DEFCON 101 Selected Talks for DC22

DEF CON 101 - The Talk

DEF CON 101 is the Alpha to the closing ceremonies' Omega. It's the place to go to learn about the many facets of Con and to begin your Defconian Adventure. Whether you're brand new or a long time attendee, DC101 can start you on the path toward maximizing your DEF CON Experiences.


Know Aliases : HighWiz, The Dark Lord, Tom Riddle, "The Swamp Fox", The Earl of Grantham, And your excellency sir, (to you).
Known Affliations: The Tribe
Wanted For : Advanced Persistent Trolling, viceregicide, Conspiring with Jesuits, Igniting the Doom of Valyria, Drag Racing the Kessel Run, Putting the Ram in the Rama Lama Ding Dong, Long walks on the beach
May be traveling with : Alan Turing, Karl Möbius, Charles Babbage, the Chilean national soccer team, and a devious pink elephant.
Twitter: @highwiz


Lockheed (@TheLockheed) was in charge of the DEF CON Network Operations Group since DEF CON 4, and in 2013 took over as Chief of Operations for DEF CON (because you never retire from DEF CON, you only get promoted!) Lock has over 25 years of experience in the technology field. He's had jobs ranging from tech writer, mainframe operator, product engineer, product marketing manager, and is currently Sr Director in charge of the Global IT Group for Sony PlayStation Worldwide Studios. He's been in the video game industry for over 10 years and strongly believes his PS4 can kick your XBOX's butt!
Twitter: @TheLockheed


Pyr0 is "that guy" who oversees the Contests, Events, and Villages at DEF CON. He's been attending since DC6 and has been gooning since DC7. He is the founder of Skytalks, one of those 303 peoples, and also proudly reps Security Tribe (RECOGNIZE!). He loves great scotch, good vodka, smart girls, explosives, and big black . . . guns. ALSO:DONGS
Twitter: @lmcomie


Roamer is (as of this writing) the retired Sr. Goon in charge of the DEF CON Vendor Area (let's see how that works out). He has been on DEF CON staff since DEF CON 8. He was the founder of the DEF CON WarDriving contest the first 4 years of it's existence and has also run the slogan contest in the past. Roamer is the guitarist for the Goon Band, Recognize. Although having no actual skills his ability to drink virtually every Goon and attendee under the table has gained him massive prominence in the scene and elevated him to the lofty station you see him in today. When not "working" at DEF CON he is "working" as the Global Information Security Manager and Sr. Enterprise Architect for Sony PlayStation WorldWide Studios.
Twitter: @shitroamersays


LosT mucks around with Defcon on occasion. He is the creator of the Hardware Hacking Village, the LosT@Defcon Mystery Challenge, and for the past few years the Defcon badges and badge challenges. Russ says he's the official Defcon Puzzlemaster, but LosT still doesn't believe him. In his other life LosT enjoys playing the bass and linguistics, among other things. He's also been known to study mathematics, electrical engineering and physics in his spare time.
Twitter: @1o57

One Man Shop: Building an effective security program all by yourself

At past DEF CON events, including DEF CON 101, most of the attendees we’ve encountered were either new to the field of security or had security functions in their job description on top of other job duties such as system administration or programming. The purpose of this talk, which is based on real world experiences, is to introduce a multi-year approach to methodologies, techniques, and tools that will allow someone who may be the sole security staff member for an organization to build an effective security program in a cost effective and resource constrained manner. If security is a process, this will provide a “Step 1” to getting that process started.

Medic (Tim McGuffin)

Tim was voted “most likely to be indicted” by his high school senior class, but has since gone on to gain the trust of large organizations and their executive management, which may or may not be a good thing. He holds a few industry certifications and is a member of a few security organizations, but considers his insomnia and attention deficit problems far more important to his career.
Twitter: @NotMedic

Anatomy of a Pentest; Poppin' Boxes like a Pro

Are you excited about hacking and want to be a pentester in the next few years? Let this talk be your guide in understanding what is required to effectively assess a network and all of its associated components. We’ll review subjects ranging from assessment toolsets, environment configurations, timelines, what to do when you’ve accidentally brought down the entire finance department, and how to gently handle the situation when you tell the CIO his baby is ugly.

These techniques and processes can are geared towards to your typical penetration testing processes. The talk has been structured so that not only veterans can benefit from the processes, but the newer/aspiring pentesters can establish a solid foundation for their own work! Hack on.


PushPin is an uptight, perfectionist, who is very rarely content working with idiots and enjoys his Jell-O Pudding cups. He can neither confirm nor deny working for any of the three letter agencies that oversee WMDs, high energy weapons [LASERS, YO], and play around with other countries. It is literally impossible to see him without his laptop at any given time during the day and has been told frequently to put it away in public; otherwise, you’ll find him at work devoid of any form of social life. I hate you all, seriously..
Twitter: @X72

Protecting SCADA From the Ground Up

Industrial Control Systems (ICS) and SCADA are everywhere, whether you know it or not. Not only do they track flow rates and turn signs for businesses, but they also activate fans and dampers for fire protection and control water distribution in your town. You can't count on ICS and SCADA to be completely off the net anymore, they are being networked internally and Internet-facing more and more. Common Enterprise IT security methods and practices don't fully cover these systems, so come and learn how you should architect and protect the infrastructure that keeps the lights on

AlxRogan (Aaron Bayles)

AlxRogan was born and raised in the Oil and Gas industry, and has worked (off and on) there since 1995. He has gooned since DEF CON 12, and is a professional contest participant (CTF, Wardriving, ScavHunt). In his work experience, he has consulted for energy generating companies, health care providers, US and local government, and education/research institutions. He was previously the Information Security Architect for a mid-size oil and gas company in Houston and currently consults (again) on IT, Industrial Control Systems (ICS), and SCADA security. Also, his real name is Aaron Bayles not AlxRogan. Alex Rogan is a Character from The Last Starfighter.
Twitter: @AlxRogan

Standing Up an Effective Penetration Testing Team

Many talks give you information on how to be a better penetration tester. The majority are technical talks on improving techniques or learning new tools. This talk aims to teach the attendees the techniques and pitfalls of putting together a penetration team. It goes beyond identifying the right people to be on the team and the talk explores the concepts of planning, performing and reporting the test. The talk also looks at getting to the root of a client’s problem and how to be paid to return.

