Published: Wed, 22 Mar 2017 10:41:59 -0700
Last Build Date: Wed, 22 Mar 2017 10:41:59 -0700Copyright: ©1992-2014 DEF CON Communications, Inc. All Rights Reserved except for non-commercial educational purposes only. email if you have questions.
Wed, 22 Mar 2017 10:41:59 -0700
One of the fun perks of staying in the host hotel at DEF CON is access to live, streaming talk content from the comfort of your room. DEF CON TV can really come in handy when a talk is over capacity, or when you need a little breather from the Vegas of it all.
This year, we’re hoping to expand the offering of DEF CON TV beyond the main venue. If you're staying in any of the partner hotels, you’ll not only get our D.C. Group rate, but you get DCTV as well! Huzzah! We’ll keep you informed via social media and the DEF CON 25 website when we have the green light.
Our block rate is sold out at Caesars, but you can still grab it at
We suggest you book promptly to ensure the preferred pricing - these will fill up quickly.
Fri, 17 Mar 2017 03:00:50 -0700
The next stop on the road to DEF CON 25 CTF glory is this weekend's 0OPS CTF. It's a wide open, jeopardy-style event you can learn about at https://ctf.0ops.net. Everybody gets an exciting sleepless weekend of network combat, but the winner gets a spot at the Big Show at DC25. Spring has sprung and the procrastinator's window is slowly closing. Gather your stoutest warriors and get your name in the arena, or forever wish you had tested yourself against the best.
Details and the full quals schedule are at legitbs.net.
Wed, 15 Mar 2017 23:54:36 -0700
Are you an entertainer? A singer of songs, a shredder of licks, a spinner of beats? Have you the skills to keep the sweaty masses in a rumpus till the breaking of dawn? If so, DEF CON has urgent need of your talents.
The DEF CON 25 Call for Entertainers is now live. Fill out the form, prove you have the goods, rock faces off at DEF CON's 25th Anniversary shindig. It's that simple. You've got til June 1 to get our attention.
Fri, 10 Mar 2017 14:16:38 -0800
Pro Tip: if you want to give your CFP submission its best chance, don't wait for the last minute! Get it in early so that reviewers have a chance to give you feedback. If you have a good idea that needs some refinement, we're happy to help you get it right.
Tue, 07 Mar 2017 14:48:58 -0800(image)
For all the details, go to defconbiohackingvillage.com
Sat, 04 Mar 2017 12:57:24 -0800
It’s happening, luminous humans of DEF CON. The hour of our reunion draws closer. All the signs say so. The seasons change, the CFPs begin to sprout, and this year’s DEF CON website goes live.
That’s right - the DEF CON 25 website lives! Burn its address into your heart, your mind, and your browser of choice. As the conference approaches, we’ll fill the site with all the info you need to maximize your DEF CON preparations. Get amped, people. DEF CON’s 25th Anniversary is closer than ever.
Fri, 24 Feb 2017 19:08:43 -0800
Your response to our call for reviewers was much bigger than we expected, so we’re closing it down Monday. Thanks to everyone who offered to help - we’ll be getting in touch with those who’ve been selected. We’ll keep the applications we received on file, and we’ll open this call back up before DEF CON 26.
If you’re still looking for volunteer reviewer opportunities, we encourage you to get in touch with the villages - most of them also field a large number of proposals that might be a perfect match to your expertise.
Thanks to the DEF CON community for always responding to our requests with so much love and enthusiasm. You rule.
Thu, 23 Feb 2017 15:53:51 -0800
DEF CON 25 approaches. It more than approaches. DEF CON 25 looms. It hovers just beyond the near horizon, waiting to be awesome.
One key element of this awesome is all the superfun hackertainment we deliver in the form of Contests, Events, Villages and Parties. And the key element to pulling that together is YOU. All of that fun is 100% community-driven.
Every year we ask the DEF CON community for their best ideas for CON amusements, and we make the best ideas happen. This year, our 25th Anniversary year, we're hoping you're ready to respond and really step things up. Dig deep. Dream big. Seize this moment.
Everything you need to know to put your proposal together is on our CEV page. Go there, get amped, and submit your killer idea.
Let's get epic, people.
Wed, 22 Feb 2017 14:37:27 -0800
Friendly reminder: If you've got any questions about the process of becoming a DEF CON speaker, don't miss the AMA today! Get yourself over to /r/defcon at 6pm PST today and get 'em answered by the DEF CON 25 CFP Review Board.
Get tips on what they're looking for, help with how to present your proposal and general encouragement to bring your ideas to the DEF CON community. Be there.
Tue, 21 Feb 2017 12:56:42 -0800(image)
We're expecting big things from you.
Thu, 16 Feb 2017 14:02:07 -0800
The DEF CON 25 CFP Review Board will be hosting an AMA Wednesday, Feb 22 at 6pm PST. Bring your questions and get yourself up to speed. Meet the team that does the selecting, and learn tips that will give you an edge in getting your talk accepted.
Join us in /r/defcon next Wednesday!
Tue, 14 Feb 2017 13:14:34 -0800
We're seeking specialized CFP Reviewers to join our DEF CON 25 CFP board this year. We have a fairly well rounded board, but we could use a few more to the team. Specifically, we'd like those more specialized in: Cryptography, Malware, Post-exploitation, Reverse Engineering, and Forensics. So if you can open a can of whoop ass with those skills, please apply.
All you have to do is write a cover letter telling us how you've been involved in the DEF CON community, what skills you can bring to the table, and where to find your resume. Please be aware being on the review board is a hard volunteer job. To review you need to spend hours reading submissions and providing feedback. There will be hundreds of emails, so you have to be committed. The reward, however, is having a hand in making DEF CON 25 amazing and the eternal gratitude of hackers all over the world. Which is nice.
Send your entries to email@example.com if you want in.
Thu, 09 Feb 2017 19:47:52 -0800
Pro Tip: DEF CON's eBay store has a 50 dollar price drop on some very stylish waterproof soft-shell jackets! Now there's no excuse for spending one more day in the same boring, skull-free outerwear. Fight the elements and crush the mid-winter blahs with style. Check 'em out !
