UP | HOME

DEF CON 32 + 📅 + ⚙️

Table of Contents

defcon-32-logo.png

Event Overview

EVENT_DATES: August 8-11, 2024 LOCATION: Las Vegas Convention Center, Las Vegas, NV DATE: 2024-08-09

DEF CON 32 is the latest iteration of one of the world’s largest and most notable hacking conferences. Founded in 1993, DEF CON brings together computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in computer security.

Schedule

Friday Talks

DATE: 2024-08-09

DONE Welcome to DEF CON

ID: welcome-to-defcon SPEAKERS: Jeff "The Dark Tangent" Moss TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 10:00 DURATION: 20 minutes

Spies and bytes: Victory in the digital age

ID: spies-and-bytes SPEAKERS: General Paul M. Nakasone TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 10:30 DURATION: 45 minutes PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20General%20Paul%20M%20Nakasone%20-%20Spies%20and%20Bytes%20Victory%20in%20the%20Digital%20Age.pdf

spies-and-bytes-victory-digital-age-01.png

Mobile mesh RF network exploitation: Getting the tea from GoTenna

ID: mobile-mesh-rf-exploitation SPEAKERS: Erwin Karincic, Woody TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 10:00 DURATION: 45 minutes TYPE: Tool, Demo, Exploit PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Erwin%20Karincic%20Woody%20-%20Mobile%20Mesh%20RF%20Network%20Exploitation%20-%20Getting%20the%20Tea%20from%20goTenna.pdf

Where’s the money: Defeating ATM disk encryption

ID: defeating-atm-disk-encryption SPEAKERS: Matt Burch TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 10:00 DURATION: 45 minutes TYPE: Exploit PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where's%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption.pdf

Securing CCTV cameras against blind spots

ID: securing-cctv-cameras SPEAKERS: Jacob Shams TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 10:00 DURATION: 20 minutes PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Jacob%20Shams%20-%20Securing%20CCTV%20Cameras%20Against%20Blind%20Spots.pdf

securing-cctv-cameras-against-blind-spots-01.png

Behind enemy lines: Going undercover to breach the LockBit ransomware operation

ID: breaching-lockbit-ransomware SPEAKERS: Jon DiMaggio TRACK: Warstories Track (W322-W327) TIME: 10:00 DURATION: 45 minutes PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Jon%20DiMaggio%20-%20Behind%20Enemy%20Lines%20-%20Going%20undercover%20to%20breach%20the%20LockBit%20Ransomware%20Operation.pdf

Open sesame - or how vulnerable is your stuff in electronic lockers

ID: electronic-lockers-vulnerability SPEAKERS: Dennis Giese, Braelynn TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 11:00 DURATION: 45 minutes TYPE: Demo, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Dennis%20Giese%20Braelynn%20-%20Open%20sesame%20-%20or%20how%20vulnerable%20is%20your%20stuff%20in%20electronic%20lockers.pdf

No symbols when reversing? No problem: Bring your own

ID: reversing-without-symbols SPEAKERS: Max 'Libra' Kersten TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 11:00 DURATION: 20 minutes TYPE: Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Max%20Libra%20Kersten%20-%20No%20Symbols%20When%20Reversing%20No%20Problem%20Bring%20Your%20Own.pdf

The XZ backdoor story: The undercover operation that set the internet on fire

ID: xz-backdoor-story SPEAKERS: Thomas Roccia TRACK: Warstories Track (W322-W327) TIME: 11:00 DURATION: 45 minutes TYPE: Demo PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Thomas%20Roccia%20-%20The%20XZ%20Backdoor%20Story%20The%20Undercover%20Operation%20That%20Set%20the%20Internet%20on%20Fire.pdf

xz-backdoor-story-undercover-operation-01.png

Atomic honeypot: A MySQL honeypot that drops shells

ID: mysql-honeypot SPEAKERS: Alexander Rubin, Martin Rakhmanov TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 11:30 DURATION: 30 minutes TYPE: Demo, Exploit, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Alexander%20Rubin%20Martin%20Rakhmanov%20-%20Atomic%20Honeypot%20A%20MySQL%20Honeypot%20That%20Drops%20Shells.pdf

Listen to the whispers: Web timing attacks that actually work

ID: web-timing-attacks SPEAKERS: James Kettle TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 11:30 DURATION: 45 minutes TYPE: Tool, Demo, Exploit

High intensity deconstruction: Chronicles of a cryptographic heist

ID: cryptographic-heist SPEAKERS: Babak Javadi, Aaron Levy, Nick Draffen TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 11:30 DURATION: 75 minutes TYPE: Demo, Exploit PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Babak%20Javadi%20Aaron%20Levy%20Nick%20Draffen%20-%20High%20Intensity%20Deconstruction%20Chronicles%20of%20a%20Cryptographic%20Heist.pdf

Fireside chat with DNSA Anne Neuberger

ID: fireside-chat-anne-neuberger SPEAKERS: Anne Neuberger TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 12:00 DURATION: 45 minutes

DONE On your Ocean’s 11 team, I’m the AI guy (technically girl)

ID: ai-in-oceans-11 SPEAKERS: Harriet Farlow TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 12:00 DURATION: 45 minutes TYPE: Demo PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Harriet%20Farlow%20-%20On%20Your%20Oceans%2011%20Team%20Im%20the%20AI%20Guy%20(technically%20Girl).pdf

Veilid dev and community meetup

ID: veilid-meetup SPEAKERS: The_Gibson TRACK: Warstories Track (W322-W327) TIME: 12:00 DURATION: 75 minutes

DONE Kicking in the door to the cloud: Exploiting cloud provider vulnerabilities for initial access

ID: cloud-provider-vulnerabilities SPEAKERS: Nick Frichette TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 12:30 DURATION: 45 minutes PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Nick%20Frichette%20-%20Kicking%20in%20the%20Door%20to%20the%20Cloud%20-%20Exploiting%20Cloud%20Provider%20Vulnerabilities%20for%20Initial%20Access.pdf

If existing cyber vulnerabilities magically disappeared overnight, what would be next?

