home > events > defcon-32 (2024-10-02)

DEF CON 32 + 📅 + ⚙️

DEF CON 32 + 📅 + ⚙️

Table of Contents

defcon-32-logo.png

Event Overview

DEF CON 32 is the latest iteration of one of the world's largest and most notable hacking conferences. Founded in 1993, DEF CON brings together computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in computer security.

Schedule

Friday Talks

DONE Welcome to DEF CON

Spies and bytes: Victory in the digital age

spies-and-bytes-victory-digital-age-01.png

Mobile mesh RF network exploitation: Getting the tea from GoTenna

Where's the money: Defeating ATM disk encryption

Securing CCTV cameras against blind spots

securing-cctv-cameras-against-blind-spots-01.png

Behind enemy lines: Going undercover to breach the LockBit ransomware operation

Open sesame - or how vulnerable is your stuff in electronic lockers

No symbols when reversing? No problem: Bring your own

The XZ backdoor story: The undercover operation that set the internet on fire

xz-backdoor-story-undercover-operation-01.png

Atomic honeypot: A MySQL honeypot that drops shells

Listen to the whispers: Web timing attacks that actually work

High intensity deconstruction: Chronicles of a cryptographic heist

Fireside chat with DNSA Anne Neuberger

DONE On your Ocean's 11 team, I'm the AI guy (technically girl)

Veilid dev and community meetup

DONE Kicking in the door to the cloud: Exploiting cloud provider vulnerabilities for initial access

If existing cyber vulnerabilities magically disappeared overnight, what would be next?

DONE Sshamble: Unexpected exposures in the secure shell

Defeating EDR evading malware with memory forensics

defeating-edr-evading-malware-memory-forensics-01.png

Digital emblems: When markings are required under international law, but you don't have a rattle-can handy

Xiaomi the money - Our Toronto Pwn2Own exploit and behind the scenes story

Fireside chat and AMA with the Dark Tangent and Jen Easterly

DONE Optical espionage: Using lasers to hear keystrokes through glass windows

The way to Android root: Exploiting your GPU on smartphone

DONE Breaching AWS accounts through shadow resources

DC101 PANEL

Abusing Windows Hello without a severed hand

abusing-windows-hello-without-severed-hand-01.png

DONE Taming the beast: Inside the LLAMA 3 red team process

Android app usage and cell tower location: Private. Sensitive. Available to anyone?

Social engineering like you're Picard

Making the DEF CON 32 badge

SQL injection isn't dead: Smuggling queries at the protocol level

Outlook unleashing RCE chaos: CVE-2024-30103 & CVE-2024-38021

Leveraging private APNS for mobile network traffic analysis

leveraging-private-apns-mobile-network-traffic-analysis-01.png

Why are you still using my server for your internet access

why-using-my-server-for-internet-access-01.png

DONE Bricked & abandoned: How to keep the IoT from becoming an internet of trash

One for all and all for WHAD: Wireless shenanigans made easy!

DONE Breaking secure web gateways (SWG) for fun and profit

Exploiting Bluetooth - from your car to the bank account$$

Stranger in a changed land

Saturday Talks

The Pwnie Awards

Laundering money

laundering-money-01.png

Mutual authentication is optional

DONE Reverse engineering MicroPython frozen modules: Data structures, reconstruction, and reading bytecode

reverse-engineering-micropython-frozen-modules-01.png

Cult of the Dead Cow & friends present: Prime cuts from hacker history - 40 years of 31337

Gotta cache 'em all: Bending the rules of web cache exploitation

Smishing smackdown: Unraveling the threads of USPS smishing and fighting back

The rise and fall of binary exploitation

Shim me what you got - Manipulating shim and office for code injection

Quickshell: Sharing is caring about an RCE attack chain on Quick Share

quickshell-rce-attack-chain-quick-share-001.png

Sudos and sudon'ts - Peering inside sudo for Windows

DONE Disenshittify or die! How hackers can seize the means of computation and build a new, good internet that is hardened against our asshole bosses' insatiable horniness for enshittification.

Grand theft actions: Abusing self-hosted GitHub runners at scale

Deception & counter deception – Defending yourself in a world full of lies

deception-counter-deception-defending-yourself-01.png

AMD SinkClose: Universal ring -2 privilege escalation

The secret life of a rogue device - Lost IT assets on the public marketplace

Fireside chat with National Cyber Director Harry Coker, Jr.