Thu, 09 Feb 2017 08:46:39 -0800
We're excited to announce that our founder, Jeff Moss, has been named a Commissioner of the brand new Global Commission on the Stability of Cyberspace! The Commission, which will debut at the Munich Security Conference, aims to safeguard the peaceful use of the Internet as volatility and threats from state-level conflict increase.
Jeff joins a team of security and policy luminaries Chaired by Marina Kaljurand, former Foreign Minister of Estonia. The Co-Chairs are former US Secretary of Homeland Security Michael Chertoff and former Deputy National Security Adviser of India Latha Reddy. You can learn more about the GCSC and its mission at cyberstability.org
Fri, 03 Feb 2017 17:09:24 -0800
The Secret Stash is keeping you hacker fresh with more DEF CON 25 wearables! Both the tee and the sticker are custom, exclusive artwork available only from the Stash. Look fly and keep DEF CON close to your heart until we meet again in July!
Wed, 01 Feb 2017 14:20:18 -0800(image)
Luminous humans of the DEF CON community, we interrupt your slow news week to bring you this urgent message:
We realize that's kind of two messages. The common thread is that the machinery of DEF CON 25 awakes from its fitful rest, and it hungers. It hungers for your talk submissions as well as your workshop ideas.
To expedite the annual feeding of this beast, we've created a CFP index page that includes all of the many ways you can submit your work for consideration.
The time is upon us, people. The deadlines will arrive faster than you think. Get your stuff together, whip it into shape and get it in. We are only going to turn 25 once, and we want you to be a part of it.
Mon, 23 Jan 2017 13:18:23 -0800
In 2013, the FBI wanted access to Edward Snowden's encrypted email. Faced with a request for Lavabit's SSL key, founder Ladar Levison instead closed the service. Over 400,000 customers lost access to their accounts. Levison's hardline stance on customer privacy earned him praise from the security community.
Today the service is on the verge of relaunching. It's got brand new architecture, new features and soon, end-to-end encryption.
You can read Kim Zetter's interview with Levison on the Intercept.
For additional background , watch Levison and Stephen Watt discussing Lavabit at DEF CON 22.
Wed, 18 Jan 2017 15:01:45 -0800
The trailer for 'Coded', a new hacker-focused series from Freethink Media, has tons of shots from DEF CON 23. It also contains interview footage with Ladar Levison and Nico Sell. We've only seen the trailer, but It looks promising. Here's the promo blurb: "The data war is in full swing. Foreign governments are hacking major corporations, major corporations are collecting massive amounts of consumer data, and the NSA is listening to all of them. With malevolent hackers on one side and oppressive regimes on the other, data security is as important to the global economy and human rights as free speech and the rule of law. Join us as we profile a new generation of programmers helping consumers and companies alike protect their financial information, their identities, and their freedom."
Wed, 18 Jan 2017 14:44:16 -0800
Gentle reminder: The Secret Stash is back with more DEF CON 25 boss-level swag! Both the tee and the sticker are custom, exclusive artwork available only from the Stash. Get your 2017 look together with a versatile tee - fresh for all situations, from the boardroom to your secret lair.
Sat, 14 Jan 2017 12:25:35 -0800
The early birds have captured all of the on-site worms: Caesars Palace is sold out for DEF CON 25.
Be of good cheer, however. You can still get our discounted room rate at the following nearby properties:
DEF CON 25 is gonna be kind of a big deal, and we want you there. We suggest getting on that reservation post haste. The link for the DEF CON discount is https://resweb.passkey.com/go/SCDEF7 and the time for action is now.
Wed, 11 Jan 2017 19:33:46 -0800(image)
As always, enjoy and pass it on.
Wed, 11 Jan 2017 13:15:01 -0800
Attention all seekers of CTF glory - the qualification season is underway! The solid citizens of the Legitimate Business Syndicate have posted the information you need to get involved on their website at legitbs.net.
If you've got the goods, get in the arena. There's nothing between your squad and Capture the Flag supremacy but air, opportunity and the best players on Earth. Get you some.
Fri, 06 Jan 2017 11:26:11 -0800
Today's treat - a YouTube playlist chock full of SE goodness from the Social Engineering Village at DEF CON 24! All the presentations and a bonus live recording of the Social Engineering podcast. There is much to be learned here, so block off some time.
As always, take what you can use and pass it on. The best defense against the dark arts of SE is exposure and education.
Mon, 02 Jan 2017 16:00:11 -0800
The Secret Stash is back with more DEF CON 25 boss-level swag. Both the tee and the sticker are custom, exclusive artwork available only from the Stash. Get your 2017 look together with a versatile tee - fresh for all situations, from the boardroom to your secret lair.
Mon, 02 Jan 2017 12:20:01 -0800
Happy New Year, DEF CON community! Jayson Street, our DEF CON Groups Ambassador, has some year-end words for everybody from his tastefully appointed secret bunker.
Get amped, radiant humans of DEF CON. 2017 is our Silver Anniversary and big things are in the plan.
As always, if you're not in a DEF CON group, consider joining one. If you can't find one nearby, consider starting one! The infoz are all available at defcongroups.org.
Thu, 29 Dec 2016 10:45:28 -0800
We've got some new stuff in the trusty old DEF CON eBay store for you - including DEF CON 24 Rucksack and Duffel bags and the hit "Jack" soldering Kit from HACKED at the Tribeca Film Festival.
Start the new year right - treat yourself to the very finest of hacker swag!
Fri, 23 Dec 2016 16:10:56 -0800(image)
Join us at Caesars Palace to look back at how we got here, and to imagine together where we go next.
Fri, 23 Dec 2016 14:12:53 -0800
According to CrowdStrike, the Russian hackers known as ‘Fancy Bear’ (recently in the news regarding the US election) or APT28 used a trojanized Android targeting app to geolocate and frustrate Ukrainian artillery.
From the article: “It’s incredible, from a technical point of view, that hackers and hacking can so drastically influence the outcome of military engagements,” Wardle said. “If this is all true, I mean, it would have been a huge, huge advantage for the Russians to be able to geolocate the Ukrainian artillery units...basically in real-time, via an infected Android app. Crazy.”
It’s worth noting that at DEF CON 23 Runa Sandvik and Michael Auger dealt with the possibilities of using connected weaponry against its owners in their talk “Hacking a Linux Powered Rifle”. You can check that presentation out here.
