Talk Schedule
FRIDAY | SATURDAY | SUNDAY
๐ป=demo, ๐ =tool, ๐ชฒ=exploit
THURSDAY
10:00
Thursday - War Stories @Forum
Boston Infinite Money Glitch: Hacking Transit Cards Without Ending Up In Handcuffs
Matthew Harris, Zachary Bertocchi, Scott Campbell, & Noah Gibson
45 minutes
๐ป11:00
Thursday - War Stories @Forum
UNConventional Cybercrime: How a Bad Anti-Hacking Treaty is Becoming a Law
Katitza Rodriguez & Bill Budington
20 minutes
11:30
Thursday - War Stories @Forum
Cracking Cicada 3301: The Future of Collaborative Puzzle-Solving
Taiiwo, Artorias, Puck, & TheClockworkBird
45 minutes
12:30
Thursday - War Stories @Forum
New Isnโt Always Novel: Grepโing Your Way to $20K at Pwn2Own, and How You Can Too
James Horseman & Zach Hanley
45 minutes
๐ ๐ชฒ13:30
Thursday - War Stories @Forum
Damned if you do - The risks of pointing out the emperor is buck naked
Renderman & Thomas Dang
45 minutes
14:30
Thursday - War Stories @Forum
Designing RFID Implants How flipping the bird opens doors for me
Miana Ella Windall
45 minutes
15:30
Thursday - War Stories @Forum
Nuthin But A G Thang: Evolution of Cellular Networks
Tracy Mosley
45 minutes
16:30
Thursday - War Stories @Forum
Small Leaks, Billions Of Dollars: Practical Cryptographic Exploits That Undermine Leading Crypto Wallets
Nikolaos Makriyannis & Oren Yomtov
20 minutes
๐ป ๐ ๐ชฒ-
Rescheduled to Sunday, Track 3 at 10:00
Snoop on to them, as they snoop on to us
nullagent & rekcahdam
20 minutes
๐ป ๐ ๐ชฒ 17:30
Thursday - War Stories @Forum
DC101 -Thursday welcome panel
Panel
75 minutes
FRIDAY
09:00
-
Track 1
The Internals of Veilid, a New Decentralized Application Framework
Christien 'DilDog' Rioux & Katelyn 'Medus4' Bowden
45 minutes
๐ป ๐ -
Track 2
Welcome to DEF CON 31
The Dark Tangent
20 minutes
-
Track 3
The Hackers, The Lawyers, And The Defense Fund
Harley Geiger, Kurt Opsahl, Miles McCain, Hannah Zhao, Charley Snyder
45 minutes
๐ป ๐ชฒ -
Track 4
Growing the Community of AI Hackers with the Generative Red Team
Sven Cattell, Rumman Chowdhury, & Austin Carson
45 minutes
09:30
-
Track 2
Secretary of the Department of Homeland Security Alejandro Mayorkas
Alejandro Mayorkas
45 minutes
10:00
-
Track 1
Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework
Daniel Avinoam
45 minutes
๐ป ๐ -
Track 3
The RingHopper Journey or How We Almost Zero-dayโd the World
Benny Zeltser & Jonathan Lusky
45 minutes
๐ป ๐ชฒ -
Track 4
Look Ma I'm the CEO! Real-Time Video and Audio Deep-Fake!