Wiseacre (Mike Petruzzi)

Mike Petruzzi has been hacking managers for over 25 years. Mike is a Senior Cyber Security Penetration Testing Specialist working at the Department of Energy for the last 6 years. Yup, that's the title he was given. Prior to that, he worked at SAIC for five years performing penetration tests, risk assessments and certification and accreditation. Naturally, he got all his IT experience as the result of selling beer, wine and liquor. He has tricked everyone into believing that he can do anything at all.
Twitter: @wiseacre_mike

The Monkey in the Middle: A pentesters guide to playing in traffic. (Youtube Video)

Prank your friends, collect session information and passwords, edit traffic as it goes by.. become the Monkey(man)-In-The-Middle and do it all…

This presentation will teach you a penetration testers view of man in the middle (MITM) attacks. It will introduce the tools, techniques and methods to get traffic to your hosts. Demonstrations of the tools and methods involved will be presented. Come learn new and interesting ways to prank your friends, experience the all porn internet (redux), learn what mallory is and how to use it, learn how to direct traffic to your proxy, deal with SSL and certificates in interesting ways, and make sure you go (mostly) undetected.

Anch (Mike Guthrie)

Anch is the lead for the Chickasaw Nation Industries Red Team performing penetration tests, and accreditation's for the public and private sector.

Anch has 11 year’s experience in cyber security. He was the Network Security Architect at a major power administration. At Mentor Graphics he spent time as a network engineer providing enterprise networking, firewall and VPN support for a global network comprising of 72 connected sites worldwide. He has been involved in or lead over 75 penetration tests on over 200 networks.

Anch's background related to control systems is unrivaled in the bulk power generation and transmission areas. During this time he developed unique perspectives on the areas of compliance and regulation in the power industry.
Twitter: @boneheadsanon

RF Penetration testing, your air stinks

The purpose of this talk is to discuss the effective radio frequency (RF) tools, tactics, and procedures that we recommend security professionals use when performing a repeatable RF penetration test. This talk will cover the fundamental processes used to identify the RF within the environment, identify the vulnerabilities specific to that environment, and offer attack methodology to exploit those vulnerabilities.

This talk will cover the hardware and software that we recommend for users just starting out all the way from N00bz to l33t hax0rs.

To provide some hands on experience with RF penetration testing, we have developed the Wireless Capture the Flag (WCTF) in the Wireless Village at DefCon.

We will provide an over view of this contest designed to test your skills, and give you a shooting range to practice and compete, and level of experience doesn’t matter, the willingness to learn will get you much further.

RMellendick (Rick Mellendick)

RMellendick builder and breaker of RF things, inventor of the WCTF, defender of good and evil depending on your perspective, spends way too much time with his head in the air, sniffing the RF. And of course his last name is still MELLENDICK.
Twitter: @rmellendick

DaKahuna (John Fulmer)

By day he supports a large government agency reviewing and criticizing network and security architectures, advising on matters related to information assurance and information security policies, standards and guidance. By night he enjoys snooping the Ether be it the amateur radio bands or his neighbors wireless networks. In his off time he can be found on the pistol or rifle range enjoying the smell of burnt gunpowder. He is a father of two, grandfather or three, a 24 year Navy veteran, holder of an amateur radio Extra Class license and a staunch supporter and exerciser of his 2nd and 4th rights.

The Making of DEFCOIN

If the Juggalos can do it why can't we? We will discuss what it took to create DEFCOIN, the pitfalls we ran into along the way, how many times we had to reset the block chain before release (oops) and even what a block chain and other funny words like that mean. Come learn the basics of crypto-currencies, what they are, how they work and watch us attempt to show how real money and electricity is converted to fake money and heat. | @defcoin

Xaphan (Jeff Thomas)

Xaphan is a "Senior Cyber Security Penetration Testing Specialist" for the US Department of Energy. He has been a penetration tester for 16 years, but maintains his sanity with a variety of distractions. This is his 15th defcon, but the first time he has done ANYTHING that requires effort or commitment while in Las Vegas.
Twitter: @slugbait

Beaker (Seth Van Ommen)

Beaker is an odd creature even by DEF CON standards. If Hunter S Thompson, Tesla, and a spork had a love child this would approximate the Beaker. He’s spent his working life diddling computers for various organizations from early startups to three letter agencies and is still amazed this produces a paycheck. Beaker is known for mixing interesting chemicals within Beaker which often results in projects of unlikely completion
Twitter: @swordofomen

Anch (Mike Guthrie)

Anch is the lead for the Chickasaw Nation Industries Red Team performing penetration tests, and accreditation's for the public and private sector.

Anch has 11 year’s experience in cyber security. He was the Network Security Architect at a major power administration. At Mentor Graphics he spent time as a network engineer providing enterprise networking, firewall and VPN support for a global network comprising of 72 connected sites worldwide. He has been involved in or lead over 75 penetration tests on over 200 networks.

Anch's background related to control systems is unrivaled in the bulk power generation and transmission areas. During this time he developed unique perspectives on the areas of compliance and regulation in the power industry.
Twitter: @boneheadsanon

Oh Bother, cruising the internet with your honeys
Creating Honeynets for tracking criminal organizations.

Bandwidth, computing power, and software advancements have empowered hackers to quickly scan for and exploit services across the Internet. While this is a major issue, it does allow researchers to track criminal activity with strategically placed honeypots that lure and trap criminals, allowing organizations to put that information to use improving network security. This talk will outline how to use DDoS vulnerable services to develop a honeypot network that will extract valuable information from the Internet and produce a data feed that can be used to protect online assets with kibana, elasticsearch, logstash, and AMQP.

Terrence Gareau

As A10 Networks’ Principal Research Scientist, Terrence Gareau leads the company’s security engineering and response team tasked with providing A10 customers in-depth DDoS research and advisories they require to continually improve their network security defenses.

Prior to joining A10, Gareau was Principal Security Architect and the founding member of the PLXsert for Prolexic Technologies. He began his IT security career more than 10 years ago, and has broad expertise in enterprise security and distributed denial of services (DDoS) mitigation, prevention and recovery. Gareau has mitigated some of the Internet’s largest DDoS attacks for both government agencies and private enterprises, and has lead architecture, engineering and research teams, creating solutions to protect client networks, establishing security testing policies, network and digital forensics, and serving as the subject matter expert for multiple private and government organizations.