Fri, 16 Dec 2016 23:13:30 -0800
In the spirit of this festive season, DEF CON has a gift for you and your various screenz: wallpapers for everyone!
Designed by our very own Mar Williams and sized to fit many popular devices, these DEF CON 25 wallpapers will make your lock screen the talk of the town!
And while you're admiring your spiced-up mobile, remember that you can still get a T-shirt emblazoned with this very same artwork at teespring.com/defconstash, for the next several days.
Thu, 15 Dec 2016 14:06:46 -0800
Heads up to all the CTF fans out there: the upstanding citizens of the Legitimate Business Syndicate have alerted us to some of the contests that will qualify for the DC25 CTF.
According to the Legitimate Business Syndicate (@legit_bs) Twitter feed, the following contests are confirmed as qualifiers:
Boston Key Party (@BkPCTF)
33C3 CTF (@EatSleepPwnRpt)
If you're not in the dojo getting yourself into tournament shape, it's time to start making better choices.
Thu, 08 Dec 2016 14:23:31 -0800(image)
Like #DEFCON? Like #GoRuck Events? Wanna put them together? Express your interest in the DEF CON/GoRuck Custom! http://buff.ly/2h7Th7F
Wed, 07 Dec 2016 14:22:43 -0800(image)
IoT-enabled botnets are all over the news, but the suspect devices are generally consumer-grade. In today's #internetoftriviallycompromisablethings update, 80 different industrial-tier IP cameras shipped with hard-coded creds, opening them up to all kinds of botnet mischief.
Sony has addressed the issue in the latest firmware updates for these devices, and updating is enthusiastically recommended.
Probably a good reminder that the higher prices for corporate-level gear do not imply better security practices.
If you want to devote some time to educating yourself on the current state of the Internet of Things, we suggest starting with the DEF CON 24 IoT Playlist.
Enjoy, share widely and run the latest firmware.
Mon, 05 Dec 2016 12:59:37 -0800(image)
The December pack is a crisp, fresh DEF CON 25 tee and a high-quality DC25 sticker. The design is courtesy of DEF CON staff artist Mar Williams, created especially for this package. Look sharp, gift like a boss and hide your laptop's shiny metal shame. Rock DEF CON 25 swag like you come from the future.
Wed, 30 Nov 2016 13:45:33 -0800(image)
Watch this space: December 1, DEF CON has something nice for your holiday season. Even if you've been a little naughty.
Wed, 30 Nov 2016 13:58:17 -0800(image)
As always, share widely and give the artists you dig some love.
Fri, 18 Nov 2016 13:30:36 -0800(image)
The new Raspberry Pi hotness is Samy Kamkar's PoisonTap. It's a cheap (like dinner at Arby's cheap) device that pops locked machines fast (like the onset of Arby's regret fast). Samy posted a video demo on YouTube, and you should watch it.
If you dig Samy's style and want to see another of his low-fi, hi-yield hacks, we've got a #defconflashbackfriday video for you - Samy demoing inexpensive car/garage door exploiter 'RollJam' at DC23 in supremely informative and entertaining fashion.
Check it out, pass it on.
Thu, 17 Nov 2016 11:45:31 -0800(image)
DEF CON 24 Speaker Patrick Wardle is back in the news with a warning about Shazam's macOS app. Apparently, turning off the app doesn't stop it from recording.
Which is weird, right?
If reading the article has you looking for a little more of Patrick's insights into macOS security, you can check out his talk 'I've Got 99 Problems, Little Snitch Ain't One.' from DC24.
Fri, 11 Nov 2016 14:01:45 -0800(image)
Limber up your hard drives, my friends. If you seek the motherlode of DEF CON 24 content, look no further than our Torrents page. All the talks in multiple formats? Check. DARPA Cyber Grand Challenge content? Music? CTF files? Check, check, super check. Fire up your preferred netguzzler and get to guzzling. Enjoy, seed and share widely.
Thu, 10 Nov 2016 14:34:32 -0800(image)
More hot playlist action - Internet of Troublingly Hackable Things edition! It's a gourmet selection of talks from the main track and the IoT Village. We recommend pairing it with an overcaffeinated beverage and wired headphones. Learn all you like, then make sure to pass it on.
Wed, 09 Nov 2016 14:56:33 -0800(image)
Today's playlist is the DEF CON 24 Wireless Village Talks. Software Defined Radio, evil access point tricks, BLE hacking - it's all in there. If the wireless ecosystem and the hacking thereof floats your boat, it's time to make an appointment with our YouTube channel and get caught up.
As always, share the love and pass on the knowledge..
Mon, 07 Nov 2016 16:35:12 -0800(image)
Today's DEF CON 24 playlist is called 'AFK'; it focuses on talks that deal with policy and ideas rather than hardware and code. Hacker Law superhero Jennifer Granick's talk on the state of the applicable law is in here, as are the 'Meet the Feds' and 'Ask the EFF' panels. There's a little something for every interest, from the venerable Richard Thieme's talk on the psychological toll of working with secrets to the Bob Ross Fan Club's talk on recognizing and neutralizing propaganda.
Thirteen talks in all, with lots of variety. Block off some time (or just put in headphones) and get yourself some. As always, share the love.
More playlists on the way!
Fri, 04 Nov 2016 12:07:17 -0700(image)
The rollout of DEF CON 24 videos continues with 10 videos with a focus on car hacking. There’s a couple of presentations that deal with the CAN BUS, a deep dive into autonomous cars and even a couple specifically about big rigs. Seven of the ten talks come straight out of the Car Hacking Village!
There’s a weekend coming - maybe it’s time to curl up with a laptop and get up to speed on the rapidly expanding world of automotive hacking. As always, enjoy and pass it on.
Big playlist coming Monday!
Thu, 03 Nov 2016 15:38:32 -0700(image)
Today we begin the rollout of the DEF CON 24 talks with a very diverse playlist of crypto and privacy focused presentations.
From the main tracks we have Ladar Levison on compulsory decryption and Nate Cardozo on the State of Crypto in 2016. We also have six talks from the Crypto and Privacy Village!
As ever, we want you to enjoy the presentations, get inspired and pass the knowledge along.
More talks tomorrow!
