting Bluetooth Surveillance Systems
Grant Bugher

Dropping Docs on Darknets: How People Got Caught
Adrian Crenshaw

Is This Your Pipe? Hijacking the Build Pipeline.
Kyle Kelley and Greg Anderson

Home Automation and Defensive Security Measures
Chris Littlebury

Instrumenting Point-of-Sale Malware: A Case Study in Communicating Malware Analysis More Effectively
Wesley McGrew

Android Hacker Protection Level 0
Tim Strazzere and Jon Sawyer

Presentations


I am a legend: Hacking Hearthstone with machine learning
Elie Bursztein and Celine Bursztein

Hacking US (and UK, Australia, France, etc.) traffic control systems
Cesar Cerrudo

NSA Playset: DIY WAGONBED Hardware Implant over I2C
Josh Datko and Teddy Reed

Check Your Fingerprints: Cloning the Strong Set
Free and Lachesis

Shellcodes for ARM: Your Pills Don't Work on Me, x86
Svetlana Gaivoronski and Ivan Petrov

Blowing up the Celly - Building Your Own SMS/MMS Fuzzer
Brian Gorenc and Matt Molinyawe

Deconstructing the Circuit Board Sandwich: Effective Techniques for PCB Reverse Engineering
Joe Grand (Kingpin)

Panel: Ephemeral Communications: Why and How?
Ryan Lackey, Jon Callas, and Elissa Shevinsky

NinjaTV - Increasing Your Smart TV’s IQ Without Bricking It
Felix Leder

Catching Malware En Masse: DNS and IP Style
Dhia Mahjoub, Thibault Reuille, and Andree Toonk

Old Skewl Hacking: Porn Free!
Major Malfunction

A Survey of Remote Automotive Attack Surfaces
Charlie Miller and Chris Valasek

Learn how to control every room at a luxury hotel remotely: the dangers of insecure home automation
Jesus Molina

Acquire current user hashes without admin privileges
Anton Sapozhnikov

Impostor — Polluting Tor Metadata
Charlie Vedaa and Mike Larsen

Manna from Heaven: Improving the state of wireless rogue AP attacks
Dominic White and Ian de Villiers

The Open Crypto Audit Project
Kenneth White and Matthew Green

Practical Aerial Hacking & Surveillance
Glenn Wilkinson

Don't Fuck It Up!
Zoz


DARPA Cyber Grand Challenge Logo

The Cyber Grand Challenge asks some simple questions - can you create a fully-automated system to detect, thwart and mitigate network attacks? Can you build one so effective that it can win an all-computer tournament without human intervention? Would you like 2 million dollars?

If you have a great proposal but lack the funds for a 2-year competition, you can pitch DARPA for funding - they’re already backing seven of the registered teams. Teams that survive the quals in June 2015 are eligible to compete in the final tournament at DEF CON in 2016. Grand prize is $2 million dollars.

Competitors will need a dizzying array of skills and an encyclopedic understanding of every form of network kung-fu. They will also need a pretty serious amount of free time, but the winner gets a nice check and an answer to the question of what to put first on a resumé.

We believe that such a team must exist in the DEF CON family. If you think you’re up to the challenge, more information awaits you at the DARPA CGC page.

http://www.darpa.mil/cybergrandchallenge/


Short story contest Logo

The DEF CON 22 Short Story Contest is now closed. Time for you to head over to the forums and vote for the People's Choice Awards. You're the people. Get in there. Be somebody.

https://forum.defcon.org/forumdisplay.php?f=796


Hand dropping Microphone with DC22 Logo

Hot off the presses - more speaker selections. Several of them are for the DEF CON 101 Track, newly expanded for DC 22 and running all the way through the con. The rest of the presentations listed here fall into the other tracks, and if we do say so ourselves, this is shaping up to be quite the year, hackwise. You’re definitely going to want to make sure you have a seat for some of these. The titles alone should tell you we’re coming correct in 2014.

New Presentations


The Simple Route to Backbone Routers
Luca "kaeso" Bruno and Mariano "emdel" Graziano

Summary of Attacks Against BIOS and Secure Boot
Yuriy Bulygin, Oleksandr Bazhaniuk, Andrew Furtak, and John Loucaides

Saving Cyberspace by Reinventing File Sharing
Eijah

Secure Random By Default
Dan Kaminsky

Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring.
Ryan Lackey and Marc Rogers

Just What The Doctor Ordered?
Scott Erven and Shawn Merdinger

NSA Playset : GSM Sniffing
Pierce and Loki

Don't DDoS Me Bro: Practical DDoS Defense
Blake Self and Shawn "cisc0ninja" Burrell

"Around the world in 80 cons” - A Perspective
Jayson E. Street

DEF CON 101 Presentations!