Oh-my-DC: Abusing OIDC all the way to your cloud

Inside the FBI's secret encrypted phone company 'ANOM'

NTLM - The last ride

Behind enemy lines: Engaging and disrupting ransomware web panels

Eradicating Hepatitis C with bioterrorism

eradicating-hepatitis-c-with-bioterrorism-01.png

Figure 1: Discovering and exploiting local attacks against the 1Password macOS desktop application

Discovering and exploiting local attacks against the 1Password macOS desktop application

Hacking millions of modems (and investigating who hacked my modem)

hacking-millions-of-modems-01.png

Figure 2: Troll trapping through TAS tools: Exposing speedrunning cheaters

Troll trapping through TAS tools: Exposing speedrunning cheaters

Ace up the sleeve: From getting JTAG on the iPhone 15 to hacking into Apple's new USB-C controller

Exploiting the unexploitable: Insights from the Kibana bug bounty

Measuring the Tor network

measuring-the-tor-network-01.png

A shadow librarian in broad daylight: Fighting back against ever encroaching capitalism

Hookchain: A new perspective for bypassing EDR solutions

Unsaflok: Hacking millions of hotel locks

Compromising an electronic logging device and creating a truck2truck worm

Secrets and shadows: Leveraging big data for vulnerability discovery at scale

Encrypted newspaper ads in the 19th century: The world's first worldwide secure communication system

Watchers being watched: Exploiting the surveillance system and its supply chain

DEF CON Academy: Cultivating m4d sk1llz in the DEF CON community

Breaking the beam: Exploiting VSAT satellite modems from the Earth's surface

Techniques for creating process injection attacks with advanced return-oriented programming

A treasure trove of failures: What history's greatest heist can teach us about defense in depth

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine

Nano-Enigma: Uncovering the secrets within eFuse memories

Sunday Talks

DONE Splitting the email atom: Exploiting parsers to bypass access controls

AWS CloudQuarry: Digging for secrets in public AMIs

Windows downdate: Downgrade attacks using Windows updates

Unlocking the gates: Hacking a secure industrial remote access solution

The not-so-silent type: Breaking network crypto in almost every popular Chinese keyboard app

Changing global threat landscape with Rob Joyce and Dark Tangent

DONE (|(MALDAPTIVE:¯\(LDAP)_/¯=OBFUSC8T10N) (DE-OBFUSCATION &:=DE*TE)(!C=TION))

The hack, the crash and two smoking barrels. (And all the times I (almost) killed an engineer.)

Dragon slaying guide: Bug hunting in VMware device virtualization

Main Tracks

Friday, August 09

Saturday, August 10

Sunday, August 11

Villages

DEF CON villages are dedicated spaces and communities focusing on specific security topics:

  • AI Village
  • Aerospace Village
  • Car Hacking Village
  • Crypto & Privacy Village
  • Ethics Village
  • IoT Village
  • Lockpicking Village
  • Packet Hacking Village
  • Recon Village
  • Social Engineering Village

Contests and Events

Code of Conduct

DEF CON is dedicated to providing a harassment-free conference experience for everyone, regardless of gender, sexual orientation, disability, physical appearance, body size, race, or religion.

Registration Information

Utilities

Logo

# Function: defcon_download_and_resize_logo
# Input: None (uses global variables)
# Output: Downloads DEFCON logo, resizes it to various dimensions, and generates a manifest
defcon_download_and_resize_logo()

Program

# Function: defcon_download_and_extract_program
# Input: None (uses global variables)
# Output: Downloads DEFCON program, extracts relevant information, and generates a manifest
defcon_download_and_extract_program()

Media Server Mirror

# Function: defcon_mirror_media_server
# Input: None (uses global variables)
# Output: Downloads and processes PDF files, storing them in OUTPUT_DIR
#         Generates a manifest file with source URL, output dir, and filter rules
defcon_mirror_media_server()