Fri, 28 Oct 2016 15:14:18 -0700(image)
Today's #defconflashbackfriday is from DEF CON 24, and it's a fun one. Evan Booth's talk this year was on building a bionic hand out of a Keurig coffee maker, but it's also about imagination, creativity and finding potential in the commonplace and unremarkable tech that's all around us. As always, please enjoy, be inspired and pass it on.
Wed, 26 Oct 2016 12:38:41 -0700(image)
DEF CON is on Instagram! We're posting a steady stream of pictures from the vaults, pictures of the preparations we're making for DEF CON 25 and various image-based shareables to amuse and edify all hackerkind. Follow us at wearedefcon and share your memories, your projects, or maybe all the exciting places you're wearing your DEF CON hat. We can't wait to see what you're up to.
Tue, 25 Oct 2016 11:45:12 -0700(image)
DEF CON in the news: To kick off your week with a heaping helping of hope for the future, here's an article from Sara Sorcher and Ann Hermes at the Christian Science Monitor calling out 15 kids killing it in the cybersecurity space.
To our great joy, a bunch of those kids have in common the DEF CON kids' track, R00tz Asylum. CyFi, Kryptina, Evan, Miller and Emmitt - you make us prouder than you know.
Tue, 18 Oct 2016 17:14:25 -0700(image)
The US Presidential election is a few weeks away. Whatever the outcome it’s safe to say this election is an inflection point. Hacked communications, data dumps and claims of state actors using media to influence the vote have dominated the news cycle. These factors and the anxiety and outrage fatigue that acccompany them are likely to be around a while, so it seemed like an opportune moment to repost Chris Rock’s talk on overthrowing governments. It’s a thought-provoking investigation into what it might take to use the modern landscape for toppling a regime, and it’s a good practical alternative to the generalized hysteria promoted by cable news.
Fri, 14 Oct 2016 09:38:25 -0700(image)
A couple of DEF CON 24 related news items in the last week:
The folks from the DEF CON IoT village and SOHOpelessy Broken Contest fame have recently published an article on their findings from this years DEF CON outlining the ever present threat of IoT vulnerabilities discovered.
Not to mention this interesting article about an Steganography vuln first publicized in the Crypto and Privacy Village at DEF CON 24.
Fri, 07 Oct 2016 14:04:00 -0700(image)
It's been a while since we posted an update, so this will be a doozy....
First and foremost, meetings are EVERY TUESDAY AT 7PM at Idea Fab Labs Chico! Every week people ask "is there a meeting tonight"? The answer is ALWAYS YES! Sometimes meetings are just 5 hackers hanging out talking shop. Come by and say Hi!
If you'd rather participate and get your hands dirty, there is currently a shiny voip phone running SIP firmware AND A PBX waiting for a config to be created and pushed.
The Kegbot also needs some love, as the raspi that runs the DB and Twitter feed is unplugged on top of the kegerator. Feel like getting the Pi and Tablet talking again? By all means!
There's also that sexy little black box on our table...but that's a secret. Right guys? See you next Tuesday.
Fri, 07 Oct 2016 14:02:53 -0700(image)
A more interesting thing about human augmentation devices like the. Insulin pump, however, is that they offer real, life-altering promise. Unlike all the devices clamoring to dim your lighting and save you from walking all the way over to the thermostat, this class of device can save your life, return your mobility, even make you a bootleg superhero.
For your Wednesday we offer a video from DEF CON 20 by doc/hacker types Christian Dameff and Jeff Tully meant to remind you of all the cool possibilities that the future holds, if we can get the security thing under control.
Link to the insulin pump story:
Fri, 30 Sep 2016 14:32:28 -0700(image)
DC813 is holding a CTF competition in January. If you're Tampa-adjacent, this could be a really fun way to get into CTF or level up your blossoming skills.
From the DEF CON Forums:
We will be holding a beginners/intermediate CTF game which has a $10 seating charge for purposes of raising money for DC813. Cash payment at the door. There will be a grand prize given to the first competitor to get the flag (root). This is a boot to root challenge. Seating is limited. NOTE: This CTF does not include multiple attack nodes; this game is designed for beginners and those that wish to sharpen their CTF skills. An OVA file containing the game within a VM will be provided, upon payment, the day of the competition. All monies received will go towards the DC813 Meetup expenses.
Tue, 27 Sep 2016 11:55:47 -0700(image)
In the ever-expanding universe of DEF CON competitions, there are many winners. We salute them all. Some of these victories are so impressive that we recognize them with an extra awesome badge and free DEF CON entry for life. This badge is the Black Badge, and we list the winners on the Black Badge Hall of Fame.
We've updated the Black Badge Hall of Fame to include winners from DEF CON 24. You should check it out.
If you have questions or updates, hit us up at info at def con dot org.
Sun, 25 Sep 2016 10:11:00 -0700(image)
Video from #defcongroup DC801's badge coding environment presentation a few nights ago. Learn a little something about the making of the 801 badge and pass it on. Also, get a look into the kind of cool stuff that happens at DEF CON Groups, and seriously consider joining your local chapter so that cool stuff can start happening to you.
If there isn't a DC Group where you are, consider starting one. All the details you need are at defcongroups.org.
Tue, 20 Sep 2016 10:59:34 -0700(image)
The talks from the @r00tzasylum kids track at DEF CON 24 are now live on the inter-tubes for the edification of young padawans and grizzled Jedi alike. Please enjoy, and make sure to drop a link to any promising younglings who might benefit from the training!
Fri, 16 Sep 2016 16:16:55 -0700(image)
For anyone with questions about the hotels DEF CON attendees use during the con, our forum wizard TheCotMan has assembled a super-handy FAQ from previous As to various lodging-related Qs.
Wed, 14 Sep 2016 13:44:29 -0700(image)
To help you get over that midweek hump, we offer another early release video from DEF CON 24 - 'I Fight for the Users: Attacks Against Top Consumer Products '. In this video, @zfasel and @secbarbie walk you through attacks on 21 popular IoT devices - so you get something more than just proof that one or another connected toaster is ready to pwn. You get to see how how whole product categories are ready to pwn.
There's even tools, in case you want to test the security of some of your own 'smart' devices. Good stuff, delivered with an eye for the lulz.
Please enjoy and then pass it on.