Now running Thurdsay through Sunday!

The DEF CON 101 track is a series of talks aimed at attendees who are not yet internationally-recognized infosec experts. This is not the n00b track. But if you're interested and engaged in the hacker community, these sessions are right up your alley. From Sysadmins & NOC Jockeys to College Students & IT Professionals, everyone exploring the world of Information Security can expect to feel welcome, not intimidated. We have grouped the sessions by interest area, so you're not spending all day bouncing between talks.

DEF CON 101 - The Talk
HighWiz, Lockheed, Pyr0, Roamer, and LosT

Protecting SCADA From the Ground Up
AlxRogan

Hacking 911: Adventures in Disruption, Destruction, and Death
Christian “quaddi” Dameff, Jeff “r3plicant” Tully, and Peter Hefley

How to Disclose an Exploit Without Getting in Trouble
Jim Denaro and Tod Beardsley

NSA Playset: PCIe
Joe FitzPatrick, Miles Crabill, and Dean Pierce

Oh Bother, Cruising The Internet With Your Honeys, Creating Honeynets For Tracking Criminal Organizations
Terrence Gareau and Mike Thompson

The Monkey in the Middle: A pentesters guide to playing in traffic.
Anch

Investigating PowerShell Attacks
Ryan Kazanciyan and Matt Hastings

Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter!
Jake Kouns and Carsten Eiram

Meddle: Framework for Piggy-back Fuzzing and Tool Development
Geoff McDonald

One Man Shop: Building an Effective Security Program All By Yourself
Medic

Rf Penetration Testing, Your Air Stinks
RMellendick and DaKahuna

Touring the Darkside of the Internet. An introduction to Tor, Darknets, and Bitcoin.
Metacortex and Grifter

USB for All!
Jesse Michael and Mickey Shkatov

ShareEnum: We Wrapped Samba So You Don’t Have To
Lucas Morris and Michael McAtee

An Introduction to Back Dooring Operating Systems for Fun and Trolling
Nemus

Standing Up an Effective Penetration Testing Team
Wiseacre

Data Protection 101 - Successes, Fails, and Fixes
PTzero

Anatomy of a Pentest; Poppin' Boxes like a Pro
PushPin

Practical Foxhunting 101
Adam Wirth (SimonJ)

Blinding The Surveillance State
Christopher Soghoian

Bug Bounty Programs Evolution
Nir Valtman

Client-Side HTTP Cookie Security: Attack and Defense
David Wyde


CTF sunset

The DEF CON 22 CTF Qualifiers are in the books. Challenges were faced, and bested. Points were accumulated. Bedtimes were missed. It’s all over but the paperwork.

So here’s a roundup of writeup links. IF you participated, read and see how other people approached the same problems. If you didn’t, read and get an idea of how the CTF process works and consider signing up next time. You lose 100% of the CTFs you don’t enter.

If you enter, you could still lose 100%. That’s just math. But you’ll have a story. An awesome, glorious, highly technical story to share with the tiny slice of humanity who can understand this sort of thing.

There’s also a bonus link to a GitHub collection that looks like it might end up pretty comprehensive.

https://hackucf.org/blog/category/writeups/defcon-quals-2014-writeups/
http://blog.spiderlabs.com/2014/05/defcon-22-ctf-qualifiers-writeup.html
http://balidani.blogspot.com/2014/05/def-con-quals-2014-100lines-writeup.html
http://ahack.ru/write-ups/defcon-quals-14.htm
http://zepvn.com/blog/defcon-ctf-quals-2014-100lines.php
http://zepvn.com/blog/defcon-ctf-quals-2014-byhd.php
http://sigint.ru/writeups/2014/05/19/defcon-2014-quals---zombies/
http://sigint.ru/writeups/2014/05/18/defcon-2014-quals--polyglot/
http://endgame.com/blog/defcon-capture-the-flag-qualification-challenge-1.html
https://github.com/ctfs/write-ups/tree/master/def-con-ctf-qualifier-2014


CTF temple

T minus 3 hours - DEF CON 22 CTF Qualifications are upon us! To read up on the setup for this year, you can check out the Legitimate Business Syndicate blog:

https://blog.legitbs.net/

The road to glory begins here. We at DEF CON applaud all of the brave warriors who've accepted the CTF challenge. Godspeed. May the odds be ever in your favor.