ID: future-of-cyber-vulnerabilities SPEAKERS: Dr. Stefanie Tompkins, Dr. Renee Wegrzyn, Peiter "Mudge" Zatko TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 13:00 DURATION: 45 minutes

DONE Sshamble: Unexpected exposures in the secure shell

ID: ssh-exposures SPEAKERS: HD Moore, Rob King TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 13:00 DURATION: 45 minutes TYPE: Demo, Exploit, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20HD%20Moore%20Rob%20King%20-%20Sshamble%20Unexpected%20Exposures%20in%20the%20Secure%20Shell.pdf

Defeating EDR evading malware with memory forensics

ID: defeating-edr-evading-malware SPEAKERS: Andrew Case, Austin Sellers, Golden Richard, David McDonald, Gustavo Moreira TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 13:00 DURATION: 45 minutes TYPE: Demo, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Andrew%20Case%20Austin%20Sellers%20Golden%20Richard%20David%20McDonald%20Gustavo%20Moreira%20-%20Defeating%20EDR%20Evading%20Malware%20with%20Memory%20Forensics.pdf

defeating-edr-evading-malware-memory-forensics-01.png

Digital emblems: When markings are required under international law, but you don’t have a rattle-can handy

ID: digital-emblems SPEAKERS: Bill Woodcock TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 13:30 DURATION: 45 minutes

Xiaomi the money - Our Toronto Pwn2Own exploit and behind the scenes story

ID: xiaomi-pwn2own-exploit SPEAKERS: Ken Gannon, Ilyes Beghdadi TRACK: Warstories Track (W322-W327) TIME: 13:30 DURATION: 45 minutes TYPE: Exploit PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Ken%20Gannon%20Ilyes%20Beghdadi%20-%20Xiaomi%20The%20Money%20Our%20Toronto%20Pwn2Own%20Exploit%20and%20Behind%20The%20Scenes%20Story.pdf

Fireside chat and AMA with the Dark Tangent and Jen Easterly

ID: fireside-chat-dark-tangent-jen-easterly SPEAKERS: Jen Easterly TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 14:00 DURATION: 45 minutes

DONE Optical espionage: Using lasers to hear keystrokes through glass windows

ID: optical-espionage-keystrokes SPEAKERS: samy kamkar TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 14:00 DURATION: 45 minutes TYPE: Demo, Exploit, Tool PDF: [[https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Samy%20Kamkar%20-Optical%20Espionage%20Using%20Lasers%20to%20Hear%20Keystrokes%20Through%20Glass%20Windows.pdf

The way to Android root: Exploiting your GPU on smartphone

ID: android-root-gpu-exploit SPEAKERS: Xiling Gong, Jon Bottarini, Eugene Rodionov, Xuan Xing TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 14:00 DURATION: 45 minutes TYPE: Demo, Exploit

DONE Breaching AWS accounts through shadow resources

ID: aws-shadow-resources-breach SPEAKERS: Yakir Kadkoda, Michael Katchinskiy, Ofek Itach TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 14:30 DURATION: 45 minutes TYPE: Demo, Exploit, Tool

DC101 PANEL

ID: dc101-panel TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 15:00 DURATION: 60 minutes

Abusing Windows Hello without a severed hand

ID: abusing-windows-hello SPEAKERS: Ceri Coburn, Dirk-jan Mollema TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 15:00 DURATION: 45 minutes TYPE: Demo, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Ceri%20Coburn%20Dirk-jan%20Mollema%20-%20Abusing%20Windows%20Hello%20Without%20a%20Severed%20Hand.pdf

abusing-windows-hello-without-severed-hand-01.png

DONE Taming the beast: Inside the LLAMA 3 red team process

ID: taming-llama3-red-team SPEAKERS: Aaron Grattafiori, Ivan Evtimov, Joanna Bitton, Maya Pavlova TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 15:30 DURATION: 45 minutes

Android app usage and cell tower location: Private. Sensitive. Available to anyone?

ID: android-app-cell-tower-privacy SPEAKERS: Ryan Johnson TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 15:00 DURATION: 45 minutes TYPE: Demo, Exploit

Social engineering like you’re Picard

ID: social-engineering-picard SPEAKERS: Jayson E. Street TRACK: Warstories Track (W322-W327) TIME: 15:30 DURATION: 45 minutes TYPE: Demo

Making the DEF CON 32 badge

ID: making-defcon32-badge SPEAKERS: Mar Williams TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 16:00 DURATION: 60 minutes

SQL injection isn’t dead: Smuggling queries at the protocol level

ID: sql-injection-protocol-level SPEAKERS: Paul Gerste TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 16:00 DURATION: 45 minutes TYPE: Demo, Exploit

Outlook unleashing RCE chaos: CVE-2024-30103 & CVE-2024-38021

ID: outlook-rce-chaos SPEAKERS: Michael Gorelik, Arnold Osipov TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 16:00 DURATION: 45 minutes TYPE: Demo, Exploit, Tool

Leveraging private APNS for mobile network traffic analysis

ID: leveraging-private-apns SPEAKERS: Aapo Oksman TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 16:30 DURATION: 45 minutes TYPE: Demo

leveraging-private-apns-mobile-network-traffic-analysis-01.png

Why are you still using my server for your internet access

ID: why-using-my-server SPEAKERS: Thomas Boejstrup Johansen TRACK: Warstories Track (W322-W327) TIME: 16:30 DURATION: 45 minutes

why-using-my-server-for-internet-access-01.png

DONE Bricked & abandoned: How to keep the IoT from becoming an internet of trash

ID: iot-internet-of-trash SPEAKERS: Paul Roberts, Chris Wysopal, Cory Doctorow, Tarah Wheeler, Dennis Giese TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 17:00 DURATION: 45 minutes

One for all and all for WHAD: Wireless shenanigans made easy!