Prior to Prolexic, Gareau worked for the Food and Drug Administration (FDA) and CNI. A recognized expert in DDoS attack mitigation, Gareau has shared his knowledge at NIH, FDA, DoD, DHS, and other organizations.
Twitter: @kingtuna

Mike Thompson

Mike “The Janitor” Thompson lives in a mushroom bin and not in a box. The Janitor by day, is the Director of Architecture and Engineering for ADC, Cloud (e.g. cumulus, stratus, cirrus, nimbus) and Security for A10 Networks and by night an animal who spits out fire-breathing code for whatever. He worked as a Pen Tester and has provided security-consulting services for many global corporations. The Janitor was part of A10's technical team, which assisted Microsoft as part of the Citadel and Zero Access botnet takedown, is the lead OpenStack Developer and part of the SERT for A10. His favorite pass-times besides being alive are hanging with the fam, building robots and playing with his car. His message to the world "Kiddies ->welfare sucks, grow a brain and learn to code." and "value is like beauty it is solely in the eye of the beholder…put the mirror down when I am talking to you!"

DEFCON the Mystery, Myth and Legend

It's hard to throw a stone these days without hitting a security/hacking conference. But, when every year the Las Vegas Metro SWAT Team stages for an interdiction of your convention, you know you have something "different". From crawling through Air Ducts to surreptitiously "acquiring" telco equipment, these are the stories of DEF CON you don't often hear about. The stories of yesteryear that not only helped shape defcon but also the people who make up today's hacker and infosec communities at large. DEF CON is the event that helped spawn a generation of hackers and changed the landscape of information security. So come join us for a trip down memory lane as we reveal some of the secrets and stories of what architected the mystery, myth and legend of the hacker community you see today... Now that the statues of limitation have passed.

Panel classified until further notice

Meddle: Framework for piggy-back fuzzing and tool development (Youtube Video)

Towards simplifying the vulnerability fuzzing process, this presentation introduces a moddable framework called Meddle that can be used to piggy-back on existing application’s knowledge of protocol by performing piggy-back fuzzing. Meddle is an open source Windows x86 and x64 user-mode C# application that uses IronPython plugins to provide a familiar interface for fuzzing. Why bother spending time understanding the protocol just to try break it?

Two vulnerability fuzzing attacks using Meddle will be demonstrated - one attacking the open source rdp server XRDP, and the other attacking general driver communications from user-mode processes. Several vulnerabilities found with the XRDP server will be briefly discussed, including two that may be exploited for RCE prior to authentication. These attacks are typically based on a piggy-back application (such as the Remote Desktop Connection Client, mstsc.exe), the piggy-back application performs a benchmarking operation, and then fuzzing begins through a parallel set of the piggy-back instances attacking each event sequentially.

Although originally designed as a vulnerability fuzzing framework, Meddle is well-suited for developing reverse-engineering and malware analysis tools. Two simple tools will be presented based on Meddle, including: 1. A capture tool for communication between usermode processes and kernel mode drivers along with a parser to view the captures in Windows Message Analyzer.
2. Malware sandboxing environment proof-of-concept.
In conclusion, the attendees should be able leave the session with a basic understanding of how to use the Meddle framework as well as their own ideas for tools to develop and targets to attack.

Geoff McDonald

Geoff is an anti-virus researcher working with Microsoft Malware Protection Center with most of his experience in reverse-engineering malware and related vulnerabilities. As a hobby, Geoff can often be found developing reverse-engineering and vulnerability fuzzing tools -some of which can be found on his personal website

USB for all! (Youtube Video)

USB is used in almost every computing device produced in recent years. In addition to well-known usages like keyboard, mouse, and mass storage, a much wider range of capabilities exist such as Device Firmware Update, USB On-The-Go, debug over USB, and more. What actually happens on the wire? Is there interesting data we can observe or inject into these operations that we can take advantage of? In this talk, we will present an overview of USB and its corresponding attack surface. We will demonstrate different tools and methods that can be used to monitor and abuse USB for malicious purposes.

Jesse Michael

Jesse Michael has been working in security for over a decade and is currently a security researcher at a Fortune 50 company who spends his time causing trouble and finding low-level hardware security vulnerabilities in modern computing platforms.

Mickey Shkatov

Mickey Shkatov is a security researcher at a fortune 50 company covering a variety of topics in software, firmware and hardware. He also spend most of his time trying to find new ways to annoy Jesse.

ShareEnum: We Wrapped Samba So You Don’t Have To (Youtube Video)

CIFS shares can tell you a lot about a network, including file access, local administrator access, password reuse, etc.. Until now most people have relied on add-ons to scanning tools to implement Microsoft’s complicated network APIs. Some tools wrap existing clients, such as smbclient, or use RPC calls; however, this is inefficient. What we need is a scanner that utilizes the closest thing we can get to Microsoft’s SMB libraries to scan network shares efficiently and quietly. ShareEnum uses the underlying Samba client libraries to list shares, permissions, and even recurse down file trees gathering information including what is stored in each directory.

Lucas Morris

Lucas is a manager responsible for leading application security assessments and penetration testing services to various clients at Crowe Horwath LLP. Lucas is responsible for developing the methodology infrastructure reviews, penetration testing services and to aid clients in developing strategies for secure technologies within corporate environments. He also focuses on developing new tools, resources, and research within the Crowe Technology Risk consulting group. For the past seven years Lucas has been working on penetration testing, security program design, application security testing, and information security assessment testing annually.

Michael McAtee

Michael is a senior security consultant at Crowe Horwath and responsible for management of Crowe's Security Penetration & Forensics labs. With a passion for programming and security, Michael has been involved in developing security tools for automation and assessment needs at Crowe. Michael's experience includes enterprise Windows administration, enterprise network design, penetration testing, and security consulting and is part of over 35 security engagements annually.