Hand Dropping mic

Don’t look now, but it’s already the middle of May. DEF CON 22 is just over the horizon, a little less than three months away. Preparations are in high gear.

Today, we bring you  more talks - 15 more, to be exact. You can check out the abstracts and speaker bios on the DC22 speaker page. We think you’ll like the choices - there’s everything from shortwave radio steganography to mischief with car firmware.

There’s more coming, of course, so keep checking back with our speaker page as we flesh out the roster.

https://www.defcon.org/html/defcon-22/dc-22-speakers.html

The new selections are:

The Secret Life of Krbtgt
Christopher Campbell

The $env:PATH less Traveled is Full of Easy Privilege Escalation Vulns
Christopher Campbell

Why Don’t You Just Tell Me Where The ROP Isn’t Suppose To Go
David Dorsey

Steganography in Commonly Used HF Radio Protocols
Paul Drapeau and Brent Dukes

Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What's Running on Your System
Shane Macaulay

The NSA Playset: RF Retroreflectors
Michael Ossmann

Attacking to Cisco Hosted VoIP Networks
Fatih Ozavci

Abusing Software Defined Networks
Gregory Pickett

Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance
Dr. Phil Polstra

You're Leaking Trade Secrets
Michael Schrenk

Zends Dead baby
Dr Steven Seeley

I Hunt TR-069 Admins: Pwning ISPs Like a Boss
Shahar Tal

Optical Surgery; Implanting a DropCam
Patrick Wardle and Colby Moore

PoS Attacking the Traveling Salesman
Alex Zacharis

Playing with Car Firmware or How to Brick your Car
Paul 0x222


Hand Dropping mic

We’re hard at working choosing the best of the CFP submissions, and today we have five more confirmations to announce. Watch this space for more speaker announcements in the coming weeks. It’s shaping up to be a pretty fascinating roster.

Getting Windows to Play with Itself: A Hacker's Guide to Windows API Abuse
Brady Bloxham

Girl… Fault-Interrupted.
Maggie Jauregui

Elevator Hacking - From the Pit to the Penthouse
Deviant Ollam, Howard Payne

Hacking the FBI: How & Why to Liberate Government Records
Ryan Noah Shapiro

The Only Way to Tell the Truth is in Fiction: The Dynamics of Life in the National Security State
Richard Thieme

You can watch the conference taking shape on the DEF CON Speaker Page:
https://defcon.org/html/defcon-22/dc-22-speakers.html


Montage of past Artwork Contest entries

Congratulations to the winners of the DC 22 Art Contest:

1st Place: Alice in Hackerland by Tess Schrodinger
2nd Place: Helicopter Parents Weren’t This Bad by Amit Yehuda
3rd Place: Bleed by Joey Strine

People’s Choice: Alice in Hackerland by Tess Schrodinger

And of course, thanks to everyone who submitted work. There is no end to the hidden talents of the DEF CON massive. You can check out the winning artwork on the DC Art Contest page:
https://defcon.org/html/defcon-22/dc-22-artwork-contest.html

And a gallery of all the entries at:
https://www.facebook.com/media/set/?set=a....

Also, don’t let the contest ending stop you - if you have the urge to create some on-theme artworks between now and the show, we’d be happy to share them with the world. You won’t win anything beyond our love and gratitude, but that’s not exactly nothing.


Montage of past Artwork Contest entries

The DEF CON 22 art contest has closed, and it’s time to start picking the winners. In the ‘People’s Choice’ category, that means it’s time for YOU to cast a vote. Check out the Artwork Contest Entries Gallery on Facebook and cast a ‘Like’ for your favorite.

The winner gets free admission to DC22, $25 credit at the Swag Booth and inky immortality in the DC22 printed program, so it’s kind of a big deal. The theme was ‘Behind the Curtain’, and the winning work should in some way capture the sense of the hidden world behind the world that is seen. Cast your votes wisely.

And as always, we thank everyone who participated in this year’s contest. If you didn’t submit and you’re feeling a little jelly, we offer the wise words of Socrates, who said to his students, “He is not wise who playa-hates; the truly wise participate. This mimosa is terrible.”


Vendor vending

Attention Entreprenerds!

DEF CON 22’s Vendor Area is a great opportunity to get your geek-centric product in front of a highly focused, upwardly mobile and possibly drunk audience of over 10,000 vacationing tech enthusiasts. Share your business with people passionate about technology, make sales, even make friends.

