The Packet Hacking Village at DEF CON 31 will be in-person only. Our village hours:

  • Friday, August 11th: 10:00 - 18:00
  • Saturday, August 12th: 10:00 - 18:00
  • Sunday, August 13th: 10:00 - 13:00

All times are in PDT. Schedules are subject to change.

DC31 Map to PHV

Events and Contests

Packet Inspector

The perfect introduction to network analysis, sniffing, and forensics. Do you want to understand the techniques people use to tap into a network, steal passwords and listen to conversations? Packet Inspector is the place to develop these skills! For well over a decade, the Wall of Sheep has shown people how important it is to use end-to-end encryption to keep sensitive information like passwords private. Using a license of the world famous Capture The Packet engine from Aries Security, we have created a unique way to teach hands-on skills in a controlled real-time environment.

Packet Detective

Looking to upgrade your skills or see how you would fare in Capture The Packet? Come check out what Packet Detective has to offer! A step up in difficulty from Packet Inspector, Packet Detective will put your network hunting abilities to the test with real-world scenarios at the intermediate level. Take the next step in your journey towards network mastery in a friendly environment still focused on learning and take another step closer to preparing yourself for the competitive environment of Capture The Packet

Capture The Packet

Come compete in the world's most challenging cyber defense competition based on the Aries Security Cyber Range. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth, so only the best prepared and battle hardened will escape the crucible.

CTP times

CTP prizes


Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come see if you can... make the best cable at con by cut/wire/crimp.

Walkthrough Workshops (WTW)

Come sit down and take a self guided journey to learn something hands on with us. We have an array of skills to learn including Honeypots, FleetDM, Linux, NetworkOS, Botnets, and others as well! We have people there to help answer your questions if things get a little dicey and make sure you have the best time while picking up something new.


You are the world's greatest hacker. You find vulnerable machine open to SSH and brute force the root credentials easily! Hooray! But wait, are you actually on a vulnerable machine full of secrets, or a honeypot logging your every keystroke?

In this half hour workshop, you'll get your very own Cowrie honeypot ( running on Ubuntu, and learn how to modify it, administer it, and watch the logs for hackers in action!

This workshop is great for both advanced Linux users who want to learn a new skill or those who have never used Linux before! We'll give you command-by-command instructions along with helpful guidance and starting points if you want to go off and do something cool.

Linux Trainer

Knowing how to use the Linux command line is a critical skill for any good security practitioner. This trainer will have 10+ problems covering some of the most fundamental Linux commands. This trainer is for people new to field and for those who want to hone their Linux command line-fu.

Network-OS: Be The Cloud

The Network-OS workshop will take you into the mysterious world which underpins modern computing and allows people to talk across the globe. This of course being the network itself. In this workshop you will familiarize yourself with the command line of network devices. Step by step, you will configure devices to talk to each other, share information about the computers connected to them, and relay their network information and traffic between each other. No experience needed, know how to type and copy/paste.

Regular Expressions (RegEx) Trainer

Regular Expressions or RegEX are used everywhere! If you aspire to be a Pentester, Threat Hunter, Programmer, Network Engineer, DevOps or really anything in technology today, RegEx is a skill all the greats have and the majority of the industry are terrible at. Come learn or brush up on your RegEx skills in on our live trainer.



All talks will be held at the Village Stage in the Contest Area. You can enter via Room 232.



Title: Pwning the Pwners with Mindware
Speaker: Frank "D9" DiGiovanni

Abstract: Traditionally the cyber attacker has an asymmetric advantage over the cyber defender. But does it have to be that way? Is it possible for the cyber defender to take an "offensive stance." This talk will show how the emerging science of cyberpsychology and the leveraging of AI can provide the defender with the ability to pwn the most vulnerable component in the cyberattack kill chain, the attack's human operator. Leveraging the DoD's "Tularosa Study," this talk will cover a theoretical framework for achieving this objective, outline an operational vignette, and then cover some the specifics for such an approach.

Speaker Bio: Forty-one years of government service, Frank DiGiovanni is a retired USAF Colonel and DoD Senior Executive Service. Co-Led with the DoD CIO the development of the SecDef's DoD Cyber Workforce Strategy. Built from scratch a six-month DoD Cyber Operations training course, repurposed DEFCON's CTF and CTP technical architecture to support DoD cyber operations training, and now working advanced cyber R&D projects in private sector. UPENN doctoral dissertation examined what makes hackers extraordinary unique from the average human population.