Investigating PowerShell Attacks (Youtube Video)

Over the past two years, we've seen targeted attackers increasingly utilize PowerShell to conduct command-and-control in compromised Windows environments. If your organization is running Windows 7 or Server 2008 R2, you've got PowerShell 2.0 installed (and on Server 2012, remoting is enabled by default!). This has created a whole new playground of attack techniques for intruders that have already popped a few admin accounts (or an entire domain). Even if you're not legitimately using PowerShell to administer your systems, you need to be aware of how attackers can enable and abuse its features.

This presentation will focus on common attack patterns performed through PowerShell - such as lateral movement, remote command execution, reconnaissance, file transfer, etc. - and the sources of evidence they leave behind. We'll demonstrate how to collect and interpret these forensic artifacts, both on individual hosts and at scale across the enterprise. Throughout the presentation, we'll include examples from real-world incidents and recommendations on how to limit exposure to these attacks.

Ryan Kazanciyan

Ryan Kazanciyan is a Technical Director with Mandiant and has ten years of experience in incident response, forensic analysis, and penetration testing. Since joining Mandiant in 2009, he has led incident response and remediation efforts for dozens of Fortune 500 organizations, focusing on targeted attacks, industrial espionage, and financial crime. He has also helped develop Mandiant's investigative methodologies, forensic analysis techniques, and technologies to address the challenges posed by skilled intruders in complex environments. Prior to his work in incident response, Ryan led and executed penetration tests for both private and public-sector clients. His background included red-team operations in Windows and Unix environments, web application security assessments, and social engineering. As a lead instructor and content author for Mandiant's incident response training, Ryan also regularly teaches classes for corporate security teams, federal law enforcement, and at industry conferences.
Twitter: @ryankaz42

Matt Hastings

Matt Hastings is a Consultant with Mandiant, a division of FireEye, Inc. Based in the Washington D.C area, Matt focuses on enterprise-wide incident response, high-tech crime investigations, penetration testing, strategic corporate security development, and security control assessments; working with the Federal government, defense industrial base, financial industry, Fortune 500 companies, and global organizations.
Twitter: @HastingsVT

HTTP cookies are an important part of trust on the web. Users often trade their login credentials for a cookie, which is then used to authenticate subsequent requests. Cookies are valuable to attackers: passwords can be fortified by two-factor authentication and "new login location detected" emails, but session cookies typically bypass these measures. This talk will explore the security implications of how popular browsers store cookies, ways in which cookies can be stolen, and potential mitigations.

David Wyde

David Wyde is a security researcher at Cisco Systems, with a background in web application development. His favorite type of cookie is double chocolate chip, but HTTP cookies are a close second. When he's not working with software, he enjoys playing chess, dodgeball, ping pong, and N64 Super Smash Bros.

An introduction to back dooring operating systems (Youtube Video)

So you want to setup a back door? Have you ever wondered how its done and what you can do to detect back doors on your network and operating systems? Ever wanted to setup a back door to prank a friend?. This presentations will do just that.We will go over the basics of back doors using SSH, NET CAT, Meterpreter and embedding back doors into custom binaries along with the logistics of accessing them after they are in place.


Nemus is a security enthusiast at night and spends his days working in the payment card industry developing RESTFul APIs for bill pay using cash payments. Lance works with open source systems, and enjoys setting up and hardening Linux systems. He has over 11 years of experience working in information technology focusing on system administration and software development and has begun to focus his career on information security. He developed a love for security at Salt Lake Community College after being immersed into it by his professors. Nemus help found the Defcon 801 hackerspace and currently holds the position on the board of directors for 801 Labs, which is the corporation that runs the DC801 hackerspace located in downtown Salt Lake City.
Twitter: @Lost_Nemus

Blinding The Surveillance State (Youtube Video)

We live in a surveillance state. Law enforcement and intelligence agencies have access to a huge amount of data about us, enabling them to learn intimate, private details about our lives. In part, the ease with which they can obtain such information reflects the fact that our laws have failed to keep up with advances in technology. However, privacy enhancing technologies can offer real protections even when the law does not. That intelligence agencies like the NSA are able to collect records about every telephone call made in the United States, or engage in the bulk surveillance of Internet communications is only possible because so much of our data is transmitted in the clear.

The privacy enhancing technologies required to make bulk surveillance impossible and targeted surveillance more difficult already exist. We just need to start using them.

Christopher Soghoian

Christopher Soghoian is a privacy researcher and activist, working at the intersection of technology, law and policy. He is the Principal Technologist with the Speech, Privacy and Technology Project at the American Civil Liberties Union. Soghoian completed his Ph.D. in 2012, which focused on the role that third party service providers play in facilitating law enforcement surveillance of their customers.

Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter! (Youtube Video)

Everywhere you turn it seems that companies are having serious problems with security, and they desperately need help. Getting into information security provides an incredible career path with what appears to be no end in sight. There are so many disciplines that you can choose in InfoSec with the fundamental argument being whether you join Team Red or Team Blue. Most people tend to decide on the Red team and that becoming a professional pentester is the way to go, as it is the most sexy (and typically pays well). However, with bug bounties currently being all the rage and providing a legal and legitimate way to profit off vulnerability research, who really wants to be a pentester, when you can have so much more fun being a bug bounty hunter!

Researcher motivation in the old days and options for making money off of vulnerabilities were much different than today. This talk analyzes the history of selling vulnerabilities, the introduction of bug bounties, and their evolution. We cover many facets including the different types of programs and the ranges of money that can be made. We then focus on researchers, who have currently chosen the bug bounty hunter lifestyle and provide details on how to get involved in bug bounty programs, which likely pay the best, and which vendors you may want to avoid. What constitutes a good bug bounty program that makes it worth your time? What do you need to know to make sure that you keep yourself out of legal trouble?

Ultimately, we’ll provide thoughts on the value of bug bounties, their future, and if they can be a full-time career choice instead of a more traditional position such as pentesting.