To sign up, head over to the vendor site, read the FAQ and get the forms filled out. Don’t delay - August is closer than you think.

http://defconvendors.com/


Smiley with a string tied to its finger

Friendly reminder - the DEF CON 22 CFP closes in two short weeks. Your submission has to be in by May 1. It’s go time, people.

To see what we’ve accepted so far, you can check the speaker page:
https://www.defcon.org/html/defcon-22/dc-22-speakers.html

The rules and regulations are here:
https://www.defcon.org/html/defcon-22/dc-22-cfp.html

If you’ve got a great idea, put it in the ring. You can’t win if you don’t play.


Hand Dropping mic

It's official. CON season is really upon us.

DEF CON HQ is proud to announce the first round of accepted speakers! Take a look, let us know what you think and what you're looking forward to most. We'd also love it if you kept your eye on the speaker page, because we'll be posting the rest of the accepted speakers as they are selected. On the speaker page you can watch DEF CON 22 taking shape, and you can weigh in here or @defcon.

We think you're gonna like the choices so far. Get excited - the countdown has begun!


SECTF Logo

The Social Engineering Capture the Flag contest is back for DEF CON 22 - this time with a Tag Team Twist! Spread the word and get signed up if you're ready to test your SE skills in Vegas!


Samples of the Faces of DEF CON artwork by Eddie the Yeti

Our community never fails to amaze. With no prompting from anyone, Eddie the Yeti has been making these beautiful portraits of DEF CON's better known faces and sharing them with the subjects.

He makes them with materials like soy sauce and coffee, wine and lime juice. He makes them insanely fast, but he still manages to get across the best of the subject's personality.

Check out his Faces of DEF CON series on DeviantArt. Check out the rest of his work, too. He's as good an advertisement as there could be for why you should come hang out with us in the desert. Brilliant, generous and doing it for the love.

Thanks, Eddie.

http://eddietheyeti.deviantart.com/gallery/

Pilgrim, another DEF CON regular, has made a tribute site to the series as well, at

http://www.facesofdefcon.org/


DEF CON 22 Logo

Good news, everyone!

It’s hard to believe, but we’re already two-thirds of the way to DEF CON 22.

As we come down the home stretch, the DEF CON 22 site will be your one-stop information center for everything DC22. We’ll be constantly updating the site with talks, contests, events, entertainers and announcements to help you get the most out of your con.

Throw us a bookmark and keep checking back. Make us a regular part of your balanced media breakfast, and we’ll keep you up to date on everything you need to know.


Keep calm and play ctf image

Good news, everyone!

Registration for the DEF CON 22 CTF season is open! To accomodate international competitors, the qualifying weekend has been moved to May 17-19.

It is time to assemble your champions. Sharpen them to a fine point. The doors to the arena open May 17. Fortune looks kindly upon boldness and skill. Failing those, she also seems pretty okay with treachery and subversion.

The information you require can be found at https://blog.legitbs.net/ . You can register at https://2014.legitbs.net/.

Step forward and meet your destiny.


Image of DEF CON gameshow

Got an idea for a game-changing contest or event? Maybe you have the expertise to run a village on a compelling topic we've overlooked? This is your moment. Submit your idea on the DEF CON CnE website - we'll partner up with the best ideas and help make them happen.

The rules and guidelines are available on the CnE website. Check them out, and get yourself involved. We look forward to hearing your ideas.

http://defcne.net/


montage of past art contest winners

We know that art takes time. We know that artists like to paint themselves into deadline corners, waiting until the last minute for inspiration to strike. If that's you, please bear in mind that the minutes run out in about two weeks. If you want to have your work considered for the contest, it has to be in to us by April 10. No exceptions.

Also, if you know a creative soul who might enjoy the opportunity, be sure to share this with them. We'd really love to showcase a lot of cool work this year.

Relevant data is all here:
https://defcon.org/html/defcon-22/dc-22-artwork-contest.html


Image of Be the Match sign-up form

For the 4th year, 'Be the Match' is returning to DEF CON. It's your opportunity to register as a Bone Marrow Donor, and maybe someday save a life. There are lots of ways to hack your body, but this one doesn't slow you down at airports or make you look sketchy.

It also makes you kind of a hero.

To find out more about how 'Be the Match' works, you can check them out at these links:

Twitter: @bethematch
Facebook: https://www.facebook.com/BeTheMatch
The InterTubes: http://bethematch.org/


Montage of past Artwork Contest entries

DEF CON Art Contest is back!