Summary Environment

# Dockerfile for DEF CON 32 Summary Environment
#
# Purpose: Set up a containerized environment for processing and analyzing DEF CON 32 data
#
# Key components:
# - Base image: Ubuntu 20.04 (or appropriate alternative)
# - User: Non-root user 'defcon_user' for improved security
# - Installed tools: curl, wget, imagemagick, jq (add others as needed)
# - Scripts: Custom scripts for data processing and analysis
# - Services: Web server (e.g., Nginx) for serving content (if needed)
# - Ports: 80 exposed for web service (modify as needed)
# - Volumes: /home/defcon_user/data for persistent storage
# - Entrypoint: Default to bash, with option for custom script
#
# Build with: docker build -t defcon32-summary .
# Run with: docker run -it -p 8080:80 -v /path/to/data:/home/defcon_user/data defcon32-summary

Summarized Talks

def defcon_read_template(file_path: str) -> str:
    """
    Read the content of a template file.

    Args:
        file_path (str): Path to the template file.

    Returns:
        str: Content of the template file.
    """

def defcon_read_pdf(file_path: str) -> TalkContent:
    """
    Extract text content from a PDF file with error handling.

    Args:
        file_path (str): Path to the PDF file.

    Returns:
        TalkContent: Extracted text content and metadata from the PDF.
    """

def defcon_get_ollama_summary(content: TalkContent, prompt_template: str) -> Summary:
    """
    Generate a summary using the Ollama API with type validation.

    Args:
        content (TalkContent): The content to summarize.
        prompt_template (str): The template for the summarization prompt.

    Returns:
        Summary: A validated summary of the content.
    """

def defcon_process_talk_pdfs(pdf_dir: str, output_dir: str, prompt_template: str) -> None:
    """
    Process all PDF files in a directory, generate summaries, and save them.

    Args:
        pdf_dir (str): Directory containing the PDF files to process.
        output_dir (str): Directory to save the generated summaries.
        prompt_template (str): Template for the summarization prompt.
    """

def main(pdf_dir: str, template_path: str, output_dir: str):
    """
    Main function to process DEF CON 32 talk PDFs and generate summaries.

    Args:
        pdf_dir (str): Directory containing mirrored DEF CON 32 talk PDFs.
        template_path (str): Path to the prompt template file.
        output_dir (str): Directory to save the summaries (defaults to a temporary directory).
    """

def defcon_process_summaries(pdf_dir: str, output_dir: str, template_path: str):
    """
    Process summaries for DEF CON 32 talks.

    Args:
        pdf_dir (str): Directory containing the PDF files to process.
        output_dir (str): Directory to save the generated summaries.
        template_path (str): Path to the prompt template file.
    """

defcon_process_summaries.png

Input

  python defcon_process_summaries.py example.pdf

Output

{
  "title": "Exploiting Lorem Ipsum: New Vulnerabilities in Placeholder Text Generation",
  "speakers": ["Dr. Jane Doe", "John Smith"],
  "main_points": [
    "Discovered critical vulnerabilities in popular lorem ipsum generators",
    "Developed a new tool, 'IpsumBreaker', to exploit these vulnerabilities",
    "Demonstrated potential for data exfiltration through manipulated placeholder text",
    "Proposed new security standards for text generation algorithms"
  ],
  "technical_details": [
    "Identified three main vulnerability types: buffer overflow, injection attacks, and algorithmic biases",
    "IpsumBreaker tool uses machine learning to predict and manipulate text generation patterns",
    "Successful exfiltration of sensitive data achieved in 87% of tested scenarios",
    "Proposed 'Secure Lorem' standard includes input sanitization and entropy-based randomness"
  ],
  "implications": [
    "Widespread use of vulnerable lorem ipsum generators poses significant security risks",
    "Need for immediate patching and updating of text generation tools across industries",
    "Potential for new attack vectors in web development and publishing workflows",
    "Highlights the importance of security considerations in seemingly benign tools"
  ],
  "summary": "In their groundbreaking talk 'Exploiting Lorem Ipsum: New Vulnerabilities in Placeholder Text Generation', Dr. Jane Doe and John Smith unveiled critical security flaws in widely-used lorem ipsum generators. The researchers developed 'IpsumBreaker', an advanced tool leveraging machine learning to exploit these vulnerabilities, demonstrating the potential for data exfiltration through manipulated placeholder text. Their methodology involved comprehensive analysis of popular generators, identifying three primary vulnerability types: buffer overflow, injection attacks, and algorithmic biases. The team achieved a staggering 87% success rate in exfiltrating sensitive data across various test scenarios. To address these issues, they proposed the 'Secure Lorem' standard, emphasizing input sanitization and entropy-based randomness in text generation. This research has far-reaching implications for web development and publishing industries, highlighting the need for immediate security updates and a reevaluation of text generation tool usage in professional workflows. The presentation underscores the critical importance of considering security even in seemingly innocuous tools and processes."
}