Jake Kouns

Jake Kouns is the CISO for Risk Based Security and the CEO of the Open Security Foundation, that oversees the operations of the and Mr. Kouns has presented at many well-known security conferences including RSA, DEF CON, CISO Executive Summit, EntNet IEEE GlobeCom, FIRST, CanSecWest, SOURCE and SyScan. He is the co-author of the book Information Technology Risk Management in Enterprise Environments, Wiley, 2010 and The Chief Information Security Officer, IT Governance, 2011. He holds both a Bachelor of Business Administration and a Master of Business Administration with a concentration in Information Security from James Madison University. In addition, he holds a number of certifications including ISC2's CISSP, and ISACA's CISM, CISA and CGEIT.
Twitter: @jkouns

Carsten Eiram

Carsten Eiram is the Chief Research Officer of Risk Based Security and previously worked 10 years for Secunia, managing the Research team. Carsten has a reverse engineering background and extensive experience in the field of Vulnerability Intelligence, referring to himself as a vulnerability connoisseur. He has deep insights into vulnerabilities, root causes, and trends, and is also an avid vulnerability researcher, having discovered critical vulnerabilities in high-profile products from major vendors including: Microsoft, Adobe, Symantec, IBM, Apple, Novell, SAP, Blue Coat, and Trend Micro. Carsten has been interviewed for numerous news articles about software security and has presented at conferences such as FIRST Conference, RSA Conference, DEF CON, RVAsec, as well as keynoting Defcamp 2013. He is also a regular contributor to the "Threat of the Month" column in SC Magazine, a credited contributor for the "CWE/SANS Top 25 Most Dangerous Software Errors" list, and member of the CVE Editorial Board and FIRST VRDX-SIG.
Twitter: @CarstenEiram

Bug bounty programs evolution (Youtube Video)

Bug bounty programs became a hype in the past 3 years, but actually this concept was widely implemented in the past. Nowadays, we can see big companies spending a lot of money on these programs, while understanding that this is the most right way to secure software. However, there are lots of black spots in these programs, which most of you not aware to, such as handling with black hat hackers, ability to control the testers etc. Henceforth, this presentation explains the current behaviors around these programs and predicts what we should see in the future.

Nir Valtman

Nir is employed in NCR Corporation as Enterprise Security Architect of NCR Retail, and also works as co-founder and CTO in his start-up company, Crowdome. Before the acquisition of Retalix by NCR, Nir was the Chief Security Officer of R&D in the company. As part of his previous positions in the last decade, he was working as Chief Security Architect, Senior Technology Consultant, Application Security Consultant, Systems Infrastructure Security Consultant and a Technological Trainer. During these positions, Nir was not only consulting, but also performing hands-on activities in various fields, i.e. hardening, penetration testing and development for personal\internal applications. In addition, Nir released an open source anti-defacement tool called AntiDef and written a publication about QRbot, an iPhone QR botnet POC he developed. Nir have a BSc in computer science but my but his knowledge is based mainly on cowboy learning and information sharing with the techno-oriented communities.

How to Disclose an Exploit Without Getting in Trouble (Youtube Video)

You have identified a vulnerability and may have developed an exploit. What should you do with it? You might consider going to the vendor, blogging about it, or selling it. There are risks in each of these options. This session will cover the risks to security researchers involved in publishing or selling information that details the operation of hacks, exploits, vulnerabilities and other techniques. This session will provide practical advice on how to reduce the risk of legal action and suggest several approaches to responsible disclosure.

Jim Denaro

Jim Denaro is the founder of CipherLaw, a Washington, D.C.-based consultancy and focuses his practice on the legal, technical, and ethical issues faced by innovators in information security. Jim is a frequent speaker and writer on legal issues in information security and has experience in a wide range of technologies, including intrusion detection and prevention, botnet investigation, malware discovery and remediation, and cryptography. Jim is a regular consultant on responsible disclosure policies and is involved in programs to shield researchers who disclose responsibly.

Jim has completed professional coursework at MIT and Stanford in computer security and cryptography. He also holds technical certifications from the Cloud Security Alliance (CCSK) and Cisco Systems (CCENT), and has passed the CISSP examination (pending certification). Before becoming an attorney, Jim spent obscene amounts of time looking at PPC assembly in MacsBug.
Twitter: @CipherLaw

Tod Beardsley

Tod Beardsley is engineering manager for the open source Metasploit project, as well as one of the core developers on the framework. His background is primarily in intrusion prevention, vulnerability assessment and identification, anti-fraud/anti-phishing countermeasures, penetration testing and compliance auditing, intrusion detection and response, protocol analysis, and host hardening. He is also interested in computer crime forensics and recovery, reverse engineering and binary analysis, steganographic communication channels, and cryptography in general.

Tod’s technical specialties include protocol analysis and reverse engineering, intrusion detection and prevention, phishing and online fraud, open source software engineering collaboration, and application vulnerability research and exploitation.
Twitter: @todb

Practical Foxhunting 101

The basic skills needed to quickly locate wireless emitters are easy to learn and no special equipment is required. Despite this, relatively few people have the know-how to put their equipment to work locating emitters as part of penetration testing, RF environment mapping, or tracking their geriatric neighbors using the emanations from their pacemakers. In this talk, you'll learn simple techniques for finding wireless emitters in the environment using readily-available equipment, and how to select and configure foxhunting gear. You'll also get a brief introduction to some more-advanced topics and techniques.


SimonJ is a wireless communications software and systems engineer with 15 years professional experience. He has spent the majority of his career working on esoteric wireless communications for even-more-esoteric purposes, including RF emitter geolocation. He won both the foxhunting challenges in the WiFi Pentathlon at DEFCON 21 using nothing but an unrooted Android tablet, and wants more of a challenge this year.

Touring the Darkside of the Internet. An introduction to Tor, Darknets, and Bitcoin. (Youtube Video)

This is an introduction level talk. The talk itself will cover the basics of Tor, Darknets, Darknet Market places, and Bitcoin. I will start by giving the audience an overview of Tor and how it works. I will cover entry nodes, exit nodes, as well as hidden services. I will then show how you connect to Tor on both Linux/OSX and Windows and demo it off. Once we are connected to Tor, I am going to show how to find Tor hidden services and then demo off browsing around some marketplaces. Once the audience has a solid grasp on what the market places offer, I am going to start dealing the process of purchasing something off of it. I will cover bitcoin and bitcoin mining. After we know about how bitcoin works, we will cover purchasing items. I will cover purchasing PO Box's and the pickup of packages. Finally I will finish up with some concerns you may want to be aware of and my recommendations to help make the use of TOR, Bitcoin, and Marketplaces more secure.