ID: wireless-shenanigans-whad SPEAKERS: Damien Cauquil, Romain Cayre TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 17:00 DURATION: 45 minutes TYPE: Demo, Tool

DONE Breaking secure web gateways (SWG) for fun and profit

ID: breaking-secure-web-gateways SPEAKERS: Vivek Ramachandran, Jeswin Mathai TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 17:00 DURATION: 45 minutes TYPE: Demo, Exploit, Tool

Exploiting Bluetooth - from your car to the bank account$$

ID: exploiting-bluetooth-car-bank SPEAKERS: Vladyslav Zubkov TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 17:30 DURATION: 45 minutes TYPE: Exploit, Tool

Stranger in a changed land

ID: stranger-changed-land SPEAKERS: Tony Sager TRACK: Warstories Track (W322-W327) TIME: 17:30 DURATION: 20 minutes

Saturday Talks

DATE: 2024-08-10

The Pwnie Awards

ID: pwnie-awards TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 10:00 DURATION: 45 minutes

Laundering money

ID: laundering-money SPEAKERS: Michael Orlitzky TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 10:00 DURATION: 20 minutes PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Michael%20Orlitzky%20-%20Laundering%20Money.pdf

laundering-money-01.png

Mutual authentication is optional

ID: mutual-authentication-optional SPEAKERS: Xavier Zhang TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 10:00 DURATION: 20 minutes TYPE: Demo PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Xavier%20Zhang%20-%20Mutual%20authentication%20is%20optional.pdf

DONE Reverse engineering MicroPython frozen modules: Data structures, reconstruction, and reading bytecode

ID: reverse-engineering-micropython SPEAKERS: Wesley McGrew TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 10:00 DURATION: 45 minutes TYPE: Demo, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Wesley%20McGrew%20-%20Reverse%20Engineering%20MicroPython%20Frozen%20Modules%20Data%20Structures%20Reconstruction%20and%20Reading%20Bytecode.pdf

reverse-engineering-micropython-frozen-modules-01.png

Cult of the Dead Cow & friends present: Prime cuts from hacker history - 40 years of 31337

ID: cult-of-dead-cow-history SPEAKERS: Deth Veggie, Walter J. Scheirer, Patrick "Lord Digital" Kroupa, John Threat, Emmanuel Goldstein, X, TommydCat TRACK: Warstories Track (W322-W327) TIME: 10:00 DURATION: 105 minutes

Gotta cache ’em all: Bending the rules of web cache exploitation

ID: web-cache-exploitation SPEAKERS: Martin Doyhenard TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 10:30 DURATION: 45 minutes TYPE: Demo, Exploit, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Martin%20Doyhenard%20-%20Gotta%20Cache%20em%20all%20bending%20the%20rules%20of%20web%20cache%20exploitation.pdf

Smishing smackdown: Unraveling the threads of USPS smishing and fighting back

ID: usps-smishing SPEAKERS: S1nn3r TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 10:30 DURATION: 45 minutes PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20S1nn3r%20-%20Smishing%20Smackdown%20Unraveling%20the%20Threads%20of%20USPS%20Smishing%20and%20Fighting%20Back.pdf

The rise and fall of binary exploitation

ID: binary-exploitation-history SPEAKERS: Stephen Sims TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 11:00 DURATION: 45 minutes PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Stephen%20Sims%20-%20The%20Rise%20and%20Fall%20of%20Binary%20Exploitation.pdf

Shim me what you got - Manipulating shim and office for code injection

ID: shim-code-injection SPEAKERS: Ron Ben-Yizhak, David Shandalov TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 11:00 DURATION: 45 minutes TYPE: Demo, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Ron%20Ben-Yizhak%20David%20Shandalov%20-%20SHIM%20me%20what%20you%20got%20-%20Manipulating%20Shim%20and%20Office%20for%20Code%20Injection.pdf

Quickshell: Sharing is caring about an RCE attack chain on Quick Share

ID: quickshell-rce-attack SPEAKERS: Or Yair, Shmuel Cohen TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 11:30 DURATION: 45 minutes TYPE: Demo, Exploit, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Or%20Yair%20Shmuel%20Cohen%20-%20QuickShell%20Sharing%20is%20caring%20about%20an%20RCE%20attack%20chain%20on%20Quick%20Share.pdf

quickshell-rce-attack-chain-quick-share-001.png

Sudos and sudon’ts - Peering inside sudo for Windows

ID: sudo-for-windows SPEAKERS: Michael Torres TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 11:30 DURATION: 45 minutes TYPE: Exploit PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Michael%20Torres%20-%20Sudos%20and%20Sudon'ts%20-%20Peering%20inside%20Sudo%20for%20Windows.pdf

DONE Disenshittify or die! How hackers can seize the means of computation and build a new, good internet that is hardened against our asshole bosses’ insatiable horniness for enshittification.

ID: disenshittify-internet SPEAKERS: Cory Doctorow TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 12:00 DURATION: 45 minutes

Grand theft actions: Abusing self-hosted GitHub runners at scale

ID: abusing-github-runners SPEAKERS: Adnan Khan, John Stawinski TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 12:00 DURATION: 45 minutes TYPE: Demo, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Adnan%20Khan%20John%20Stawinski%20-%20Grand%20Theft%20Actions%20Abusing%20Self-Hosted%20GitHub%20Runners%20at%20Scale.pdf

Deception & counter deception – Defending yourself in a world full of lies

ID: deception-counter-deception SPEAKERS: Tom Cross, Greg Conti TRACK: Warstories Track (W322-W327) TIME: 12:00 DURATION: 45 minutes PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Tom%20Cross%20Greg%20Conti%20-%20Deception%20&%20Counter%20Deception%20-%20Defending%20Yourself%20in%20a%20World%20Full%20of%20Lies.pdf

deception-counter-deception-defending-yourself-01.png

AMD SinkClose: Universal ring -2 privilege escalation

ID: amd-sinkclose SPEAKERS: Enrique Nissim, Krzysztof Okupski TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 12:30 DURATION: 45 minutes TYPE: Demo, Exploit, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation%20Redacted.pdf

The secret life of a rogue device - Lost IT assets on the public marketplace

ID: rogue-device-marketplace SPEAKERS: Matthew Bryant TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 12:30 DURATION: 45 minutes PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matthew%20Bryant%20-%20The%20Secret%20Life%20of%20a%20Rogue%20Device%20-%20Lost%20IT%20Assets%20on%20the%20Public%20Marketplace.pdf

Fireside chat with National Cyber Director Harry Coker, Jr.