Talk Entry

  *** Taming the beast: Inside the LLAMA 3 red team process
  :PROPERTIES:
  :ID: taming-llama3-red-team
  :SPEAKERS: Aaron Grattafiori, Ivan Evtimov, Joanna Bitton, Maya Pavlova
  :TRACK: Track 3 (Hall 1 - Aisle 11-03)
  :TIME: 15:30
  :DURATION: 45 minutes
  :END:

Extracted Schedule

(defun defcon/extract-schedule-to-json (&optional max-talks-per-day)
  "Extract schedule from the current Org file and save it as JSON.
Optionally limit the number of talks per day to MAX-TALKS-PER-DAY.
If MAX-TALKS-PER-DAY is provided and greater than 0, the function will
limit the number of talks extracted for each day to this value.
The extracted schedule is saved to a JSON file with a name based on
the current buffer's filename. If MAX-TALKS-PER-DAY is used, it's
reflected in the output filename.
Returns nil and displays a message if no schedule is found in the
current file.")

(defun defcon/extract-schedule (max-talks-per-day)
  "Extract the schedule from the current Org buffer.
MAX-TALKS-PER-DAY is an optional limit on the number of talks
extracted per day. If nil or 0, all talks are extracted.
Returns a list of cons cells, where each cell contains a day
and its associated talks. The list is sorted chronologically by day.
Each talk is represented as a property list containing information
such as title, ID, speakers, track, time, and duration.
This function is typically called by `defcon/extract-schedule-to-json'
to process the Org buffer contents.")

(defun defcon/extract-talks-for-day (max-talks)
  "Extract talks for the current day, optionally limiting to MAX-TALKS.
MAX-TALKS is an optional limit on the number of talks to extract.
If nil or 0, all talks for the day are extracted.
Returns a list of property lists, each representing a talk with
properties such as title, ID, speakers, track, time, and duration.
This function is called by `defcon/extract-schedule' for each day
in the schedule. It processes talk entries under the current day's
heading in the Org file.")

defcon-32-schedule-extractor.png

Output

{
  "Friday Talks": [
    {
      "title": "DONE Welcome to DEF CON",
      "id": "welcome-to-defcon",
      "speakers": "Jeff \"The Dark Tangent\" Moss",
      "track": "Track 1 (Hall 1 - Aisle 11-01)",
      "time": "10:00",
      "duration": "20 minutes"
    }
  ]
}

Child Schedules

(defun defcon/set-scheduled-and-update-children ()
  "Set SCHEDULED property for current heading and update child schedules.
Interactively prompts for a new date, sets the SCHEDULED property
for the current heading, and then updates all child schedules to
match the new date while preserving their individual times.")

(defun defcon/update-child-schedules ()
  "Update SCHEDULED timestamps of child nodes based on the parent's SCHEDULED date.
Traverses all child nodes of the current heading, updating their
SCHEDULED timestamps to match the parent's date while preserving
their individual times. Requires TIME and DURATION properties on child nodes.")

defcon-32-schedule-update-flow.png

Output

  ** Friday Talks
  SCHEDULED: <2024-08-09 Fri>
  :PROPERTIES:
  :DATE:     2024-08-09
  :END:
  *** DONE Welcome to DEF CON
  SCHEDULED: <2024-08-09 Fri 10:00-10:20>
  :PROPERTIES:
  :ID: welcome-to-defcon
  :SPEAKERS: Jeff "The Dark Tangent" Moss
  :TRACK: Track 1 (Hall 1 - Aisle 11-01)
  :TIME: 10:00
  :DURATION: 20 minutes
  :END:

Schedule by Track

Structure

(defconst defcon/schedule-title " + 📅"
  "Constant string used as a title prefix for the generated schedule.")