Thu, 08 Sep 2016 14:56:42 -0700(image)
We've got another early release video from DEF CON 24! It 's called 'Can You Trust Autonomous Vehicles?', and in it Jianhao Liu and Chen Yan discuss jamming and spoofing attacks on the sensors of cars like the Tesla Model S. It's definitely a sobering look at the downside of the Jetsons-style tech we're developing and a good reminder of the place security thinking needs to take at the design table.
As always, enjoy and pass it on.
Tue, 06 Sep 2016 14:17:09 -0700(image)
The scores for this year's DEF CON 24 CTF have been posted! The model citizens of the Legitimate Business Syndicate have finalized and shared the ultimate scores of this year's historic and hotly contested contest.
But wait - there's more! LBS also suggests strongly you keep your eyes on their site (and ours, natch) for more goodies on the near horizon: pcaps, source code, a full SQL dump among other data for your leisurely examination.
Sat, 03 Sep 2016 00:22:55 -0700(image)
For your weekend, we offer @_Kustodian_'s talk from DEF CON 24 'How to Overthrow a Government', in which the intrepid Chris Rock delivers another provocative and spooky talk about the kinds of vulnerabilities an imaginative transgressor can harness to exploit bureaucracy for their own ends.
As always, enjoy the talk and pass it on.
Thu, 01 Sep 2016 16:27:55 -0700(image)
DEF CON got a lot of ink this year - among the happenings were the DARPA CGC, tons of IoT news and what is probably the most bonkers uber badge in the history of uber badges. If you want to comb through the press coverage, we’ve assembled a bunch of it on the DEF CON Press Archive for your convenience. If you see articles that we missed, feel free to drop us a link in the comments and we’ll update.
Fri, 26 Aug 2016 23:24:37 -0700(image)
For your weekend, another #defconflashbackfriday early release talk from DEF CON 24 - this time Marc Newlin on the hijacking of wireless mice for nefarious purposes. He calls it 'MouseJack'.
As always, enjoy and share widely.
Thu, 25 Aug 2016 11:58:34 -0700(image)
For your midweek edification, we offer another early release video from DEF CON 24 - this one is the Mr. Robot panel! It's a lively discussion of the show and its inspirations with Mr. Robot's technical advisor Kor Adana, The Dark Tangent, Marc Rogers, Andre McGregor and Ryan Kazanciyan with journalist/author Kim Zetter moderating. If you watch the show, you'll definitely learn some new tidbits to increase your appreciation. If you don’t, the panel will show you what it takes to keep a hacker show realistic and exciting.
Wed, 24 Aug 2016 13:40:46 -0700(image)
Good News Everybody! We've got some updates to the archive page for DEF CON 24! We've got updated slide decks and whitepapers now on the media server.
For a post con re-cap on DEF CON and the CFP process this year, check out Nikita's speaker's corner entry entitled "DEF CON CFP: Thinking Back and Moving Forward"!
Fri, 19 Aug 2016 14:46:24 -0700(image)
Returning to the tradition of #defconflashbackfriday, we offer a presentation from all the way back in 2016 - Weston Hecker's 'Hacking Hotel Keys and Point of Sales Systems : Attacking Systems Using Magnetic Secure Transmission' from DEF CON 24.
We probably can't summarize the talk better than the title does, but if you need a little more incentive here's the abstract:
"Take a look at weaknesses in Point of sale systems and the foundation of hotel key data and the Property management systems that manage the keys. Using a modified MST injection method Weston will demonstrate several attacks on POS and Hotel keys including brute forcing other guest’s keys from your card information as a start point. And methods of injecting keystrokes into POS systems just as if you had a keyboard plugged into the system. This includes injecting keystrokes to open cash drawer and abusing Magstripe based rewards programs that are used a variety of environments from retail down to rewards programs in Slot Machines."
As always, watch, learn and share widely.
Thu, 18 Aug 2016 07:56:52 -0700(image)
If the presentation tracks are the brain of DEF CON, then the contests are its heart. It's a kind of alchemy: we bring together thousands of interesting strangers fascinated with various aspects of technology, and we want them to leave a few days later with new friends, new skills and new obsessions. Our solution? Just add a rich, world-class layer of competitions run by an army of talented, insanely dedicated volunteers.
This formula has worked pretty well, and we thank all of you players for supporting the games and keeping the comp high-level and good-natured. It is our sincere hope that you're getting something valuable from getting into the DEF CON arena in the battle of your choice.
Still, the contests are as tough as they are fun, and the field is full of wildly brilliant humans. Every winner listed here has earned their prizes and bragging rights. We congratulate them all and hope to see all of you back in the ring for DC25.
Wed, 17 Aug 2016 11:29:42 -0700(image)
The newest treats on the DEF CON media server are pictures from DC24. Like metric oodles of pictures, taken with skill and respect by our Photo Corps and a few other friends of the con like the SE Village. We offer them to all of you as a memento and record of the event, and a chance to see the bits you didn't get around to.
Like everything we release, these photos are CC licensed for you to enjoy, share and remix so long as you clearly attribute them to DEF CON.
If you have pics you'd like to share, let us know at info ]at[ defcon [dot] org and we'll look into adding them to the collection.
Mon, 15 Aug 2016 21:25:20 -0700(image)
When the dust settles after a DEF CON, it's time to collect the write-ups from the various contests and challenges. There's nothing more educational and humbling than analyzing successful strategies from the player's point of view. Please enjoy our DC24 Writeup Sampler Vol. 1, and if you see some we missed, please drop us the links for inclusion in a future volume.
Mon, 15 Aug 2016 21:23:51 -0700(image)
For those of you who missed the TD Francis X-Hour Film Contest, here's all of the competing films in their full glory. The creativity and energy required to conceive, write, shoot and edit a film during DEF CON never fails to impress. If it looks like fun to you, consider signing up and taking a crack at it next year!
Thu, 11 Aug 2016 20:15:14 -0700(image)
As part of our annual process of compiling press accounts of DEF CON, we offer some link roundups sorted by topic. First up, DEF CON Link Roundup: IoT edition.
This was a big year in the Internet of Things, and the whole industry is only just getting off the ground. At DEF CON 24 we saw the first ransomware delivered via thermostat, among many other causes for interest and concern.