ID: fireside-chat-harry-coker SPEAKERS: Harry Coker, Jr. TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 13:00 DURATION: 45 minutes

Oh-my-DC: Abusing OIDC all the way to your cloud

ID: abusing-oidc-cloud SPEAKERS: Aviad Hahami TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 13:00 DURATION: 45 minutes TYPE: Demo, Tool

Inside the FBI’s secret encrypted phone company ’ANOM’

ID: fbi-anom-phone-company SPEAKERS: Joseph Cox TRACK: Warstories Track (W322-W327) TIME: 13:00 DURATION: 45 minutes PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Joseph%20Cox%20-%20Inside%20the%20FBIs%20Secret%20Encrypted%20Phone%20Company%20Anom.pdf

NTLM - The last ride

ID: ntlm-last-ride SPEAKERS: Jim Rush, Tomais Williamson TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 13:30 DURATION: 45 minutes TYPE: Exploit PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Jim%20Rush%20Tomais%20Williamson%20-%20NTLM%20-%20The%20Last%20Ride.pdf

Behind enemy lines: Engaging and disrupting ransomware web panels

ID: disrupting-ransomware-panels SPEAKERS: Vangelis Stykas TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 13:30 DURATION: 45 minutes TYPE: Exploit PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Vangelis%20Stykas%20-%20Behind%20Enemy%20Lines%20Engaging%20and%20disrupting%20Ransomware%20Web%20Panels.pdf

Eradicating Hepatitis C with bioterrorism

ID: eradicating-hepatitis-c SPEAKERS: Mixæl Swan Laufer TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 14:00 DURATION: 45 minutes TYPE: Demo, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Mixæl%20Swan%20Laufer%20-%20Eradicating%20Hepatitis%20C%20With%20BioTerrorism.pdf

eradicating-hepatitis-c-with-bioterrorism-01.png

Figure 1: Discovering and exploiting local attacks against the 1Password macOS desktop application

Discovering and exploiting local attacks against the 1Password macOS desktop application

ID: 1password-macos-exploits SPEAKERS: Jeffrey Hofmann, Colby Morgan TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 14:00 DURATION: 45 minutes TYPE: Demo, Exploit, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Jeffrey%20Hofmann%20Colby%20Morgan%20-%20Discovering%20and%20exploiting%20local%20attacks%20against%20the%201Password%20MacOS%20desktop%20application.pdf

Hacking millions of modems (and investigating who hacked my modem)

ID: hacking-millions-of-modems SPEAKERS: Sam Curry TRACK: Warstories Track (W322-W327) TIME: 14:00 DURATION: 45 minutes TYPE: Demo PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Sam%20Curry%20-%20Hacking%20Millions%20of%20Modems%20(and%20Investigating%20Who%20Hacked%20My%20Modem).pdf

hacking-millions-of-modems-01.png

Figure 2: Troll trapping through TAS tools: Exposing speedrunning cheaters

Troll trapping through TAS tools: Exposing speedrunning cheaters

ID: troll-trapping-speedrunners SPEAKERS: Allan Cecil TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 14:30 DURATION: 45 minutes TYPE: Demo, Tool

Ace up the sleeve: From getting JTAG on the iPhone 15 to hacking into Apple’s new USB-C controller

ID: iphone15-jtag-usbc-hacking SPEAKERS: stacksmashing TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 14:30 DURATION: 45 minutes TYPE: Demo, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20stacksmashing%20-%20ACE%20up%20the%20Sleeve%20From%20getting%20JTAG%20on%20the%20iPhone%2015%20to%20hacking%20into%20Apples%20new%20USB-C%20Controller.pdf

Exploiting the unexploitable: Insights from the Kibana bug bounty

ID: kibana-bug-bounty-insights SPEAKERS: Mikhail Shcherbakov TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 15:00 DURATION: 45 minutes TYPE: Demo, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Mikhail%20Shcherbakov%20-%20Exploiting%20the%20Unexploitable%20Insights%20from%20the%20Kibana%20Bug%20Bounty.pdf

Measuring the Tor network

ID: measuring-tor-network SPEAKERS: Silvia Puglisi, Roger Dingledine TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 15:00 DURATION: 45 minutes TYPE: Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Silvia%20Puglisi%20Roger%20Dingledine%20-%20Measuring%20the%20Tor%20Network.pdf

measuring-the-tor-network-01.png

A shadow librarian in broad daylight: Fighting back against ever encroaching capitalism

ID: shadow-librarian-capitalism SPEAKERS: Daniel Messer TRACK: Warstories Track (W322-W327) TIME: 15:00 DURATION: 45 minutes PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Daniel%20Messer%20-%20A%20Shadow%20Librarian%20in%20Broad%20Daylight%20Fighting%20back%20against%20ever%20encroaching%20capitalism.pdf

Hookchain: A new perspective for bypassing EDR solutions

ID: hookchain-edr-bypass SPEAKERS: Helvio Carvalho Junior TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 15:30 DURATION: 45 minutes TYPE: Demo, Exploit, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Helvio%20Carvalho%20Junior%20-%20HookChain%20A%20new%20perspective%20for%20Bypassing%20EDR%20Solutions.pdf

Unsaflok: Hacking millions of hotel locks

ID: hacking-hotel-locks SPEAKERS: Lennert Wouters, Ian Carroll TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 15:30 DURATION: 45 minutes TYPE: Demo, Exploit

Compromising an electronic logging device and creating a truck2truck worm

ID: truck2truck-worm SPEAKERS: Jake Jepson, Rik Chatterjee TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 16:00 DURATION: 20 minutes TYPE: Demo, Exploit PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Jake%20Jepson%20Rik%20Chatterjee%20-%20Compromising%20an%20Electronic%20Logging%20Device%20and%20Creating%20a%20Truck2Truck%20Worm.pdf

Secrets and shadows: Leveraging big data for vulnerability discovery at scale

ID: big-data-vulnerability-discovery SPEAKERS: Bill Demirkapi TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 16:00 DURATION: 45 minutes TYPE: Demo

Encrypted newspaper ads in the 19th century: The world’s first worldwide secure communication system

ID: encrypted-newspaper-ads SPEAKERS: Elonka Dunin, Klaus Schmeh TRACK: Warstories Track (W322-W327) TIME: 16:00 DURATION: 45 minutes