Gal Zror
20 minutes
๐ป -
War Stories For the Record, @Harrahs
A Different Uber Post Mortem
Joe Sullivan
45 minutes
10:30
-
Track 2
Making The DEF CON 31 Badge
Mar Williams
20 minutes
-
Track 4
Route to bugs: Analyzing the security of BGP message parsing
Daniel dos Santos & Simon Guiot
45 minutes
๐ป ๐ ๐ชฒ
11:00
-
Track 1
mTLS: when certificate authentication done wrong
Michael Stepankin
20 minutes
๐ป ๐ชฒ -
Track 2
SpamChannel: Spoofing Emails From 2 Million+ Domains and Virtually Becoming Satan
byt3bl33d3r
45 minutes
๐ป ๐ -
Track 3
Defending KA-SAT: The detailed story of the response, how it was analyzed, and what was learned
Nick Saunders & Nick Colaluca
45 minutes -
War Stories - For the Record, @Harrahs
Warshopping - Further Phreaking Smart Shopping Cart Wheels Through RF Sniffing and Hardware Reverse Engineering
Joseph Gabay
45 minutes
11:30
-
Track 1
I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers Tradecraft
Andrรฉanne Bergeron & Olivier Bilodeau
45 minutes
๐ป -
Track 4
Civil Cyber Defense: Use Your Resources to Defend Non-Profits as they Combat Human Trafficking and Subvert Authoritarian Regimes
Tiffany Rad & Austin Shamlin
45 minutes
12:00
-
Track 2
Still Vulnerable Out of the Box: Revisiting the Security of Prepaid Android Carrier Devices
Ryan Johnson, Mohamed Elsabagh, & Angelos Stavrou
45 minutes
๐ป ๐ชฒ -
Track 3
GhostToken: Exploiting Google Cloud Platform App Infrastructure to Create Unremovable Trojan Apps
Tal Skverer
20 minutes
๐ป ๐ -
War Stories - For the Record, @Harrahs
You're Not George Clooney, and This Isn't Ocean's Eleven
Andrew Brandt
45 minutes
๐ป
12:30
-
Track 1
A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS
Noam Moshe & Sharon Brizinov
45 minutes
๐ป ๐ชฒ -
Track 3
Backdoor in the Core - Altering the Intel x86 Instruction Set at Runtime
Alexander Dalsgaard Krog & Alexander Skovsende
45 minutes
๐ป ๐ -
Track 4
Defender-Pretender: When Windows Defender Updates Become a Security Risk
Tomer Bar & Omer Attias
45 minutes
๐ป ๐ ๐ชฒ
13:00
-
Track 2
Over the Air, Under the Radar: Attacking and Securing the Pixel Modem
Farzan Karimi, Xuan Xing , Xiling Gong & Eugene Rodionov
45 minutes
๐ป ๐ ๐ชฒ -
War Stories For the Record, @Harrahs
Living Next Door to Russia
Mikko Hypponen
45 minutes
13:30
-
Track 1
Private Keys in Public Places
Tom Pohl
45 minutes
๐ชฒ -
Track 3
Fantastic Ethertypes and Where to Find Them
Ricky Lawshae
45 minutes
๐ป -
Track 4
Private Until Presumed Guilty
Allison ***** & Diane Akerman
45 minutes
๐ป
14:00
-
Track 2
There are no mushroom clouds in cyberwar
Mieke Eoyang
20 minutes
-
War Stories For the Record, @Harrahs
Tracking the Worlds Dumbest Cyber-Mercenaries
cooperq
20 minutes
14:30
-
Track 1
TBA
-
Track 2
DARPA Announces an AI Cyber Initiative, Live at DC 32 and DC 33
Perri Adams, Michael Sellitto, Heather Adkins, Vijay Bolina, Dave Weston, Matthew Knight, & Omkhar Arasaratnam
20 minutes
-
Track 3
Getting a Migraine - uncovering a unique SIP bypass on macOS -
Jonathan Bar Or, Michael Pearse, & Anurag Bohra
45 minutes
๐ป ๐ชฒ -
Track 4
Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET
Jonathan Birch
45 minutes
-
War Stories For the Record, @Harrahs
You can't cheat time - Finding foes and yourself with latency trilateration.
Lorenzo Cococcia
20 minutes
๐ป ๐
15:00
-
Track 2
Shall we play a game? Just because a Large Language Model speaks like a human...
Dr. Craig Martell
45 minutes
-
War Stories For the Record, @Harrahs
CON trolling the weather
Paz Hameiri
45 minutes
15:30
-
Track 1
A Comprehensive Review on the Less-Traveled Road: 9 Years of Overlooked MikroTik Pre-Auth RCE
NiNi Chen
45 minutes
๐ ๐ชฒ -
Track 3
Turning my virtual wallet into a skimming device: mPOS solutions
Dan Borgogno & Ileana Barrionuevo
45 minutes
๐ป ๐ชฒ -
Track 4
Game-Changing Advances in Windows Shellcode Analysis
Dr. Bramwell Brizendine, Max 'Libra' Kersten, Jake Hince