As always, if you find cool coverage of DC24 topics out there, please feel free to drop some links in the comments.
Thu, 11 Aug 2016 12:16:05 -0700(image)
A big congratulations to this year’s winners of the DEF CON Capture the Flag Competition, Plaid Parliament of Pwning. A big shout out to Legitimate Business Syndicate for their masterful hosting of this event. Check out this profile of the winners!
Thu, 11 Aug 2016 12:16:28 -0700(image)
DEF CON 25 is going to be kind of a big deal.First, we’re celebrating 25 years of bringing hackers together for knowledge transfer and hackish shenanigans in the swelter of late-summer Las Vegas. Even after a full quarter-century of hacker summer camp, our family is still growing fast, and we’re still finding new cool ways to get people involved and connected.
Second, we’re switching venues again, this time to the larger, swankier environs of Caesar’s Palace. We’ll have bit more space and a lot more flexibility in how that space is distributed. Hopefully that means there will be easier traffic management and shorter lines for everyone.
DEF CON 25 will be held at Caesar’s Palace July 27-30, 2017. You can get yourself the DEF CON block rate right now at Caesar’s or the other participating hotels (Bally’s. Paris, Flamingo, Harrahs,and Linq) by following our reservation link at https://resweb.passkey.com/go/SCDEF7.
We have a lot of ideas for celebrating our Silver Anniversary with you, and we hope you have some too.
Can’t wait to see all of you again at Caesars in July.
Tue, 09 Aug 2016 18:13:23 -0700(image)
Heads up hackers! For those who attended, we hope you enjoyed this year's soundtrack. Many thanks to our headliners like Dirtyphonics, Information Society, and Richard Cheese for pitching in.
Most of all, a big thank you to Gravitas Recordings for helping to facilitate, curate, and help out with the online distribution of the soundtrack. If you missed the conference, you can find it at http://music.gravitasrecordings.com/album/def-con-24-the-official-soundtrack. Best of all, it's free or pay-what-you-want, with all revenue going to support the Electronic Frontier Foundation.
Look out for some major jams for DEF CON 25!
Sun, 07 Aug 2016 16:21:33 -0700(image)
We know what you're wondering. Who is that handsome fellow?
That striking visage belongs to this year's Uber Badge. In addition to his chiseled good looks, he sports some spiffy secret code and one particularly hyper-functional eyeball. They're each handmade, and need to be individually adjusted due to servo differences. If you're one of the lucky few who are taking one of these home, congratulations! If not, you should get here next year and get your hat in the ring. Who knows what next year's badge will be?
You can observe it in action at: https://www.youtube.com/watch?v=t8mLCnhMSqA
Sat, 06 Aug 2016 14:31:09 -0700(image)
The DARPA Cyber Grand Challenge is complete, and the mighty Mayhem from ForAllSecure has been crowned Champion and ruler of all it surveys.
If you're still wondering what's such a big deal about computers hacking each other, or if you just want a quick primer on how amazing the contest was, DARPA has dropped a highlight reel to catch you all the way up.
Sometimes you can't see how important something in in its moment, even if it seems kind of important. This is probably one of those times.
Thu, 04 Aug 2016 16:35:40 -0700(image)
CD player in the shop? Too young to know what a CD even is? The DEF CON 24 conference CD and the DEF CON 24 Music CD are now available to you in ultra-convenient Torrent form. Enjoy hours of free music and conference goodies, without the danger of skips, scratches and microwave misadventure. The internets are standing by, so Act Now!
Or, like, whenever. Supplies are basically unlimited.
Wed, 03 Aug 2016 18:03:30 -0700In response to the article that was posted by the Register, the DEF CON Network Operations Center Team (NOC) pride ourselves on making a network that allows the community to get Internet access, and have access to internal resources (Servers, etc.). The DEF CON NOC believes in privacy and anonymity for our attendees. When users attach to the DefCon Secure (802.1x/PEAP) network, we have made the decision to do our best to make that data/traffic inaccessible, and the team does not allow for data monitoring, nor recording of the traffic. We do have overall bandwidth monitoring- but will never run driftnet, ntop or other tools that invade the privacy of the users on the secure network. The DEF CON network resources, and staff who volunteer in the NOC at DEF CON currently do not have any part in the operations of the Black Hat network(s). The DEF CON NOC also doesn’t allow vendors to use the network as a place to demo or experiment with our user’s traffic. Now… If you happen to attach to any network that does not have the more secure certificate authentication method enabled – all bets are off. Your traffic will be monitored – not by us, but by the people around you. We also ship the open WiFi network traffic off to the Wall of Sheep as well, and anyone on the unsecure network can and will easily Man-In-The-Middle your traffic. If you want to get on the “DefCon” Secure network- follow the instructions that are posted on https://wifireg.defcon.org/. Each PEAP session that is created from the client to the controller is a unique session, and is not allowed to talk to any of the other users on the network once connected to the official network. If you are concerned about someone capturing your credentials, you don’t want to register ad userid, or want to maintain anonymity we have also setup a common username and password of defcon/defcon. So if someone says that they captured your credentials, it’s really not that big of a deal, especially when everyone has a unique session. You sho[...]
Fri, 29 Jul 2016 19:02:32 -0700
Attention Lawyers, Judges, Law Students and people who have the complete Matlock collection on VHS:
The Lawyer Meetup has changed locations. It's still on Friday Night August 5, and it's still at 6pm, but now it will be held in Bally's Palace 6 on the main floor. We hope to see you there for genial jurisprudential fellowship.
If you have questions or want to help, contact host Jeff McNamara at firstname.lastname@example.org.
Fri, 29 Jul 2016 19:01:08 -0700
At DEF CON, cyber competitions are kind of our thing. Our first We love them because they're fun, because they test a lot of skills at once, and because they build community.
Yesterday, DEF CON founder Jeff Moss attended a workshop held by the Office of Science and Technology Policy to discuss ways we can use this kind of competition to encourage infosec as an occupation, and making this kind of high-energy hacker problem-solving part of the standard curriculum for STEM students everywhere. The idea, according to OSTP's blog is "increasing awareness of potential cybersecurity professionals and providing opportunities for experiential learning at all skill levels."
We couldn't agree more.