Title: The Importance of Arts and Crafts in ThreatOps
Speaker: Pete Hay, Editor-in-Chief, TheCyber.Report

Abstract: Cybersecurity professionals spend an huge amount of time attempting to use a visual medium to communicate complicated concepts in a simple yet information-dense manner. However if you ask 10 analysts to map out the same incident, you'll get 10 divergent diagrams. In this presentation we present a method of leveling-up your cybersecurity-related arts and crafts skills: effectively diagramming incidents, threat reports, threat intel, and reporting to support full-spectrum ThreatOps.

Speaker Bio: In addition to being SimSpace's Principal Security Strategist, Pete is the Co-Founder & Editor-in-Chief of TheCyber.Report. Pete has an extensive & diverse background in technology driven fields including Computer Network Operations (CNO), Network Forensics, & Nuclear Chemistry, as well as one of the few patents issued in Cybersecurity & ZTA. A life-long learner & security enthusiast, Pete helps Fortune 10 banks test & refine their security postures, while running TheCyber.Report as a passion project.

Title: Death by 1000 Likes: How Much Do You Really Leak in Social
Speaker: Will Kay

Abstract: As lonely Aussies attending our first Defcon last year, we were frequently drawn to the hilarity/uniquness of the Wall of Sheep board. One of our group suggested people leaking at the con was super entertaining, but what about throughout the rest of the year? We decided to use the time between DC30 and DC31 scraping the r/defcon subreddit to create the Wall of Sheep - online edition.

Speaker Bio: Will works for a private security consultancy in Australia. He is cybersecurity advisor and insider threat consultant. His professional career began many years ago in military intelligence to which he owes his knowledge of traditional targeting methods. The organisation and team he works for today provides security awareness and reinforcement training. His passion is removing the weakness that exists across society to social engineering techniques, and believes a more secure and prosperous future begins with people.

Title: OSINT for Physical Security Intelligence
Speakers: Mike Raggo, Security Researcher, SilentSignals; Chet Hosmer,
Chief Scientist

Abstract: Organizations seek rapid intelligence about critical situations that impact their teams, locations, or assets. Yet when it comes to OSINT we find organizations performing Open Source Information gathering; wasting time sifting through data to get to the actionable intelligence. In this presentation we demonstrate how to collect curated data and eliminate 99% of the time spent on reliminary data analysis. Furthermore, all of this data can be combined to perform trending and predictive analysis for natural disasters, geo-political situations, or business risk. The goal is to provide attendees with ideas for formulating new approaches for physical security OSINT.

Speaker Bios: Michael T. Raggo has over 30 years of security research experience. During this time, he has uncovered and ethically disclosed vulnerabilities in products including Samsung, Checkpoint, and Netgear. Michael is the author of "Mobile Data Loss: Threats &Countermeasures" and "Data Hiding" for Syngress Book. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, SANS. He was also awarded the Pentagon's Certificate of Appreciation.

Chet Hosmer is an international author, educator, researcher, and founder of Python Forensics, Inc., a non-profit research institute focused on the collaborative development of open source investigative technologies using the Python programming language. Chet is also a Visiting Professor at Utica College in the Cybersecurity Graduate Program, where his research and teaching is focused on data hiding, active cyber defense and security of industrial control systems. Additionally, Chet is an Adjunct Professor at Champlain College in the Digital Forensics Graduate Program, where his research and teaching is focused on solving hard digital investigation problems using the Python programming language.

Title: WINE Pairing with Malware
Speaker: Jared Stroud, Lead Security Engineer, The MITRE Corporation

Abstract: The growing popularity of playing AAA Windows video games on Linux has increased the compatibility of tools such as WINE and Proton. These same platforms that enable the latest games to run also can be used to execute the latest Malware. This talk will walk through configuring an environment to rapidly collect IoCs from unknown samples without having to use expensive sandboxes. Learn how to leverage your favorite UNIX tools to awk, grep, and pipe your way to extracting valuable forensic evidence without submitting your samples to $VENDOR. More on the offensive side? Come see how to shorten the feedback loop from idea generation, to testing and finally deployment!

Speaker Bio: Jared Stroud is a Lead Security Engineer at The MITRE Corporation tackling problems related to Container and Kubernetes security. Jared also contributes to ATT&CK via Adversary Emulation for Linux threats.


SCHEDULE & DJ's to be announced