As a infosec professional by day, Metacortex much prefers his hacker by night persona. Most of his free time time is spent helping run both DC801 and the Salt Lake City based HackerSpace 801 Labs. He loves talking about anything hacking related and does everything he can to help promote and build the northern Utah hacking community.
Twitter: @metacortex


Grifter has been a DEF CON Goon for 14 years. He is currently the Senior Goon in charge of DEF CON Evening Event space and the DEF CON Villages. In previous lives he served as a Security, Vendor, and Skybox Goon, Coordinator of the DEF CON Movie Channel, former Organizer of the Scavenger Hunt, and Administrator of the DEF CON Forums. He birthed the idea of the DEF CON Villages and DC Groups into the world, and he's not sorry about it.

Grifter has spoken at DEF CON numerous times, as well as related Hacker, Security, and Industry conferences. He has co-authored several books on various information security topics, and has somehow found a way to convince people to give him money for what he keeps inside his head.(The technical stuff, not the dirty stuff…yet.) He uses this money to provide food and shelter for his family in Salt Lake City, Utah, where he is an active part of DC801, and a founding member of the 801 Labs hackerspace.
Twitter: @Grifter801

Diversity in Information Security (Youtube Video)

Discussion from the point of view of a diverse panel of leading representatives currently in or thinking of becoming part of the Information Security industry. This panel will give you insight to the evolutionary landscape of diversity in the hacking community. We will present statistical evidence showing the lack of sub-culture representation in the hacking community and while these numbers have been decreasing we can still work to encourage cultural variance. By analyzing how diversity is critical to improving the information security industry we will explore positive approaches to encourage recruiting and retention of deficient subcultures, removing of unconscious bias’ and discouraging inclusiveness, and introduce the audience to a wide variety of existing support structures. There will be no witch hunt here, there will be no judgement, only information. All of this and more will be answered with open and honest dialogue into one of the most controversial issues currently within our community.

Jennifer Imhoff-Dousharm

Lil Jinni is currently a student of informatics and network security. She is a primary coordinator for Vegas 2.0 and co-founder/principal of the Cuckoo's Nest hacker space. She is an affiliate member of NCWIT and avid participant in many local women in tech groups. When not studying, planning theSummit fundraiser, or herding hackers, she spends her free cycles as a Curiosity Hacked guild leader and Kitchen OverLord contributor.
Twitter: @lil_jinni

Sandy “Mouse” Clark

Sandy Clark (Mouse) is a security researcher and part-time Phd. candidate in the Distributed Systems Lab at the University of Pennsylvania and is advised by Matt Blaze and co-advised by Jonathan Smith. Her research focuses on understanding the mechanisms involved in the computer security Arms Race, and in modeling the cyber-security eco-system. Early in her career, she wrote the back-up flight control computer for the US Air Force F-16 aircraft, and a gate-level software simulator for NASA), after several years as a sys-admin for Princeton University, she ended up in the hacker community. It was at a hackercon that someone introduced her to Matt Blaze and he invited her to come hang around his lab at Penn. Her first project was breaking wiretap systems and with its success and after much encouragement and mentoring, she got the courage to enroll as a student. It is taking much longer for her to get her degree than she thought (going back to school is hard as a grownup), but definitely worth it!

Kristin Paget

Princess Kristin hacks hardware, software, networks, radios, people, the law, herself, and society - and she’s still getting warmed up. She’s been hacking things ever since she heard that POKE 35136,0 gave her infinite lives in Manic Miner, and she's truly thrilled to be returning to Def Con after taking a couple of years off the speaking circuit to de-anonymize her brain.


Hacker, Photographer and conference addict. Jolly has previously been a back to back winner of Hacker Fortress. In the past 2 years he has not stayed in any one place more than 11 days. His team, Jolly and Friends, has won Capture the Flag. Avid health nut. Loves taking advantage of vendors easy contests to win prizes at conferences.
Twitter: @Jolly


Carl "Vyrus" Vincent is a self-proclaimed nerd who learned to build radios from his grandfather, a fellow nerd who worked in the aerospace industry. Carl first attended Def Con as a teenager and earned money doing small IT projects while still in high school. Today he his an independent security consultant.
Twitter: @vyrus001

Scott Martin

Scott Martin is currently CIO of Spikes Security and formerly the Director of Firewall Operations for Symantec Corporation. He works throughout the Silicon Valley advising various startups and is the Committee Chair for Donations and Community Outreach for Vegas 2.0

Around the world in 80 cons (Youtube Video)

After spending 15 years in the hacker / InfoSec community, I thought it was time to pause and look back upon all I have seen, everywhere I have been, all the people I met and everything I have learned. And then share some of that knowledge with people to hopefully help them have a leg up moving forward. More importantly, compare and contrast my experiences and perspectives with statistics we commonly see based on attacks and the countries of origin. Statistics tell one story, perspective tells the other. This is a talk on perspectives. Hackers, and hacking, are perceived differently around the world and, in turn, some view our community and what we do with different eyes than ours. I believe most reports/papers we (Americans) see about that topic are skewed and never give an accurate global image. Taking a very small dose of reality and comparing it to what we're subjected to, is interesting.

Being a foreign hacker attending a con, or delivering an engagement, in an alien land often led to unexpected situations that I will also share. I will also share while searching for diversity in our global hacking culture I found things that united us more than you would expect. I show how no matter what region of the planet you come from we face a threat we all need to face and overcome.

Jayson Street

Jayson E. Street is an author of “Dissecting the hack: The F0rb1dd3n Network” from Syngress. Also creator of He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street” *He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006. ;-)
Twitter: @jaysonstreet

You're Leaking Trade Secrets (Youtube Video)

Networks don't need to be hacked for information to be compromised. This is particularly true for organizations that are trying to keep trade secrets. While we hear a lot about personal privacy, little is said in regard to organizational privacy. Organizations, in fact, leak information at a much greater rate than individuals, and usually do so with little fanfare. There are greater consequences for organizations when information is leaked because the secrets often fall into the hands of competitors. This talk uses a variety of real world examples to show how trade trade secrets are leaked online, and how organizational privacy is compromised by seemingly innocent use of The Internet.