The theme of this year's art contest is "Behind the Curtain". Secrets. Lies. Alibis. The magic shades in 'They Live'. The world behind the world, where all the hidden gears are turning.  The code and subterfuge employed by the adept to sneak knowledge past the sleeping and the uninitiated.

Cool, right? If you can put together a jaw-dropping variation on that theme in the next 30 days, prizes and glory could be yours. Free admissions to DEF CON 22, credit to burn on DEF CON Swag, maybe even a T-shirt with your art on it.

There are Categories and Rules, of course. And a Deadline. All of these are important.  These things make it a contest. But you, my undercover artist friend, you make it epic. Pencils up and good luck.


DEF CON DJ Photo

If you're a musical performer, a DJ or an ambient Esperanto slam poet* who dreams of performing at DEF CON, this is your moment. We're beginning to select music acts for DEF CON 22, and we might very well need YOU.

Extra slots for Chillout/Ambient/Downtempo types this year, so you lower-BPM types should make sure to apply.

Your road to rocking DEF CON starts with reading the rules.

https://forum.defcon.org/showthread.php?t=13776

Then, if you think you have what it takes to entertain the DEF CON massive, fill out this form. https://docs.google.com/forms/d/1N0K...jAIWk/viewform

*I'm pretty sure I made that up, but I would be happy to be proved wrong. I will make you a Facebook star.


Legitimate Business Syndicate image of hackers at CTF

CTF is coming.

Steep is the climb, and narrow the way to DEF CON’s ancient and storied CTF contest. Many will take up arms, but few will persevere to the final field of struggle.

To the victor, glory eternal.

Champions must possess matchless skill, dauntless courage and reckless disregard for the goddess Circadia and her infernal rhythms. They must also pre-qualify.

To that end, Legitimate Business Syndicate has posted the Pre-Qual Events list on the DEF CON website. Your journey begins there.

Godspeed, you magnificent bastards. Godspeed.

https://www.defcon.org/html/links/dc-news.html#dc22qualifiers


DEF CON Calendar icon

Sure, you know that DEF CON 22 rolls around August 7-10, 2014. Everyone knows that. But do you know the dates for DEF CON 23? DEF CON 24?

Probably not, because we're announcing it right now. DEF CON 23 will be August 6-9, 2015, and DEF CON 24 will be August 4-7, 2016.

Now you know. And knowing is half the battle.


When we announced the discount room rates for the Rio last month, there was some kind of glitch in the Matrix. The first 200 signups were granted a rate even lower than our block rate. The Keymaker at the Rio has agreed to honor this rate for those lucky registrants. He had the Architect explain it to me, but he droned on so long I lost the plot. What I can confirm is that the 200th registration was reached, the anomaly was smoothed over and real-world rates have returned.


Rio Hotel & Casino image

As ever, Fortune favors the bold.

 

The corrected rate (based on occupancy of up to three per room and taxed at 12%) is:
Sunday -Thursday   $119.00
Friday & Saturday $129.00

They charge an extra $30 a night if you add a fourth. Sometimes it's worth it. We don't judge.

Even that rate won't last long – the DEF CON block is about 40% sold. To book now and get the block rate, follow this link. See how deep the rabbit hole goes.

https://resweb.passkey.com/go/SRDEF4


DEF CON Call for Services comic

Got something cool to share on the DEF CON network during DC22? Could be almost anything - a game, a stash of vintage K-Rad textfiles, whatever you think Con goers might wanna download. Submit your idea online, and if it's approved you'll get a couple of bonded gig ports and some promotion in the program and on the site. Sharing is kinda our thing - and we're counting on you to add some fun content. Apply today. Operators are standing by.*

* actual operator count may be as low as zero.


DEF CON on Google+ screen capture

We're starting up a presence on G+. We've got some interesting plans for the specific technologies they employ over there. If you're on G+ (and you probably are), come on over and add us to your circles. We can be found at https://google.com/+DefconOrgplus.


DEF CON 14 Logo

Can't stop, won't stop! New playlist up on YouTube, this time the entirety of DEF CON 14. Over 80 presentations. You can fire it up right now and be edutained for the next two weeks or so.

We'd love it if you'd share the knowledge with anyone you think might benefit. Like, share and be merry.


DEF CON 15 logo

Re-live all DEF CON 15 had to offer on our YouTube channel, we have a new playlist posted for your enjoyment!

Short Story Contest Logo

The DEF CON Short Story Contest is back, and it's already open! No excuses - you have from now until the first of June to get your story in for the chance to win some cool prizes and get your story shared with the whole DC community. Four months to shape your hacker lit masterpiece. Make us proud.