This year DEF CON's annual CTF contest will bring together teams of packet-slinging phenoms from all over the world. For the first time, we're also putting on a DARPA autonomous CTF contest. In a few years, who knows what the combination of brilliant humans and intelligent machines will mean for contests like ours? You're definitely going to want to stay tuned.
Wed, 27 Jul 2016 01:35:58 -0700
Many thanks to @shortxstack and @sethlaw for creating the Android and iOS versions of the #HackerTracker app. Thanks to their effort you can slurp the entire schedule of DEF CON 24 into your pocket-brain, freeing your hands and meat-brain for mischief and hackery.
Wed, 20 Jul 2016 13:37:14 -0700
Workshops are free, first come, first served, and seats will fill up fast!
To register for a workshop, you will need to go to the Bally's side in front of the cafe arcade between Thursday 07:00 to 15:00. We will have goons to pre-register you for the workshop(s) of your choosing.
If the workshop that you want has filled up before you got there, don't worry! Just like last year, if you come to the workshop area early the day of, you can wait in the standby line. If a seat opens up, it will be made available to the first person waiting to claim it.
Please Note: You will be issued a workshop "pass". It will be required for class admission. If you lose it we can't help you, your seat will be made available for those in standby.
Tue, 19 Jul 2016 01:52:38 -0700
While you're enjoying DEF CON 24, don't forget to check out the demo labs, where many of your fellow hackers are displaying their current projects for your perusal. Get inspired, offer some feedback, maybe even find a new collaborator.
There ain't no show and tell like a hacker show and tell.
Sun, 17 Jul 2016 15:44:18 -0700
Attention Hams, both active and aspiring! The exemplary humans of DC408 have brought back Ham Exams for DEF CON 24!
If you're looking to get a certification, please take a moment to look through the rules on the forum page for this event. You're gonna have to bring some stuff. And know some stuff.
Sun, 17 Jul 2016 15:43:12 -0700
The situation we find ourselves in after the events of last year is tenuous. All agents must be especially careful. The Mad Hatter's disruption of the Daemon was a serious breach, but this year, we may just be able to get the upper hand.
Soon you will find new content and a brand new Teaser online at https://dcdark.net/ Agents from past years: DM me here or on Twitter. There is work to be done.
forum thread: https://forum.defcon.org/forum/defcon/dc24-official-unofficial-parties-social-gatherings-events-contests/dc24-official-and-unofficial-contests/the-defcon-darknet-project-ac/223792-defcon-24-darknet-humans-and-machines
Sat, 09 Jul 2016 03:06:46 -0700
The Data Duplication Village is also returning for DC 24, tanned, rested and packed with even more goodies to fill your oceans of cheap HD space.
Bring some drives, get everything in infocon.org and a practically endless supply of rainbow and hash tables. You can even throw some fun data into the mix, if you have something you think your fellow hackers would find useful. It's kind of like a drop-off dry cleaner, except you get back terabytes of sparkly new data instead of your same old clothes. And it's free. And surrounded by DEF CON.
So really it's only like a drop off cleaner in that you drop stuff off, pick it up later and the bag is NOT A TOY. But that's enough for a simile, right?DT spells it all out in the Forum thread and you are encouraged to ask any questions you have there.
Wed, 29 Jun 2016 14:50:51 -0700
Vegas is a lot of fun, but it can also be just a lot. Too much, even, if you’re trying to keep the horizon level in your windscreen. If you’re a friend of Bill W joining us for DEF CON 24, please know that we have meetings at noon and five p.m., Thursday through Sunday at ’The Office’ on the 26th floor of the Bally’s Tower. Drop by if you need to touch base or just want a moment of serenity. We’ll be there.
Mon, 27 Jun 2016 17:00:59 -0700Heady, insightful movies about the rise of robots and AI are great. We've even recommended several in these pages, and you should definitely watch them all. Still, movies don't have to carry the weight of 2001 or the maniac attention to detail of Blade Runner to be worth 90 minutes of your life. Sometimes an earnestly misguided B-movie is just what the doctor ordered. In that spirit, we offer 'Rise of the Machines' Movie Homework, Guilty Pleasure Edition. Westworld: In the early 70s, the robot future looked like the Disney animatronic President exhibit, at least to the makers of this film. Take a fun, sexy vacation to a theme park where robots populate a Wild-West themed town. You can drink with them, dance with them, fight with them - it's a hoot until somebody makes the Yul Brynner-bot angry. Fun and interesting, if a little slow-moving. The Lawnmower Man: Sure, VR is all the rage now, but this isn't the first time we've gone crazy for the idea of low-poly graphics and nausea goggles. The last VR boom mostly created dozens of televised interviews for Jaron Lanier, but right on the edge of that bubble we got 'Lawnmower Man' - a sort of 'Flowers for Algernon' meets 'Transcendence' with some seriously early 90s graphics work. Hardware: I can't really give you a better description than IMDB does: "The head of a cyborg reactivates and rebuilds itself and goes on a violent rampage in a space marine's girlfriend's apartment." This movie isn't high art, but it's fun and it's better than its budget deserves. Also, Lemmy is in it. Runaway: Tom Selleck and his absurdly luxurious mustache have the dirty job of deactivating robots who've gone haywire. The over-the-top bad guy is played by Gene Simmons of KISS. Michael Crichton wrote and dir[...]
Thu, 23 Jun 2016 12:03:21 -0700
There's a brand new Speaker's Corner post from Aditya K. Sood titled "Bridging the Gap: Dispersing Knowledge through Research Presented at DEF CON". Have a look!
Mon, 20 Jun 2016 15:17:47 -0700
After much difficult deliberation and debate, the list of speakers for DEF CON 24 is now live and ready for your consideration. We want to thank everyone who submitted - there was a bumper crop of quality entries. It's never easy to narrow down the list, and we congratulate the selected speakers. If your talk wasn't selected, we hope you'll submit again next year.
Heartfelt thanks also to the DEF CON Review Board. The board puts in crazy hours and makes hundreds of tough calls to finalize our roster, and we heart the stuffing out of them for all their sweat and devotion.
Feel free to let us know which talks you're most excited about in the comments.
August can't get here fast enough!
Fri, 17 Jun 2016 16:04:29 -0700
Can you feel how close it's getting?