Michael Schrenk

Michael Schrenk is an online Business Intelligence Specialist, who has developed industrial webbots and botnets for the past twenty years. He is a five-time DEFCON speaker, including last year's talk, “How my Botnet Purchased Millions of Dollars in Cars and defeated the Russian Hackers”. Mike is also the author of “Webbots, Spiders, and Screen Scrapers”, 2nd Edition (2012, No Starch Press, San Francisco).
Twitter: @mgschrenk

Instrumenting Point-of-Sale Malware - Communicating Malware Analysis More Effectively (Youtube Video)

The purpose of this talk is to promote the adoption of better practices in the publication and demonstration of malware analyses. For various reasons, many popular analyses of malware do not contain information required for a peer analyst to replicate the research and verify results. This hurts analysts that wish to continue to work more in-depth on a sample, and reduces the value of such analyses to those who would otherwise be able to use them to learn reverse engineering and improve themselves personally. This paper and talk proposes that we borrow the concept of “executable research” by supplementing our written analysis with material designed to illustrate our analysis using the malware itself. Taking a step beyond traditional sandboxes to implement bespoke virtual environments and scripted instrumentation with commentary can supplement written reports in a way that makes the analysis of malware more sound and useful to others.

As a case-study of this concept, an analysis of the recent high-profile point-of-sale malware, JackPOS is presented with enough information to replicate the analysis on the provided sample. A captured command-and-control server is included and Python-based harnesses are developed and presented that illustrate points of interest from the analysis by instrumenting the execution of the malware itself.

Wesley McGrew

Wesley McGrew is an assistant research professor at Mississippi State University's Department of Computer Science and Engineering, where he works with the newly formed Distributed Analytics and Security Institute. He recently earned a Ph.D. in computer science for his research in vulnerability analysis of SCADA HMI systems. He also lectures for the MSU National Forensics Training Center, which provides free digital forensics training to law enforcement and wounded veterans. In the spring 2013 semester, he began teaching a self-designed course on reverse engineering to students at MSU, using real-world, high-profile malware samples, as part of gaining NSA CAE Cyber Ops certification for MSU. Wesley has presented at Black Hat USA and DEF CON, and is the author of penetration testing and forensics tools that he publishes through his personal/consultancy website,
Twitter: @McGrewSecurity

Detecting Bluetooth Surveillance Systems (Youtube Video)

Departments of Transportation around the country have deployed "little white boxes" -- Bluetooth detectors used to monitor traffic speeds and activity. While they're supposedly anonymous, they detect a unique ID from every car and phone that passes by. In this presentation explore the documentation on these surveillance systems and their capabilities, then build a Bluetooth detector and recorder out of less than $200 of open-source hardware and software, as well as turn it on the surveillance system and try to detect and map the detectors as well.

Grant Bugher

Grant Bugher has been hacking things since the early 90's and working in information security for the last 9 years. He is currently a security architect for a cloud computing company, and has previously been a program manager and software engineer on a variety of developer tools and platforms. He is a prior speaker at BlackHat USA and a frequent DefCon attendee. Most of his work and research is on cloud computing and storage platforms, application security, and defending web-scale applications.
Twitter: @fishsupreme

Android Hacker Protection Level 0 (Youtube Video)

Obfuscator here, packer there - the Android ecosystem is becoming a bit cramped with different protectors for developers to choose. With such limited resources online about attacking these protectors, what is a new reverse engineer to do? Have no fear, after drinking all the cheap wine two Android hackers have attacked all the protectors currently available for everyones enjoyment! Whether you've never reversed Android before or are a hardened veteran there will be something for you, along with all the glorious PoC tools and plugins for your little heart could ever desire.

Tim Strazzere

Tim "diff" Strazzere is a Lead Research and Response Engineer at Lookout Mobile Security. Along with writing security software, he specializes in reverse engineering and malware analysis. Some interesting past projects include having reversing the Android Market protocol, Dalvik decompilers and memory manipulation on mobile devices. Past speaking engagements have included DEFCON, BlackHat, SyScan, HiTCON and EICAR.
Twitter: @timstrazz

Jon Sawyer

Jon "Justin Case" Sawyer - 31 yr old father of four, and CTO of Applied Cybersecurity LLC. Jon likes to spend his nights with a fine (cheap) glass of wine, writing exploits for the latest Android devices. When not researching vulnerabilities or writing exploits, he dabbles in dalvik obfuscation.
Twitter: @teamandirc

Is This Your Pipe? Hijacking the Build Pipeline (Youtube Video)

As developers of the web, we rely on tools to automate building code, run tests, and even deploy services. What happens when we're too trusting of CI/CD pipelines? Credentials get exposed, hijacked, and re-purposed. We'll talk about how often and what happens when people leak public cloud credentials, how some are protecting themselves using encrypted secrets, how to bypass protections against leaking decrypted secrets and how to turn their Jenkins into your own butler. Come hijack credentials out of repositories, steal hidden and encrypted secrets using builds, and hijack infrastructure via their continuous deployment.

Kyle Kelley

Kyle Kelley writes software, sneaks in security tomfoolery, and dabbles in as many open source projects as possible. During the day he writes code, builds systems, and helps developers with APIs and SDKs, infrastructure design, and not hanging themselves in the clouds. On the side he does ops and dev work for various open source projects, including their build infrastructure and public facing sites. He loves strange bugs.
Twitter: @rgbkrk

Greg Anderson

Greg Anderson is a Software Security Engineer at Rackspace. He likes to find different ways to poke things and watch them fall over. Breaking things in automation over large scale server deployments is his forte.

AWS for Hackers

What tool does every hacker need in their toolset? The entire goddamn giant that is Amazon in their back pocket. AWS is an extremely useful tool for anyone from early noobs just getting their feet wet to seasoned veterans who will become even more kickass. All you need to get started is an internet connection and some keys. Also, CLOUD, there, I said it motherfuckers.

Beaker (Seth Van Ommen)

Beaker is an odd creature even by DEF CON standards. If Hunter S Thompson, Tesla, and a spork had a love child this would approximate the Beaker. He’s spent his working life diddling computers for various organizations from early startups to three letter agencies and is still amazed this produces a paycheck. Beaker is known for mixing interesting chemicals within Beaker which often results in projects of unlikely completion
Twitter: @swordofomen

Paging SDR... Why should the NSA have all the fun?