45 minutes
๐ป ๐
16:00
-
Track 2
Visual Studio Code is why I have (Workspace) Trust issues
Thomas Chauchefoin & Paul Gerste
45 minutes
๐ป -
War Stories - For the Record, @Harrahs
A Series of Unfortunate Events
Ben Sadeghipour & Corben Leo
45 minutes
16:30
-
Track 1
Nothing but Net: Leveraging macOS's Networking Frameworks to Heuristically Detect Malware
Patrick Wardle
45 minutes
๐ป ๐ -
Track 3
certmitm: automatic exploitation of TLS certificate validation vulnerabilities
Aapo Oksman
45 minutes
๐ป ๐ ๐ชฒ -
Track 4
Malware design - abusing legacy Microsoft transports and session architecture
R.J. McDown
45 minutes
๐ป ๐
17:00
-
Track 2
HL7Magic: Medical Data Hacking Made Easy
Katie Inns
20 minutes
๐ป ๐ -
War Stories - For the Record, @Harrahs
Legend of Zelda: Use After Free (TASBot glitches OoT)
Allan "dwangoAC" Cecil, Sauraen, Liam โMLinkโ Taylor
45 minutes
๐ป
17:30
-
Track 3
Track the Planet! Mapping Identities, Monitoring Presence, and Decoding Business Alliances in the Azure Ecosystem
nyxgeek
20 minutes
๐ป ๐ชฒ -
Track 4
Fireside Chat with the National Cyber Director
Kemba Walden
45 minutes
20:00
-
Track 3
Ask the EFF
Corynne McSherry, Cooper Quintin, Mario Trujillo, Hannah Zhao, Rory Mir
105 minutes
SATURDAY
09:00
-
Track 1
Assessing the Security of Certificates at Scale
David McGrew, Brandon Enright, & Andrew Chi
20 minutes
๐ป ๐ชฒ -
Track 2
Smashing the state machine: the true potential of web race conditions
James 'albinowax' Kettle
45 minutes
๐ป ๐ ๐ชฒ -
Track 3
ELECTRONizing macOS privacy - a new weapon in your red teaming armory
Wojciech Reguลa
20 minutes
๐ป ๐ -
Track 4
Hack the Future: Why Congress and the White House are supporting AI Red Teaming
Austin Carson
45 minutes
09:30
-
Track 1
Badge of Shame: Breaking into Secure Facilities with OSDP
Dan Petro & David Vargas
45 minutes
๐ป ๐ ๐ชฒ -
Track 3
J4 Gate, The Hustler Poker Cheating Scandal investigation and how Hacking helped me do it
Duckie
45 minutes
10:00
-
Track 2
Demystifying (& Bypassing) macOS's Background Task Management
Patrick Wardle
45 minutes
๐ป ๐ -
Track 4
Defeating VPN Always-On
Maxime Clementz
45 minutes
๐ป ๐ ๐ชฒ -
War Stories - Off The Record, @Harrahs
D0 N0 H4RM: A Healthcare Security Conversation
Christian โquaddiโ Dameff MD, Jacqueline Burgette, Jeff โr3plicantโ Tully MD, Nitin Natarajan, Senator Mark Warner & Suzanne Schwartz MD
105 minutes
10:30
-
Track 1
Calling it a 0-Day - Hacking at PBX/UC Systems
good_pseudonym
45 minutes
๐ป ๐ชฒ -
Track 3
Unlocking Doors from Half a Continent Away
Trevor Stevado & Sam Haskins
45 minutes
๐ป ๐ ๐ชฒ
11:00
-
Track 2
Weaponizing Plain Text: ANSI Escape Sequences as a Forensic Nightmare
STรK
45 minutes
๐ป -
Track 4
Spread spectrum techniques in disposable drones for anti drone evasion
David Melendez & Gabriela "Gabs" Garcรญa
45 minutes
๐ป ๐
11:30
-
Track 1
Physical Attacks Against Smartphones
Christopher Wade
45 minutes
๐ป ๐ ๐ชฒ -
Track 3
Apple's Predicament: NSPredicate Exploitation on macOS and iOS
Austin Emmitt
45 minutes
๐ป ๐ ๐ชฒ -
War Stories - Off The Record, @Harrahs
Mass Owning of Seedboxes - A Live Hacking Exhibition
Anon
45 minutes
๐ป ๐
12:00
-
Track 2
Internet censorship: what governments around the globe have in store for you
Roger Dingledine, Chris Painter, Jeff Moss, & Joel Todoroff
45 minutes
-
Track 4
From Feature to Weapon: Breaking Microsoft Teams and SharePoint Integrity
Dr. Nestori Syynimaa
45 minutes
๐ป
12:30
-
Track 1
Video-based Cryptanalysis: Extracting Secret Keys from Power LEDs of Various Non-compromised Devices Using a Video Camera
Ben Nassi
45 minutes
๐ป ๐ชฒ -
Track 3
An Audacious Plan to Halt the Internet's Enshittification
Cory Doctorow
45 minutes
-
War Stories - Off The Record, @Harrahs
Off the record talks - Signs Ups On Site
Speaker TBA
330 minutes
13:00
-
Track 2
Looking into the future, what can we learn about hacking in science-fiction?