Watchers being watched: Exploiting the surveillance system and its supply chain

ID: exploiting-surveillance-systems SPEAKERS: Chanin Kim, Myounghun Pak TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 16:30 DURATION: 45 minutes TYPE: Demo, Exploit PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Chanin%20Kim%20Myeonghun%20Pak%20Myeongjin%20Shin%20-%20Watchers%20being%20watched%20Exploiting%20the%20Surveillance%20System%20and%20its%20supply%20chain.pdf

DEF CON Academy: Cultivating m4d sk1llz in the DEF CON community

ID: defcon-academy SPEAKERS: Yan Shoshitaishvili, Perri Adams TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 16:30 DURATION: 45 minutes TYPE: Demo

Breaking the beam: Exploiting VSAT satellite modems from the Earth’s surface

ID: exploiting-vsat-satellite-modems SPEAKERS: Vincent Lenders, Johannes Willbold, Robin Bisping TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 16:30 DURATION: 45 minutes TYPE: Demo, Exploit PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Vincent%20Lenders%20Johannes%20Willbold%20Robin%20Bisping%20-%20Breaking%20the%20Beam%20Exploiting%20VSAT%20Satellite%20Modems%20from%20the%20Earths%20Surface.pdf

Techniques for creating process injection attacks with advanced return-oriented programming

ID: advanced-rop-process-injection SPEAKERS: Bramwell Brizendine, Shiva Shashank Kusuma TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 17:00 DURATION: 20 minutes TYPE: Demo PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Bramwell%20Brizendine%20Shiva%20Shashank%20Kusuma%20-%20Techniques%20for%20Creating%20Process%20Injection%20Attacks%20with%20Advanced%20Return-Oriented%20Programming.pdf

A treasure trove of failures: What history’s greatest heist can teach us about defense in depth

ID: lessons-from-greatest-heist SPEAKERS: Pete Stegemeyer TRACK: Warstories Track (W322-W327) TIME: 17:00 DURATION: 45 minutes PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Pete%20Stegemeyer%20-%20A%20Treasure%20Trove%20of%20Failures%20What%20Historys%20Greatest%20Heist%20Can%20Teach%20Us%20About%20Defense%20In%20Depth.pdf

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine

ID: exploiting-glibc-php-engine SPEAKERS: Charles Fol TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 17:30 DURATION: 45 minutes TYPE: Demo, Exploit PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Charles%20Fol%20-%20Iconv%20set%20the%20charset%20to%20RCE%20exploiting%20the%20glibc%20to%20hack%20the%20PHP%20engine.pdf

Nano-Enigma: Uncovering the secrets within eFuse memories

ID: uncovering-efuse-memories SPEAKERS: Michal Grygarek, Martin Petran, Hayyan Ali TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 17:30 DURATION: 45 minutes TYPE: Demo PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Michal%20Grygarek%20Martin%20Petran%20Hayyan%20Ali%20-%20Nano-Enigma%20Uncovering%20the%20Secrets%20Within%20eFuse%20Memories.pdf

Sunday Talks

DATE: 2024-08-11

DONE Splitting the email atom: Exploiting parsers to bypass access controls

ID: exploiting-email-parsers SPEAKERS: Gareth Heyes TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 10:00 DURATION: 45 minutes TYPE: Demo, Exploit, Tool

AWS CloudQuarry: Digging for secrets in public AMIs

ID: aws-cloudquarry-ami-secrets SPEAKERS: Eduard Agavriloae, Matei Josephs TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 10:00 DURATION: 45 minutes TYPE: Demo, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Eduard%20Agavriloae%20Matei%20Josephs%20-%20AWS%20CloudQuarry%20-%20Digging%20for%20Secrets%20in%20Public%20AMIs.pdf

Windows downdate: Downgrade attacks using Windows updates

ID: windows-downgrade-attacks SPEAKERS: Alon Leviev TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 10:00 DURATION: 45 minutes TYPE: Demo, Exploit, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Alon%20Leviev%20-%20Windows%20Downdate%20Downgrade%20Attacks%20Using%20Windows%20Updates.pdf

Unlocking the gates: Hacking a secure industrial remote access solution

ID: hacking-industrial-remote-access SPEAKERS: Moritz Abrell TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 10:00 DURATION: 20 minutes TYPE: Demo, Exploit PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Moritz%20Abrell%20-%20Unlocking%20the%20Gates%20-%20Hacking%20a%20secure%20Industrial%20Remote%20Access%20Solution.pdf

The not-so-silent type: Breaking network crypto in almost every popular Chinese keyboard app

ID: breaking-chinese-keyboard-crypto SPEAKERS: Jeffrey Knockel, Mona Wang TRACK: Warstories Track (W322-W327) TIME: 10:00 DURATION: 45 minutes TYPE: Demo PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Jeffrey%20Knockel%20Mona%20Wang%20-%20The%20not-so-silent%20type%20Breaking%20network%20crypto%20in%20almost%20every%20popular%20Chinese%20keyboard%20app.pdf

Changing global threat landscape with Rob Joyce and Dark Tangent

ID: global-threat-landscape SPEAKERS: Rob Joyce TRACK: Track 4 (Hall 1 - Aisle 11-04) TIME: 10:30 DURATION: 45 minutes

DONE (|(MALDAPTIVE:¯\_(LDAP)_/¯=OBFUSC8T10N) (DE-OBFUSCATION &:=DE*TE)(!C=TION))

ID: ldap-obfuscation-deobfuscation SPEAKERS: Daniel Bohannon, Sabajete Elezaj TRACK: Track 1 (Hall 1 - Aisle 11-01) TIME: 11:00 DURATION: 45 minutes TYPE: Demo, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Daniel%20Bohannon%20Sabajete%20Elezaj%20-%20MaLDAPtive%20LDAP%20Obfuscation%20Deobfuscation%20and%20Detection.pdf

The hack, the crash and two smoking barrels. (And all the times I (almost) killed an engineer.)