Remember pagers? Those things the dealers used in the first season of The Wire? Did you know that people still use them? Sure you may have turned off that old pager and put in your desk drawer, but that doesnt mean the back end infrastructure was turned off. We decided to find out what kind of unencrypted information was still being broadcast on these networks.

This talk will cover the basics of POCSAG decoding using cheap SDR dongles and free software. We will also present examples of the kind of unencrypted data that is still being broadcast through the regional and national pager.

Xaphan (Jeff Thomas)

Xaphan is a "Senior Cyber Security Penetration Testing Specialist" for the US Department of Energy. He has been a penetration tester for 16 years, but maintains his sanity with a variety of distractions. This is his 15th defcon, but the first time he has done ANYTHING that requires effort or commitment while in Las Vegas.
Twitter: @slugbait

n00bz (Jason Malley)

n00bz (or his n00bzness or el n00berino if you’re not into the whole brevity thing) pays the bills by working for a F100 company doing Compliance and IT Security Globally by way of Wall Street and D&T. He grew up tying up phone lines across South Florida with his Bosun whistle. His love for all things wireless are due to his love of software defined radio and hatred of getting up to change the TV channel when the remote was lost. He has spoken at DEF CON, HackMiami (%27), DerbyCon and when advised of his right to remain silent, plead the fif!
Twitter: @n00bznet

In the forest of knowledge with 1o57

Dashing and daring
Courageous and caring
Faithful and friendly
With stories to share
All through the forest
He sing's out in chorus
Marching along
As his songs fill the air

You best beware
Bouncing here and there and everywhere
High adventure that's beyond compare
LosT will be there

Magic and mystery
Are part of his history
Along with the secret
Of mystery juice
His legend is growing
He takes pride in knowing
He'll fight for what's right
In whatever he'll do


LosT mucks around with Defcon on occasion. He is the creator of the Hardware Hacking Village, the LosT@Defcon Mystery Challenge, and for the past few years the Defcon badges and badge challenges. Russ says he's the official Defcon Puzzlemaster, but LosT still doesn't believe him. In his other life LosT enjoys playing the bass and linguistics, among other things. He's also been known to study mathematics, electrical engineering and physics in his spare time.
Twitter: @1o57

Data Protection 101 - Successes, Fails, and Fixes

Don't be a Target! How do you protect your organization's data assets? If you're dealing with customers you will likely have their personally identifiable information (PII). Even if you don't have customer data, your HR department will definitely have employees' personal data. What about other sensitive documents like source code, business strategy, etc.?

If you're new to Data Protection (a.k.a. Data Loss Prevention), this presentation will walk you through the basics of how to set up your own successful program. We will also walk through other techniques beyond traditional Data Protection that will enhance your security posture.

PTzero (Peter Teoh)

Peter Teoh was thrust into the world of data protection in 2010. After learning how to spell DLP, he went on to successfully design and build his company's data loss prevention program from scratch. He is a jack of all trades at heart having implemented firewalls, DNS/DHCP services, email systems, web proxies, and VPNs, among other things. This is his fourth year at DEF CON and first year presenting.
Twitter: @pteoh

Home Alone with localhost: Automating Home Defense (Youtube Video)

Home automation is everywhere, and so are their exploits. This presentation will go over a brief history of home automation techniques, cover modern technologies used today, detail some of the current exploits used against modern automation and security systems, and give examples on how to defend against them. You'll be provided with the knowledge necessary to build your own home-Skynet system- complete with passive and active defenses against physical and wireless attacks. If you like Raspberry Pis, RF hacks, dirty soldering jobs, and even dirtier code, then this is your talk.

Chris Littlebury

Chris Littlebury is a Senior Penetration Tester with Knowledge Consulting Group (KCG). He enjoys hardware hacking, turning wrenches, and opportunities to combine the two. He also claims to have created the first Raspberry Pi-powered, wireless BBQ smoker.

Dropping Docs on Darknets: How People Got Caught (Youtube Video)

Most of you have probably used Tor before, but I2P may be unfamiliar. Both are anonymization networks that allow people to obfuscate where their traffic is coming from, and also host services (web sites for example) without it being tied back to them. This talk will give an overview of both, but will focus on real world stories of how people were deanonymized. Example cases like Eldo Kim & the Harvard Bomb Threat, Hector Xavier Monsegur (Sabu)/Jeremy Hammond (sup_g) & LulzSec, Freedom Hosting & Eric Eoin Marques and finally Ross William Ulbricht/“Dread Pirate Roberts” of the SilkRoad, will be used to explain how people have been caught and how it could have been avoided.

Adrian Crenshaw

Adrian Crenshaw has worked in the IT industry for the last seventeen years. He runs the information security website, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He did the cert chase for awhile (MCSE NT 4, CNE, A+, Network+. i-Net+) but stopped once he had to start paying for the tests himself. He holds a Master of Science in Security Informatics, works for TrustedSec as a Senior Security Consultant and is one of the co-founders of Derbycon.
Twitter: @irongeek_adc

Reverse Engineering Mac Malware

Dynamic malware reverse engineering helps forensic analysts and reverse engineers gather quick data points such as callout domains, file download URLs or IP addresses, and dropped or modified files. These methods have long been used on Windows why not Mac malware? This presentation introduces the audience to methods, tools, and resources to assist reversing Mac binaries with a Mac. Topics include Mach-O file format, virtualization, analysis VM setup, and various analysis tools (native and 3rd-party). This presentation is intended for those familiar with dynamic analysis (with a touch of static thrown in) or for those reverse engineering masters of the Windows executable to get a introductory idea of how to start analyzing Mac malware.

Sarah Edwards

Sarah is an senior digital forensic analyst who has worked with various federal law enforcement agencies. She has performed a variety of investigations including computer intrusions, criminal, counter‐intelligence, counter-narcotic, and counter‐terrorism. Sarah's research and analytical interests include Mac forensics, mobile device forensics, digital profiling and malware reverse engineering. Sarah has presented at the following industry conferences; Shmoocon, CEIC, Bsides*, TechnoSecurity, HTCIA and the SANS DFIR Summit. She has a Bachelor of Science in Information Technology from Rochester Institute of Technology and a Masters in Information Assurance from Capitol College. Sarah is the author of the new SANS Mac Forensic Analysis Course - FOR518.
Twitter: @iamevltwin

Other Sites