(defun defcon/org-parse-talks ()
  "Parse DEF CON talks from the current Org buffer.
Returns a list of property lists, each representing a talk with
properties such as :title, :time, :track, and :id.
Only considers headings with SCHEDULED, TRACK, and ID properties.")

(defun defcon/org-clean-title (title)
  "Clean the talk TITLE by removing TODO keywords and truncating if necessary.
Removes 'TODO' or 'DONE' prefixes and truncates titles longer than 50 characters,
appending '...' to truncated titles.")

(defun defcon/sanitize-title (title)
  "Aggressively sanitize TITLE for use in Org mode table cells and links, allowing colons.
Removes special characters, square brackets, and excess whitespace.
Truncates titles longer than 50 characters, appending '...' to truncated titles.")

(defun defcon/clean-track (track)
  "Remove room information from TRACK.
Strips any text within parentheses at the end of the track name.")

(defun defcon/parse-scheduled (scheduled)
  "Parse SCHEDULED timestamp and return a time string.
Converts the Org timestamp to a formatted string 'YYYY-MM-DD HH:MM'.")

(defun defcon/get-ordered-days (talks)
  "Get the days from TALKS in chronological order.
Returns a list of unique date strings extracted from talk timestamps,
sorted chronologically.")

(defun defcon/get-schedule-filename ()
  "Generate schedule filename based on current buffer.
Returns a filename for the schedule output, based on the current buffer's
filename with '-schedule.org' appended. Throws an error if not visiting a file.")

(defun defcon/org-generate-table ()
  "Generate schedule tables from the current buffer and write them to a file.
Parses talks, organizes them by day and track, formats tables, and writes
the result to a file. Displays a message with the output filename.")

(defun defcon/format-table (talks tracks day)
  "Format the schedule table for TALKS on DAY across TRACKS.
Returns a string containing an Org mode table with talks organized by
time slots and tracks. Includes links to talks using their IDs.")

(defun defcon/human-readable-date (date-string)
  "Convert DATE-STRING to a human-readable format (e.g., 'Friday, August 11').
Takes a date string in 'YYYY-MM-DD' format and returns a string with
the day of the week and month name.")

(defun defcon/write-tables-to-file (tables output-file)
  "Write TABLES to OUTPUT-FILE.
Writes the given tables (a list of strings) to the specified output file,
adding a title with the defcon/schedule-title constant.")

(defun defcon/get-track-color (track)
  "Get the color associated with TRACK.
Returns a string representing the color for the given track.")

(defun defcon/generate-ical (talks)
  "Generate an iCal file from TALKS.
Creates an iCal file containing the schedule information from the given talks.")

(defun defcon/org-generate-table-and-ical ()
  "Generate schedule tables and an iCal file from the current buffer.
Parses talks, generates schedule tables, and writes them to a file.
Also generates an iCal file containing the schedule information.
Displays messages with the output filenames.")

Control Flow

org-generate-table-and-ical.png

Example Outputs

Org-mode Table Output
  * Schedule for Friday, August 09
  
  | Time | Warstories Track | Track 4 | Track 1 | Track 2 | Track 3 |
  |-------------------------------------------------------------------|
  | 10:00 | Behind enemy lines: Going undercover to breach     | Securing CCTV cameras against blind spots | [Welcome to DEF CON | Mobile mesh RF network exploitation: Getting th   ]] | [[id:defeating-atm-disk-encryption][Where s the money: Defeating ATM disk encryption |
iCalendar Output
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//hacksw/handcal//NONSGML v1.0//EN
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
BEGIN:DAYLIGHT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
TZNAME:PDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
TZNAME:PST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
UID:welcome-to-defcon@defcon.org
DTSTAMP:20240811T085500Z
DTSTART;TZID=America/Los_Angeles:20240809T100000
DTEND;TZID=America/Los_Angeles:20240809T102000
SUMMARY:Welcome to DEF CON
DESCRIPTION:Track: Track 1
CATEGORIES:Track 1
COLOR:#ffcccb
END:VEVENT
END:VCALENDAR

Schedule Management Workflow

defcon-32-schedule-workflow.png

Author: Jason Walsh Jason Walsh

j@wal.sh

Last Updated: 2024-10-02 08:00:06