The full schedule for Workshops at DEF CON 24 is now available for your careful examination. Make plans, invite friends, agonize about the limited number of hours in a standard Earth day. The workshops are all free, but space is limited. Registration is onsite, first-come first-served, so knowing what you want ahead of time is key.
It's gonna be a good DEF CON.
Thu, 16 Jun 2016 14:04:03 -0700
The DEF CON Groups program is designed to reflect the values of DEF CON, providing an open community for the discussion of technology and security topics. As such, we must all work together so that our actions build toward that goal.
However when anyone or any group abuses the trust of this community and negatively impacts the reputation of DEF CON we are all harmed. After significant discussions we have concluded with regret that DEF CON must revoke DEF CON Group Lucknow for attempting to commercialize based on the brand and community.
Since the beginning of the DEF CON Groups back in 2003 this is the first time we have had to take this action, and we genuinely hope it will be the last.
The Dark Tangent
Sat, 11 Jun 2016 12:46:29 -0700
Tinkerers of all sorts, rejoice! The EFF's Badge Hack Pageant returns to DEF CON 24. Have your clever badge hacks judged by the all-star panel of Zoz, Joe Grand and 1o57! Win prizes! Enjoy the company of others who refuse to accept the idea that the device in front of them has reached its final form!
Sat, 11 Jun 2016 11:36:02 -0700
Winners have been announced in the DEF CON Short Story Contest. Many congratulations to the winners and thank you to everyone who shared your work with us. The DEF CON community brings it - no matter what the challenge. You guys rule.
Mon, 06 Jun 2016 10:24:25 -0700
In 2005, DARPA challenged innovators around the world with a $2M prize to build a vehicle that could navigate the Nevada desert with no one at the wheel. In 2016, DARPA has again challenged the global innovation community with a $2M prize to build a computer that can hack & patch unknown software with no one at the keyboard.
At DEF CON 24, on Thursday night at 5pm, the Paris ballroom will host the world's first all-machine hacking tournament. Seven high performance computers will play an all-machine Capture the Flag contest, reverse engineering unknown binary software, authoring new IDS signatures, probing the security of opponent software, and re-mixing defended services with machine-generated patches and defenses.
(more on on the DEF CON 24 Cyber Grand Challenge Page)
Tue, 31 May 2016 13:43:40 -0700(image)
Wireless Village CFP is open - closes June 30!
Sure, the main DEF CON CFP is closed. But sometimes, when DEF CON closes a door, the Villages open a window.
If you have a great presentation on wireless security or shenanigans you've still got a month to get it into shape for consideration by the radiant humans of the DEF CON Wireless Village. We recommend getting on it promptly though. Slots are limited and the last moment always gets here faster than you expect.
Fri, 27 May 2016 16:52:58 -0700(image)
We have a treat for all the suave sophisticates out there. If your idea of the perfect evening is the tinkling of ice cubes and ivories under low, flattering lights, join us Friday night at Napoleon's for two shows of the song stylings of Richard Cheese and his crack band Lounge Against the Machine.
Yes. We said Richard Cheese. And we said two shows. We also said the thing about flattering lights, but your mileage may vary. Polish up your best monocle and let's enjoy an evening of the hits of yesterday and today, sprinkled with that one-of-a-kind Cheese magic.
Wed, 25 May 2016 14:00:48 -0700(image)
Join us Saturday night for a dance party both radical and tubular. DEF CON is proud to present two pioneers of the electronic dance genre: Berlin featuring Terri Nunn and Information Society. Sick beats and iconic hooks await you. We promise a sweaty good time to all, 80s survivors and wide-eyed millennials alike.
If you are not there, are you anywhere? Don’t be nowhere, when you can be right here, at DEF CON 24’s 80s night.
Tue, 24 May 2016 15:14:00 -0700(image)
Thanks again to the honorable folks at Legitimate Business Syndicate for running the 2016 CTF Quals! They've been kind enough to put together a wrapup for your post-mortem perusal.
They've also open-sourced all the challenges, just because they're cool like that.
Enjoy and share. We'll post more as we get them.
Fri, 20 May 2016 23:54:07 -0700(image)
If you're looking to keep track of the 40 or so hours of unbridled packet mayhem that remain, here's a couple of links:
On Twitter, follow our powerful CTF Organizers Legitimate Business Syndicate @LegitBS_CTF
To see the HTML Scoreboard, go to https://2016.legitbs.net/scoreboard/complete
If you like your scoreboards a little spicier, there's a JSON version at https://2016.legitbs.net/scoreboard/ctftime.json
There's a chat at #defconctf on the 'Hackint' network - infoz at http://www.hackint.org/
There's even a pushbullet channel at https://www.pushbullet.com/channel?tag=first-solves-jequaquifs
Honestly, if you need more ways than that to keep your eyes on the action, you should be playing.
Godspeed to all combatants. May the best hacks win.
Fri, 20 May 2016 14:13:05 -0700(image)
So you're at DEF CON 24. It's Friday night. After a long day of contests, talks and general merriment, you need to get lost in some music and maybe shake that tail feather. If only there were a whole evening planned with house-quaking, artisanally crafted small-batch beats from DEF CON's favorite crowd-moving specialists!
We have anticipated your need, DEF CON massive. DEF CON EDM night (exact location TBA) is here to supply you with soul-nourishing rhythm and space to get your head and your booty in sync. Who's playing, you ask?
The heavy groove merchants DirtyPhonics
The sensual overload of the Zebbler Encanti Experience
The sophisticated boom-bap of DualCore
The mighty, mighty, YTCracker
Now that you know, you have no excuse to be anywhere else. To get familiar, hit us up at https://defcon.org/html/defcon-24/dc-24-entertainment.html
Thu, 19 May 2016 11:20:11 -0700(image)
DEF CON 24 has a lot of space, and we're expecting a lot of party people. So much space, and so many party people, in fact, that we're once again crowd-sourcing some of the merrymaking to you, the DEF CON community.
We want your party ideas. The best ones get the space to get it cracking, the gratis use of a hotel bartender (the bartender, not the booze) and promotion from us. Let's make your party dreams come true for one magical Vegas night.
Infoz are on the DEF CON 24 Call For Parties Page
It's getting close, people. Let's light this candle!