Presentations & Workshops
Packet Hacking Village Talks at DEF CON 27
4 years and 10,000+ Hours Later: Lessons Learned from Running a National Penetration Testing Competition
Tom Kopchak and Dan Borges
Augmenting the (Security) Onion: Facilitating Enhanced Detection and Response with Open Source Tools
Wes Lambert
Bestsellers in the Underground Economy: Measuring Malware Popularity by Forum
Winnona DeSombre
Beyond Sandboxes. How to Execute IoT Malware and Analyze Its Evolution
María José Erquiaga, Sebastian Garcia
The Cyberlous Mrs. Maisel: A Comedic (and slightly terrifying) Introduction to Information Warfare
Jessica "Zhanna" Malekos Smith
"First-Try" DNS Cache Poisoning with IPv4 and IPv6 Fragmentation
Travis Palmer and Brian Somers
Generating Personalized Wordlists With NLP by Analyzing Tweets
Utku Sen
Head in the Clouds
Matt Nash
Hunting Certificates and Servers
Sam Erb
Leveraging Passive Network Mapping with Raspberry Pi and Python
Chet Hosmer
Patching: It's Complicated
Cheryl Biswas
Phishing Freakonomics
Russell Butturini
Sandbox Creative Usage For Fun and Pro...Blems
Cesare Pizzi
Security to Make the CFO Happy
Adam
Solving Crimes with Wireless GeoFencing and Multi-Zone Correlation Analytics
Gleb Esman
Your Phone is Using Tor and Leaking Your PII
Milind Bhargava and Adam Podgorski
Packet Hacking Village Talks at DEF CON 26
An Analysis of Cybersecurity Educational Standards
Rob Olson
Burning the Lookout
Silas Cutler
Defense in Depth: The Path to SGX at Akamai
Samuel Erb
Grand Theft Auto: Digital Key Hacking
Huajiang "Kevin2600" Chen
How to Tune Automation to Avoid False Positives
Gita Ziabari
Mapping Wi-Fi Networks and Triggering on Interesting Traffic Patterns
Caleb Madrigal
Microcontrollers and Single Board Computers for Hacking, Fun and Profit
gh057
Normalizing Empire's Traffic to Evade Anomaly-Based IDS
Utku Sen
An OSINT Approach to Third Party Cloud Service Provider Evaluation
Lokesh Pidawekar
Protecting Crypto Exchanges From a New Wave of Man-in-the-Browser Attacks
Pedro Fortuna
Turning Deception Outside-In: Tricking Attackers with OSINT
Hadar Yudovich, Tom Kahana, Tom Sela
wpa-sec: The Largest Online WPA Handshake Database
A. Stanev
Speaker Workshops at DEF CON 25
AWS Persistence and Lateral Movement Techniques
Peter Ewane
CVE IDs and How to Get Them
Daniel Adinolfi and Anthony Singleton
Fooling the Hound: Deceiving Domain Admin Hunters
Tom Sela
Fortune 100 InfoSec on a State Government Budget
Eric Capuano
How Hackers Changed The Security Industry
Chris Wysopal
Hunting Down the Domain Admin and Rob Your Network
Keith Lee and Michael Gianarakis
IP Spoofing
Marek Majkowski
Iron Sights for Your Data
Leah Figueroa
Layer 8 and Why People are the Most Important Security Tool
Damon Small
Modern Day CovertTCP with a Twist
Mike Raggo and Chet Hosmer
Passwords on a Phone
Sam Bowne
Past, Present and Future of High Speed Packet Filtering on Linux
Gilberto Bertin
Stories from a 15 days SMB Honeypot: Mum, Tons of WannaCry and Evils Attacked Our Home!