ID: hack-crash-smoking-barrels SPEAKERS: Thomas Sermpinis TRACK: Track 2 (Hall 1 - Aisle 11-02) TIME: 11:00 DURATION: 45 minutes TYPE: Demo, Exploit, Tool PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Thomas%20Sermpinis%20-%20The%20hack%20the%20crash%20and%20two%20smoking%20barrels%20(And%20all%20the%20times%20I%20(almost)%20killed%20an%20engineer).pdf

Dragon slaying guide: Bug hunting in VMware device virtualization

ID: vmware-device-virtualization-bugs SPEAKERS: JiaQing Huang, Hao Zheng, Yue Liu TRACK: Track 3 (Hall 1 - Aisle 11-03) TIME: 11:00 DURATION: 45 minutes PDF: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20JiaQing%20Huang%20Hao%20Zheng%20Yue%20Liu%20-%20Dragon%20SlayingGuide%20Bug%20Hunting%20In%20VMware%20Device%20Virtualization.pdf

Main Tracks

Friday, August 09

Time Track 1 Track 2 Track 3 Track 4 Warstories Track
10:00 Welcome to DEF CON Mobile mesh RF network exploitation: Getting th Wheres the money: Defeating ATM disk encryption Securing CCTV cameras against blind spots Behind enemy lines: Going undercover to breach
10:30 Spies and bytes: Victory in the digital age        
11:00   Open sesame or how vulnerable is your stuff i No symbols when reversing No problem: Bring yo   The XZ backdoor story: The undercover operation
11:30 Atomic honeypot: A MySQL honeypot that drops sh   Listen to the whispers: Web timing attacks that High intensity deconstruction: Chronicles of a  
12:00 Fireside chat with DNSA Anne Neuberger On your Oceans 11 team Im the AI guy techni     Veilid dev and community meetup
12:30     Kicking in the door to the cloud: Exploiting cl    
13:00 If existing cyber vulnerabilities magically dis Sshamble: Unexpected exposures in the secure shell   Defeating EDR evading malware with memory foren  
13:30     Digital emblems: When markings are required und   Xiaomi the money Our Toronto Pwn2Own exploit
14:00 Fireside chat and AMA with the Dark Tangent and Optical espionage: Using lasers to hear keystro   The way to Android root: Exploiting your GPU on  
14:30     Breaching AWS accounts through shadow resources    
15:00 DC101 PANEL Abusing Windows Hello without a severed hand   Android app usage and cell tower location: Priv  
15:30     Taming the beast: Inside the LLAMA 3 red team p   Social engineering like youre Picard
16:00 Making the DEF CON 32 badge SQL injection isnt dead: Smuggling queries at   Outlook unleashing RCE chaos: CVE202430103  
16:30     Leveraging private APNS for mobile network traf   Why are you still using my server for your inte
17:00 Bricked abandoned: How to keep the IoT from b One for all and all for WHAD: Wireless shenanig   Breaking secure web gateways SWG for fun and  
17:30     Exploiting Bluetooth from your car to the ban   Stranger in a changed land

Saturday, August 10

Time Track 1 Track 2 Track 3 Track 4 Warstories Track
10:00 The Pwnie Awards Laundering money Mutual authentication is optional Reverse engineering MicroPython frozen modules: Cult of the Dead Cow friends present: Prime c
10:30   Gotta cache em all: Bending the rules of web c Smishing smackdown: Unraveling the threads of U    
11:00 The rise and fall of binary exploitation     Shim me what you got Manipulating shim and of  
11:30   Quickshell: Sharing is caring about an RCE atta Sudos and sudonts Peering inside sudo for Wi    
12:00 Disenshittify or die How hackers can seize the     Grand theft actions: Abusing selfhosted GitHub Deception counter deception Defending yours
12:30   The secret life of a rogue device Lost IT ass AMD SinkClose: Universal ring 2 privilege esca    
13:00 Fireside chat with National Cyber Director Harr     OhmyDC: Abusing OIDC all the way to your cloud Inside the FBIs secret encrypted phone company
13:30   NTLM The last ride Behind enemy lines: Engaging and disrupting ran    
14:00 Eradicating Hepatitis C with bioterrorism     Discovering and exploiting local attacks agains Hacking millions of modems and investigating w
14:30   Troll trapping through TAS tools: Exposing spee Ace up the sleeve: From getting JTAG on the iPh    
15:00 Exploiting the unexploitable: Insights from the     Measuring the Tor network A shadow librarian in broad daylight: Fighting
15:30   Hookchain: A new perspective for bypassing EDR Unsaflok: Hacking millions of hotel locks    
16:00 Compromising an electronic logging device and c     Secrets and shadows: Leveraging big data for vu Encrypted newspaper ads in the 19th century: Th
16:30 Watchers being watched: Exploiting the surveill DEF CON Academy: Cultivating m4d sk1llz in the Breaking the beam: Exploiting VSAT satellite mo    
17:00       Techniques for creating process injection attac A treasure trove of failures: What historys gr
17:30   Iconv set the charset to RCE: Exploiting the g   NanoEnigma: Uncovering the secrets within eFus  

Villages

DEF CON villages are dedicated spaces and communities focusing on specific security topics:

  • AI Village
  • Aerospace Village
  • Car Hacking Village
  • Crypto & Privacy Village
  • Ethics Village
  • IoT Village
  • Lockpicking Village
  • Packet Hacking Village
  • Recon Village
  • Social Engineering Village

Contests and Events

Code of Conduct

DEF CON is dedicated to providing a harassment-free conference experience for everyone, regardless of gender, sexual orientation, disability, physical appearance, body size, race, or religion.

Registration Information

REGISTRATION_TYPE: Cash only at the door PRICE: $300 USD (subject to change)

Utilities

Logo

# Function: defcon_download_and_resize_logo
# Input: None (uses global variables)
# Output: Downloads DEFCON logo, resizes it to various dimensions, and generates a manifest
defcon_download_and_resize_logo()

Program

# Function: defcon_download_and_extract_program
# Input: None (uses global variables)
# Output: Downloads DEFCON program, extracts relevant information, and generates a manifest
defcon_download_and_extract_program()

Media Server Mirror

# Function: defcon_mirror_media_server
# Input: None (uses global variables)
# Output: Downloads and processes PDF files, storing them in OUTPUT_DIR
#         Generates a manifest file with source URL, output dir, and filter rules
defcon_mirror_media_server()

Summary Environment

# Dockerfile for DEF CON 32 Summary Environment
#
# Purpose: Set up a containerized environment for processing and analyzing DEF CON 32 data
#
# Key components:
# - Base image: Ubuntu 20.04 (or appropriate alternative)
# - User: Non-root user 'defcon_user' for improved security
# - Installed tools: curl, wget, imagemagick, jq (add others as needed)
# - Scripts: Custom scripts for data processing and analysis
# - Services: Web server (e.g., Nginx) for serving content (if needed)
# - Ports: 80 exposed for web service (modify as needed)
# - Volumes: /home/defcon_user/data for persistent storage
# - Entrypoint: Default to bash, with option for custom script
#
# Build with: docker build -t defcon32-summary .
# Run with: docker run -it -p 8080:80 -v /path/to/data:/home/defcon_user/data defcon32-summary

Summarized Talks

def defcon_read_template(file_path: str) -> str:
    """
    Read the content of a template file.

