DEF CON 27 Recap: Trends, Topics, and Schedules
Table of Contents
- 1. Topics
- 2. Badge
- 3. Schedule
- 3.1. Behind the Scenes of the DEF CON 27 Badge
- 3.2. Don’t Red-Team AI Like a Chump
- 3.3. Process Injection Techniques - Gotta Catch Them All
- 3.4. Change the World, cDc Style: Cowtips from the first 35 years
- 3.5. I Know What You Did Last Summer: 3 Years of Wireless Monitoring at DEF CON
- 3.6. Breaking The Back End! It Is Not Always A Bug. Sometimes, It Is Just Bad Design!
- 3.7. Re: What’s up Johnny?—Covert Content Attacks on Email End-toEnd Encryption
- 3.8. NOC NOC. Who’s there? All. All who? All the things you wanted to know about the DEF CON NOC and we won’t tell you about
- 4. Villages
- 5. Media
- 6. Schedules
1. Topics
- AI
- Application Security
- Automobiles
- Data brokers
- Elections
- Transportation
- Windows
The following seems to have been less present this year when compared with previous years.
- Blockchain
- DDoS
- IDS
- Smart Contracts
- Tor
- Traffic construction
- Unix
- WiFi
- Forensics
- DNS
- Pentesting
- Botnets
- Buffer overflows
2. Badge
Joe Grand (Kingpin) designed the official badge. NFMI (Near-Field Magnetic Induction) RF badge — the puzzle was social interaction, not classical cipher. Collect proximity contacts from 10 different badge types (Goon, Speaker, Vendor, Press, Village, Contest, Artist, CFP, Uber).
Badge firmware: Jackp0t — spoofs all badge types via firmware hack to auto-complete the quest (and rickroll nearby badges). Badge archive: media.defcon.org (1.3 GiB).
2.1. EFF T-Shirt Puzzle (5-Stage Pipeline)
The crypto puzzle at DC27 was on the EFF T-shirt, not the badge. Five-stage decode pipeline:
| Stage | Encoding | Output |
|---|---|---|
| 1 | Morse code on shirt screen | URL (eff.org/shr) |
| 2 | Knitting chart steganography → Morse | "wander" |
| 3 | Braille Unicode steganography → ASCII | "cephalopod" |
| 4 | Planetary alignment (Chinese Remainder Theorem) | "taboo" |
| 5 | One-time pad, key = "wandercephalopodtaboo" | "seeyouspacecowboy" |
See EFF's DC27 T-Shirt Puzzle writeup.
Stages 1–3 involve steganography (domain-crossing transforms, like the Aphex Twin spectrogram). Stage 4 is number theory. Stage 5 (OTP) is a bijection given the key — the same key-dependent reversibility as Janus and keyed ciphers.
3. Schedule
3.1. Behind the Scenes of the DEF CON 27 Badge
Joe Grand (Kingpin)
3.2. Don’t Red-Team AI Like a Chump
Ariel Herbert-Voss
3.3. Process Injection Techniques - Gotta Catch Them All
Itzik Kotler, Amit Klein
3.4. Change the World, cDc Style: Cowtips from the first 35 years
Joseph Menn, Peiter Mudge Zatko, Chris Dildog Rioux, Deth Vegetable, Omega
3.5. I Know What You Did Last Summer: 3 Years of Wireless Monitoring at DEF CON
d4rkm4tter (Mike Spicer)
3.6. Breaking The Back End! It Is Not Always A Bug. Sometimes, It Is Just Bad Design!
Gregory Pickett
4. Villages
There are several new villages that were present at 27 that reflect the expanding technology landscape.
4.1. AI
4.2. AppSec
4.3. Transportation
5. Media
- https://www.wired.com/story/avaya-desk-phone-bug-defcon/
- https://www.wired.com/story/teen-hacker-school-software-blackboard-follett/
- https://stackoverflow.blog/2019/08/08/def-con-stack-overflow-traffic-data-trends/?cb=1
- https://www.vice.com/en_us/article/8xw9kp/black-hat-talk-about-time-ai-causes-uproar-is-deleted-by-conference
- https://www.wsj.com/articles/welcome-to-black-hat-where-the-attendees-are-the-threat-11565343002
- https://www.bbc.co.uk/news/technology-49252501
- https://www.eurekalert.org/pub_releases/2019-08/coec-cmt081219.php
- https://www.cnet.com/news/darpas-10-million-voting-machine-couldnt-be-hacked-at-defcon-for-the-wrong-reasons/
- https://www.infosecurity-magazine.com/news/defcon-hackers-netflix-bank-acount/
- https://www.cnet.com/news/what-a-security-researcher-learned-from-monitoring-traffic-at-defcon/
6. Schedules
- https://www.defcon.org/html/defcon-12/dc-12-schedule.html 2004
- https://www.defcon.org/html/defcon-14/dc-14-schedule.html
- https://www.defcon.org/html/defcon-20/dc-20-schedule.html
- https://www.defcon.org/html/defcon-21/dc-21-schedule.html
- https://www.defcon.org/html/defcon-22/dc-22-schedule.html
- https://www.defcon.org/html/defcon-24/dc-24-schedule.html