Tan Kean Siong
Strengthen Your SecOps Team by Leveraging Neurodiversity
Megan Roddie
Threat Intel for All: There's More to Your Data Than Meets the Eye
Cheryl Biswas
Visual Network and File Forensics
Ankur Tyagi
When the Current Ransomware and Payload of the Day (CRAP of the day) Hits the Fan: Breaking the Bad News
Catherine Ullman and Chris Roberts
XSS FTW - What Can Really Be Done With Cross-Site Scripting
Brute Logic
YALDA - Large Scale Data Mining for Threat Intelligence
Gita Ziabari
You're Going to Connect to the Wrong Domain Name
Sam Erb
Speaker Workshops at DEF CON 24
Attacks on Enterprise Social Media
Mike Raggo
Automated Dorking for Fun and Profit^WSalary
Filip Reesalu
Building a Local Passive DNS Tool for Threat Intelligence Research
Kathy Wang
Chasing the Long Tail: Cracking Complex Passwords
Phil Trainor
Connections: From the Eisenhower Interstate System to the Internet
Chef
Deceive and Succeed: Measuring the Efficiency of a Deception Eco-System in Post-Breach Detection
Omer Zohar
Dynamic Population Discovery for Lateral Movement Detection (Using Machine Learning)
Rod Soto and Joseph Zadeh
Fuzzing For Humans: Real Fuzzing in the Real World
Joshua Pereyda
How to Find 1,352 WordPress XSS Plugin Vulnerabilities in 1 Hour (not really)
Larry Cashdollar
LTE and Its Collective Insecurity
Chuck McAuley and Chris Moore
Presenting Security Metrics to the Board / Leadership
Walt Williams
To Catch An APT: YARA
Jay DiMartino
You Are Being Manipulated
GrayRaven
Speaker Workshops at DEF CON 23
All videos are now available on YouTube: https://www.youtube.com/channel/UCnL9S5Wv_dNvO381slSA06w.
Creating REAL Threat Intelligence with Evernote
grecs
The Digital Cockroach Bait Station: How to Build Spam Honeypots
Robert Simmons
dnstap - A Standard Interface to Real Time DNS Transaction Flows
Paul Vixie
From XSS to Root on Your NAS
Tony Martin
Global Honeypot Trend
Elliott Brink
Hacker's Practice Playground
Lokesh Pidawekar
I See You
Brian Wohlwinder and Andrew Beard, Fidelis
Is Your Android App Secure?
Sam Bowne
MITM 101: Easy Traffic Interception Techniques Using Scapy
Bob Simpson
The Packets Made Me Do It: Getting Started with Distributed Full Packet Capture Using OpenFPC
Leon Ward
PowerShell for Penetration Testers
Nikhil Mittal
Speaker Workshops at DEF CON 22
Abusing Microsoft Kerberos: Sorry You Guys Don't Get It (Black Hat 2014 Encore)
Alva Duckwall
Benjamin Delpy
- Presentation slides
The Art of Botnet Tracking and Attribution
Jozef Mlodzianowski, Malware Researcher at Sub0Day
- Presentation slides
Data Hiding: A Peek at the Latest Innovations
Michael Raggo, Security Evangelist at MobileIron
Chet Hosmer, Founder & Chief Scientist at WetStone Technologies, Inc.
- Presentation slides
Don't Get Owned at DEF CON: Single Packet Authorization and SSH Tunneling
Jay Beale, InGuardians
Exploit Development for Beginners
Sam Bowne, Instructor at CCSF
- Linux Buffer Overflow (via samsclass.info)
- Exploiting "Vulnerable Server" for Windows 7 (via samsclass.info)
- Additional examples (via samsclass.info)
How Machine Learning Finds Malware Needles in an AppStore Haystack
Theodora Titonis, Vice President of Mobile Security at Veracode
- Presentation slides
iOS Attachment Vulnerability
Michael Raggo, Security Evangelist at MobileIron
- Presentation slides
Making Mongo Cry: Automated NoSQL exploitation with NoSQLMap
Russell Butturini
MetaData: PII at Risk
Sudesh Gadewar, Information Security Engineer at Cisco
Mobile Network Forensics
Michael Raggo, Security Evangelist at MobileIron
- Presentation slides
Mobile SSL Failures
Tony Trummer, Senior Information Security Engineer, Vulnerability Research and Assessment at LinkedIn
Tushar Dalvi, Senior Information Security Engineer, Vulnerability Research and Assessment at LinkedIn
Multipath TCP: Breaking Today's Networks with Tomorrow's Protocols (Black Hat 2014 Encore)
Catherine (Kate) Pearce, Security Consultant at Neohapsis
Patrick Thomas, Security Consultant at Neohapsis
- Presentation slides
Network Based File Carving
GTKlondike, Independent Security Researcher
One Social Profile To Rule Them All
Joseph Muniz, Consulting Security Engineer at Cisco
Aamir Lakhani, DrChaos.com
- Presentation slides
Tools and Techniques Used at the Wall of Sheep
Ming Chow, Wall of Sheep
Vaccinating APK's and even Android
Milan Gabor, CEO of Viris Ltd.
Danijel Grah, Consultant at Viris d.o.o.
Violent Python
Sam Bowne, Instructor at CCSF
ZitMo NoM (ZeuS-in-the-Mobile No More)
David Schwartzberg, Senior Security Engineer at MobileIron
- Presentation slides
Speaker Workshops at DEF CON 21
For abstract and bios, see original schedule