The rules and regulations are all available in the Short Story Contest thread on the DC Forums.


DEF CON 21 Audio Artwork

Good News! Audio from all the presentations at DEF CON 21 is now available as a podcast for those who prefer their DEF CON goodness in a smooth, iTunes-digestible format. Lyric files included on the house. Enjoy and spread the word!

The direct link to the podcast is https://www.defcon.org/podcast/defcon-21-audio.rss


DEF CON Call For Papers header image

It's that time again folks! Polish up those ninja caliber proposals, because The DEF CON Call for Papers is now officially open! Read the announcement and find out what's new, then fill out the CFP form and start down the road to DEF CON glory! Good luck!


DEF CON 21 Audio Artwork

Hear the sweet sounds of hackers imparting their knowledge in the DEF CON 21 audio speeches, now available for download on the DEF CON Media Server, The DEF CON 21 Archive page, or all at once with this handy torrent:

https://www.defcon.org/html/torrent/DEF CON 21 audio.torrent

Also included, and new this year, are .lrc format transcripts which can be used as lyrics files for the audio, Enjoy!


DEF CON 20 Badges

We have seen DC 21 come and go, and after a little rest we all have begun preparing ourselves for DC22. Since we have 7 months until we all meet again in Vegas, I have prepared a fun contest to help you pass the time.

Plus, if you win, you and your team mates will get free badges (8 free badges for 1st, 4 free badges for second) to help offset the costs of attending DC22!

Have fun and happy hacking!

-blak

Read all about the 2014 DEF CON Groups Challenge!


DEF CON 21 Video Artwork

Did you miss DEF CON 21? Do you have a ridiculous amount of hard drive space and like to keep large archives of hacking knowledge? At long last, all of the DEF CON 21 speeches can be found on the DEF CON 21 Archive page, The DEF CON Media Server, or downloaded en masse at these torrents:

https://www.defcon.org/html/torrent/DEF CON 21 video and slides.torrent
https://www.defcon.org/html/torrent/DEF CON 21 slides.torrent

For the fist time ever, we have transcripts of the talks! Use them for closed captioning, read them, or if you are feeling saucy, translate them to other languages and be sure to let us know!

Enjoy!


Image of the Rio Hotel

For those of you that want to get a jump on DEF CON 22, you can now book your room for DEF CON 22 at our discounted rate! Register now and save! We have a special discount for the first 200 reservations made in the DEF CON block. There are still a few left, so jump in now and stay at our host venue for the full DEF CON Experience!


Legitimate Business Syndicate has announced their intention to return as organizers of the Capture the Flag competition! Check out their DEF CON 22 CTF Announcement blog post!

We would like to wish all hackers, geeks, techs, nerds, makers, phreaks, engineers, privacy and security folks the world over a Happy New Year!

2014 will be a year of security battles, with more companies responding to news of their products being used in mass monitoring. Now is the time to get involved!

The IETF is working on the possibility of HTTP 2.0 requiring TLS always, dramatically encrypting more of the Web. Why wait?

  • Enable HSTS on your own sites, enable EDH as well for "perfect forward secrecy"
  • Run a tor server as middle if you don't want to be and exit. This is what we do.
  • Encrypt your email. Don't want to fight with PGP? Then install an S/MIME certificate. IPhones work with them really well too.
  • Encrypt your sms messages. Check out Wickr on Android and iPhone, or try "text secure" on Android, it should be on iPhone soon.

You guys get the idea. Make a resolution to up your defense game in 2014 to make life more difficult for all who would eavesdrop on us - for whatever reason.

Oh, and Hack the Planet™


Just in time for the holidays, we have a long awaited Christmas/Hanukkah/Kwanzaa/Festivus/Solstice/etc. gift for all of you! You can now watch all of the DEF CON 21 talks on YouTube, with or without closed captioning! That's right, go ahead and stream all the hacker-y goodness from this year's DEF CON with your favorite holiday beverage in front of a warm fire! Happy Holidays from all of us at DEF CON!

Well here it is, the biggest one yet! Complete packet captures from Saturday at the DEF CON 21 Capture the Flag competition are now available for torrent! This is a huge one folks, compressed down to 35 gigs from 495, so get those hard drives cleared out and ready!

If you can, leave them seeding for a bit to share the love!


All of you CTF-ophiles out there, rejoice! Complete packet captures from Sunday at the DEF CON 21 Capture the Flag competiton are now available for torrent! Sift through all the data and peer at the inner workings of the contest!