    Args:
        file_path (str): Path to the template file.

    Returns:
        str: Content of the template file.
    """

def defcon_read_pdf(file_path: str) -> TalkContent:
    """
    Extract text content from a PDF file with error handling.

    Args:
        file_path (str): Path to the PDF file.

    Returns:
        TalkContent: Extracted text content and metadata from the PDF.
    """

def defcon_get_ollama_summary(content: TalkContent, prompt_template: str) -> Summary:
    """
    Generate a summary using the Ollama API with type validation.

    Args:
        content (TalkContent): The content to summarize.
        prompt_template (str): The template for the summarization prompt.

    Returns:
        Summary: A validated summary of the content.
    """

def defcon_process_talk_pdfs(pdf_dir: str, output_dir: str, prompt_template: str) -> None:
    """
    Process all PDF files in a directory, generate summaries, and save them.

    Args:
        pdf_dir (str): Directory containing the PDF files to process.
        output_dir (str): Directory to save the generated summaries.
        prompt_template (str): Template for the summarization prompt.
    """

def main(pdf_dir: str, template_path: str, output_dir: str):
    """
    Main function to process DEF CON 32 talk PDFs and generate summaries.

    Args:
        pdf_dir (str): Directory containing mirrored DEF CON 32 talk PDFs.
        template_path (str): Path to the prompt template file.
        output_dir (str): Directory to save the summaries (defaults to a temporary directory).
    """

def defcon_process_summaries(pdf_dir: str, output_dir: str, template_path: str):
    """
    Process summaries for DEF CON 32 talks.

    Args:
        pdf_dir (str): Directory containing the PDF files to process.
        output_dir (str): Directory to save the generated summaries.
        template_path (str): Path to the prompt template file.
    """

defcon_process_summaries.png

Input

python defcon_process_summaries.py example.pdf

Output

{
  "title": "Exploiting Lorem Ipsum: New Vulnerabilities in Placeholder Text Generation",
  "speakers": ["Dr. Jane Doe", "John Smith"],
  "main_points": [
    "Discovered critical vulnerabilities in popular lorem ipsum generators",
    "Developed a new tool, 'IpsumBreaker', to exploit these vulnerabilities",
    "Demonstrated potential for data exfiltration through manipulated placeholder text",
    "Proposed new security standards for text generation algorithms"
  ],
  "technical_details": [
    "Identified three main vulnerability types: buffer overflow, injection attacks, and algorithmic biases",
    "IpsumBreaker tool uses machine learning to predict and manipulate text generation patterns",
    "Successful exfiltration of sensitive data achieved in 87% of tested scenarios",
    "Proposed 'Secure Lorem' standard includes input sanitization and entropy-based randomness"
  ],
  "implications": [
    "Widespread use of vulnerable lorem ipsum generators poses significant security risks",
    "Need for immediate patching and updating of text generation tools across industries",
    "Potential for new attack vectors in web development and publishing workflows",
    "Highlights the importance of security considerations in seemingly benign tools"
  ],
  "summary": "In their groundbreaking talk 'Exploiting Lorem Ipsum: New Vulnerabilities in Placeholder Text Generation', Dr. Jane Doe and John Smith unveiled critical security flaws in widely-used lorem ipsum generators. The researchers developed 'IpsumBreaker', an advanced tool leveraging machine learning to exploit these vulnerabilities, demonstrating the potential for data exfiltration through manipulated placeholder text. Their methodology involved comprehensive analysis of popular generators, identifying three primary vulnerability types: buffer overflow, injection attacks, and algorithmic biases. The team achieved a staggering 87% success rate in exfiltrating sensitive data across various test scenarios. To address these issues, they proposed the 'Secure Lorem' standard, emphasizing input sanitization and entropy-based randomness in text generation. This research has far-reaching implications for web development and publishing industries, highlighting the need for immediate security updates and a reevaluation of text generation tool usage in professional workflows. The presentation underscores the critical importance of considering security even in seemingly innocuous tools and processes."
}

Talk Entry

*** Taming the beast: Inside the LLAMA 3 red team process
:PROPERTIES:
:ID: taming-llama3-red-team
:SPEAKERS: Aaron Grattafiori, Ivan Evtimov, Joanna Bitton, Maya Pavlova
:TRACK: Track 3 (Hall 1 - Aisle 11-03)
:TIME: 15:30
:DURATION: 45 minutes
:END:

Extracted Schedule

(defun defcon/extract-schedule-to-json (&optional max-talks-per-day)
  "Extract schedule from the current Org file and save it as JSON.
Optionally limit the number of talks per day to MAX-TALKS-PER-DAY.
If MAX-TALKS-PER-DAY is provided and greater than 0, the function will
limit the number of talks extracted for each day to this value.
The extracted schedule is saved to a JSON file with a name based on
the current buffer's filename. If MAX-TALKS-PER-DAY is used, it's
reflected in the output filename.
Returns nil and displays a message if no schedule is found in the
current file.")

(defun defcon/extract-schedule (max-talks-per-day)
  "Extract the schedule from the current Org buffer.
MAX-TALKS-PER-DAY is an optional limit on the number of talks
extracted per day. If nil or 0, all talks are extracted.
Returns a list of cons cells, where each cell contains a day
and its associated talks. The list is sorted chronologically by day.
Each talk is represented as a property list containing information
such as title, ID, speakers, track, time, and duration.
This function is typically called by `defcon/extract-schedule-to-json'
to process the Org buffer contents.")