Here's something to be thankful for! We've now posted the complete DEF CON 16 speeches on YouTube to watch at your leisure! Enjoy!

You can now stream all the videos from DEF CON 17 that your heart desires on YouTube, the latest installment to our channel! Enjoy!



DEF CON 19 videos are now live on YouTube for your streaming pleasure. We hope you enjoy these videos, and if you do please "like" them. Comments are open, so feel free to leave feedback, or start a conversation.

The massive upload has begun! We are currently in the process of uploading all of the DEF CON video from past years to our YouTube Channel, and we begin with DEF CON 20! We're getting them up en masse and processed as we speak, and will be releasing them as we finish each show. Next up will be DEF CON 19. We hope you will enjoy them!

DEF CON 20 Presentations - Video + Slides playlist on Youtube


The team over at Legitimate Business Syndicate is getting a jump on things for DEF CON 22, and have announced their tentative dates for the 2014 CTF Quals! The 2014 Quals will be held Midnight May 17 to Midnight May 19, 1400284800 to 1400457600. Keep an eye on https://legitbs.net for all of their updates, and for links to the LegitBS Blog and twitter feed!

Have you never been to DEF CON or just want to re-live the precious memories from DEF CON 21? If so, we've posted some picture collections on media.defcon.org at http://media.defcon.org/DEF CON 21/DEF CON 21 pictures/, or if you are of the torrenting sort, you can siphon them down all at once at:

https://www.defcon.org/html/torrent/DEF CON 21 pictures 1.torrent
https://www.defcon.org/html/torrent/DEF CON 21 pictures 2.torrent

Enjoy!


Legitimate Business Syndicate has been gracious enough to provide us with complete packet captures from the DEF CON 21 Capture the Flag contest! A big thanks to them and all the great teams who participated! Here is the first batch of those pcaps, all the traffic from Friday at the con. Saturday and Sunday's will be soon to follow so keep your eyes peeled!

They were also so kind as to include the tools and binaries from the game, which we have also included in a handy torrent file!

You can always find write-ups, file collections, and history of the DEF CON Capture the Flag competition on our CTF Page! Enjoy!


For all of you fine folks out there, we have lovingly compiled the speaker's slide decks and extras from the con CD into the DEF CON 21 Materials RSS feed for your enjoyment! Not only that, but it includes all the updates submitted by the speakers since the con, so you'll have all the latest research! So check it out and grab the stuff you are interested in!

Alternatively, if you just gotta have it all sitting on a hard drive awaiting your whim, We have also posted a torrent and direct download link to the Updated Conference CD!

We've also updated a couple of the large collection torrents, one for the DEF CON CD/DVD collection from all the shows to reflect the addition of DEF CON 21, and another for the Hacker Related Documentaries with the addition of DEF CON: The Documentary.

Check out the following links and enjoy!

DEF CON 21 Hacking Conference Updated CD (Final)
https://www.defcon.org/html/torrent/DEF CON 21 updated hacking conference CD.rar.torrent
https://media.defcon.org/DEF CON Conference CD DVD/DEF CON 21 Updated Hacking Conference CD.rar

DEF CON 21 Hacking Conference Presentations (These are all the presentations
from the speakers, but not the extras folder)
https://www.defcon.org/html/torrent/DEF CON 21 presentations.torrent
https://media.defcon.org/DEF CON 21/DEF CON 21 presentations/

UPDATED Collection of conference CD and DVDs - Now includes DEF CON 21
original and updated CDs
https://www.defcon.org/html/torrent/DEF CON Conference CD DVD Collection 2013.torrent
https://media.defcon.org/DEF CON Conference CD DVD/

UPDATED: Hacking Documentaries hosted at DEF CON - Now includes the DEF CON
Documentary and sneak peek
https://www.defcon.org/html/torrent/DEF CON Hosted hacking related documentaries v2.torrent
https://media.defcon.org/Hacking Related Documentaries/


This may be old news to some of you, but we've noticed a lot of questions in the comments from the last few Facebook posts about where past DEF CON Content resides. We have several outlets:

https://media.defcon.org is a directory browsable repository for all of our past content.

https://www.defcon.org/html/links/dc-torrent.html for all of our torrent files. These are the huge collections for all-at-once downloading

https://www.defcon.org/html/links/dc-archives.html is a portal to our archive pages by year.

These include audio, video, CTF files, artwork and a ton more! So if you didn't know, now you do. Pick your poison and enjoy!