(defun defcon/extract-talks-for-day (max-talks)
  "Extract talks for the current day, optionally limiting to MAX-TALKS.
MAX-TALKS is an optional limit on the number of talks to extract.
If nil or 0, all talks for the day are extracted.
Returns a list of property lists, each representing a talk with
properties such as title, ID, speakers, track, time, and duration.
This function is called by `defcon/extract-schedule' for each day
in the schedule. It processes talk entries under the current day's
heading in the Org file.")

defcon-32-schedule-extractor.png

Output

{
  "Friday Talks": [
    {
      "title": "DONE Welcome to DEF CON",
      "id": "welcome-to-defcon",
      "speakers": "Jeff \"The Dark Tangent\" Moss",
      "track": "Track 1 (Hall 1 - Aisle 11-01)",
      "time": "10:00",
      "duration": "20 minutes"
    }
  ]
}

Child Schedules

(defun defcon/set-scheduled-and-update-children ()
  "Set SCHEDULED property for current heading and update child schedules.
Interactively prompts for a new date, sets the SCHEDULED property
for the current heading, and then updates all child schedules to
match the new date while preserving their individual times.")

(defun defcon/update-child-schedules ()
  "Update SCHEDULED timestamps of child nodes based on the parent's SCHEDULED date.
Traverses all child nodes of the current heading, updating their
SCHEDULED timestamps to match the parent's date while preserving
their individual times. Requires TIME and DURATION properties on child nodes.")

defcon-32-schedule-update-flow.png

Output

** Friday Talks
SCHEDULED: <2024-08-09 Fri>
:PROPERTIES:
:DATE:     2024-08-09
:END:
*** DONE Welcome to DEF CON
SCHEDULED: <2024-08-09 Fri 10:00-10:20>
:PROPERTIES:
:ID: welcome-to-defcon
:SPEAKERS: Jeff "The Dark Tangent" Moss
:TRACK: Track 1 (Hall 1 - Aisle 11-01)
:TIME: 10:00
:DURATION: 20 minutes
:END:

Schedule by Track

Structure

(defconst defcon/schedule-title " + 📅"
  "Constant string used as a title prefix for the generated schedule.")

(defun defcon/org-parse-talks ()
  "Parse DEF CON talks from the current Org buffer.
Returns a list of property lists, each representing a talk with
properties such as :title, :time, :track, and :id.
Only considers headings with SCHEDULED, TRACK, and ID properties.")

(defun defcon/org-clean-title (title)
  "Clean the talk TITLE by removing TODO keywords and truncating if necessary.
Removes 'TODO' or 'DONE' prefixes and truncates titles longer than 50 characters,
appending '...' to truncated titles.")

(defun defcon/sanitize-title (title)
  "Aggressively sanitize TITLE for use in Org mode table cells and links, allowing colons.
Removes special characters, square brackets, and excess whitespace.
Truncates titles longer than 50 characters, appending '...' to truncated titles.")

(defun defcon/clean-track (track)
  "Remove room information from TRACK.
Strips any text within parentheses at the end of the track name.")

(defun defcon/parse-scheduled (scheduled)
  "Parse SCHEDULED timestamp and return a time string.
Converts the Org timestamp to a formatted string 'YYYY-MM-DD HH:MM'.")

(defun defcon/get-ordered-days (talks)
  "Get the days from TALKS in chronological order.
Returns a list of unique date strings extracted from talk timestamps,
sorted chronologically.")

(defun defcon/get-schedule-filename ()
  "Generate schedule filename based on current buffer.
Returns a filename for the schedule output, based on the current buffer's
filename with '-schedule.org' appended. Throws an error if not visiting a file.")

(defun defcon/org-generate-table ()
  "Generate schedule tables from the current buffer and write them to a file.
Parses talks, organizes them by day and track, formats tables, and writes
the result to a file. Displays a message with the output filename.")

(defun defcon/format-table (talks tracks day)
  "Format the schedule table for TALKS on DAY across TRACKS.
Returns a string containing an Org mode table with talks organized by
time slots and tracks. Includes links to talks using their IDs.")

(defun defcon/human-readable-date (date-string)
  "Convert DATE-STRING to a human-readable format (e.g., 'Friday, August 11').
Takes a date string in 'YYYY-MM-DD' format and returns a string with
the day of the week and month name.")

(defun defcon/write-tables-to-file (tables output-file)
  "Write TABLES to OUTPUT-FILE.
Writes the given tables (a list of strings) to the specified output file,
adding a title with the defcon/schedule-title constant.")

(defun defcon/get-track-color (track)
  "Get the color associated with TRACK.
Returns a string representing the color for the given track.")

(defun defcon/generate-ical (talks)
  "Generate an iCal file from TALKS.
Creates an iCal file containing the schedule information from the given talks.")

(defun defcon/org-generate-table-and-ical ()
  "Generate schedule tables and an iCal file from the current buffer.
Parses talks, generates schedule tables, and writes them to a file.
Also generates an iCal file containing the schedule information.
Displays messages with the output filenames.")

Control Flow

org-generate-table-and-ical.png

Example Outputs

Org-mode Table Output
* Schedule for Friday, August 09

| Time | Warstories Track | Track 4 | Track 1 | Track 2 | Track 3 |
|-------------------------------------------------------------------|
| 10:00 | Behind enemy lines: Going undercover to breach     | Securing CCTV cameras against blind spots | Welcome to DEF CON | Mobile mesh RF network exploitation: Getting th    | Where s the money: Defeating ATM disk encryption |
iCalendar Output
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//hacksw/handcal//NONSGML v1.0//EN
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
BEGIN:DAYLIGHT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
TZNAME:PDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
TZNAME:PST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
UID:welcome-to-defcon@defcon.org
DTSTAMP:20240811T085500Z
DTSTART;TZID=America/Los_Angeles:20240809T100000
DTEND;TZID=America/Los_Angeles:20240809T102000
SUMMARY:Welcome to DEF CON
DESCRIPTION:Track: Track 1
CATEGORIES:Track 1
COLOR:#ffcccb
END:VEVENT
END:VCALENDAR

Schedule Management Workflow

defcon-32-schedule-workflow.png

Author: Jason Walsh Jason Walsh

j@wal.sh

Last Updated: 2024-08-11 21:16:45