Hey, if you missed it the first time, good news, we've uncovered a box of DEF CON Documentary USB Key Edition Kits with lanyards! They are now available at http://hackerstickers.com/product/defcon-documentary-set/

We've posted a few tasty morsels of early release video for you on the DEF CON YouTube Channel! You can absorb Zoz's talk on Hacking Driverless Vehicles, Mudge's anecdotes of being a hacker inside the government, and Melissa Elliot's research on unintentional radio emissions! Enjoy!

Were you wondering how everyone placed at this year's DEF CON Contests? Wander on over to the DEF CON 21 Contest Results Page for all that have reported back so far!

Now scribed in the book of ages known as the interwebs, is the DEF CON 21 Archive. You'll find links to press, the program, the receipt, and all of the latest updated speaker materials and extras from DEF CON 21. Keep watch on this archive, data from this year's con is still rolling in and it will be updated, as we receive it! Enjoy!

Like any good movie, DEF CON: the Documentary has tons of footage that didn't make the final cut. Now you can enjoy some extra antics, interview footage and other cool stuff from the world's largest hacking conference in the 21 bonus clips we've added to the DEF CON YouTube Channel! If you couldn't get enough of the documentary here is more! Enjoy!

Here's a sweet little bundle of extras from the DEF CON Documentary for your enjoyment, in a couple of handy torrent files!

DEF CON Documentary soundtrack: Check out the music from the artists (Zoe Blade, Broke For Free, Chris Zabriskie, Revolution Void, The Insiders, and others) that made the DEF CON Documentary soundtrack possible! https://www.defcon.org/html/torrent/DEF CON 20 Documentary soundtrack.torrent

DEF CON Documentary extra bonus clips: 21 Extra clips that didn't make the documentary. Interviews, background stories, and past trivia. If you finished watching the DEF CON Documentary wanting more, here it is! https://www.defcon.org/html/torrent/DEF CON 20 Documentary bonus clips.torrent

Don't forget to share the love and leave these seeding for a little while!


Extra! Extra! Read all about it! The DEF CON Press page has been updated with over 200 new articles on DEF CON 21! Sometimes they get it right, and sometimes they get it wrong, but it's all there for your discriminating perusal! Enjoy.

Check out the DEF CON CTF Archive for write-ups and links to the LegitBS Scorebot SQL Dump from this year's Capture the Flag!

Hey all! If you'd like to access DEF CON: The Documentary when you're off your main machine, we now have it posted to the official DEF CON YouTube Channel! English and Japanese subtitles available, with Chinese on the way! Keep watch on this channel in the future for more great content from DEF CON!

DEF CON: The Documentary on Youtube: http://youtu.be/SUhyeY0Fsvw


A hearty congratulations to Plaid Parliament of Pwning for taking this year's CTF crown! Thank you to Legitimate Business Syndicate for running a great game! Head on over to legitbs.net for the scoreboard of this year's Capture the Flag and a wrap up of the event.

Thanks to the huge success of DEF CON's 20th anniversary compilation, we've brought it back again and stepped up our game. This year, we present you with "DEF CON 21: The Official Soundtrack:" 20 tracks of pure nerd fuel for hacking. The compilation features many of the talented acts in attendance at the conference, like BT (seriously!), Faderhead (for real!), and far beyond that with generous submissions from the likes of PANTyRAiD and Gramatik.

As if that wasn't enough, this release is completely free/donation-based, with 100% of the generated revenue going straight to the Electronic Frontier Foundation (EFF / http://eff.org), a 501(c)3 not-for-profit dedicated to protecting our Internet freedoms and privacy.

Get on over to the Gravitas Recordings (the awesome label donating their time, energy, PR skills, and distribution networks to the cause) Bandcamp release page to grab this sonic goodness, check the full track-list, and ***DONATE***!

LINK: http://music.gravitasrecordings.com/album/def-con-21-the-official-soundtrack


Well folks, that's another DEF CON on the books, and it was a great one! We're starting to make it home, and gather contest results, press, content, photos, and everything else from a fantastic DEF CON 21, so keep an eye on this space, our Twitter, and Facebook in the coming days and weeks as it is scribed into the archives!

Big thanks to all of the attendees, You give us the reason to do this every year, and we're ecstatic that you travel to the middle of the desert in the dead of summer to enjoy our gathering! To all of the goons, your tireless efforts and dedication shine year after year as we move through each and every con, thank you all. A big thank you all of those who contribute their time, enthusiasm, knowledge, and talent to DEF CON through speaking, performing, and running contests, events, villages, and parties.

Stay tuned, and we hope to see you all at DEF CON 22!