Nicolas Minvielle & Xavier Facรฉlina
45 minutes
-
Track 4
Azure B2C 0-Day: An Exploit Chain from Public Keys to Microsoft Bug Bounty
John Novak
45 minutes
๐ชฒ
13:30
-
Track 1
Meduza: How an exiled pirate media outlet breaks through the Kremlin's propaganda firewall
Alex
45 minutes
-
Track 3
The GitHub Actions Worm: Compromising GitHub repositories through the Actions dependency tree
Asi Greenholts
45 minutes
๐ป
14:00
-
Track 2
A SSLippery Slope: Unraveling the Hidden Dangers of Certificate Misuse -
Bill Demirkapi
45 minutes
๐ป ๐ ๐ชฒ -
Track 4
Power Corrupts; Corrupt It Back! Hacking Power Management in Data Centers
Sam Quinn & Jesse Chick
45 minutes
๐ป ๐ชฒ
14:30
-
Track 1
Exploiting OPC-UA in Every Possible Way: Practical Attacks Against Modern OPC-UA Architectures
Sharon Brizinov & Noam Moshe
45 minutes
๐ป ๐ ๐ชฒ -
Track 3
Contactless Overflow: Code execution in payment terminals and ATMโs over NFC
Josep Pi Rodriguez
45 minutes
๐ป ๐ชฒ
15:00
-
Track 2
Spooky authentication at a distance
Tamas Jos
45 minutes
๐ป ๐ -
Track 4
Revolutionizing ELF binary patching with Shiva: A JIT binary patching system for Linux
ElfMaster
45 minutes
๐ป ๐
15:30
-
Track 1
Breaking BMC: The Forgotten Key to the Kingdom
Alex Tereshkin & Adam Zabrocki
45 minutes
๐ป -
Track 3
ndays are also 0days: Can hackers launch 0day RCE attack on popular softwares only with chromium ndays?
Bohan Liu, Zheng Wang, GuanCheng Li
45 minutes
๐ป ๐ชฒ
16:00
-
Track 2
Runtime Riddles: Abusing Manipulation Points in the Android Source
Laurie Kirk
45 minutes
-
Track 4
A Broken Marriage: Abusing Mixed Vendor Kerberos Stacks
Ceri Coburn
20 minutes
๐ป ๐
16:30
-
Track 1
Your Clocks Have Ears โ Timing-Based Browser-Based Local Network Port Scanner
Dongsung "Donny" Kim
20 minutes
๐ป ๐ ๐ชฒ -
Track 3
Abortion Access in the Age of Surveillance
Corynne McSherry, Kate Bertash, Daly Barnett, & India McKinney
45 minutes
-
Track 4
All information looks like noise until you break the code: Futureproofing the transportation sector
David Pekoske, Sean Lyngaas, Jen Easterly
45 minutes
17:00
-
Track 1
Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
Mikhail Shcherbakov & Musard Balliu
20 minutes
๐ป ๐ ๐ชฒ -
Track 2
Polynonce: An ECDSA Attack and Polynomial Dance -
Nils Amiet & Marco Macchetti
20 minutes
๐ป ๐ ๐ชฒ -
Track 4
Lions and Tigers and Fancy Bears, Oh My!: A Cautionary Tale for our Cyber Future
Jen Easterly & Scott Shapiro
20 minutes
SUNDAY
10:00
-
Track 1
StackMoonwalk: A Novel approach to stack spoofing on Windows x64
Alessandro โklezVirusโ Magnosi, Arash โwaldoircโ Parsa, Athanasios โtrickster0โ Tserpelis
45 minutes
๐ -
Track 2
Cellular carriers hate this trick: Using SIM tunneling to travel at light speed
Adrian โatrox โ Dabrowski & Gabriel K. Gegenhuber
45 minutes
๐ ๐ชฒ -
Track 3
Snoop on to them, as they snoop on to us
nullagent & rekcahdam
20 minutes
๐ป ๐ ๐ชฒ -
Track 4
Vacuum robot security and privacy - prevent your robot from sucking your data
Dennis Giese
45 minutes
-
War Stories - Off The Record, @Harrahs
War Stories Off The Record AMA
Panel
120 minutes
11:00
-
Track 1
Advanced ROP Framework: Pushing ROP to Its Limits
Dr. Bramwell Brizendine & Shiva Shashank Kusuma
45 minutes
๐ป ๐ -
Track 2
The Art of Compromising C2 Servers: A Web Application Vulnerabilities Perspective
Vangelis Stykas
45 minutes
๐ ๐ชฒ -
Track 3
Unlocking hidden powers in Xtensa based Qualcomm Wifi chips
Daniel Wegemer
45 minutes
๐ป ๐ -
Track 4
Burrowing Through The Network: Contextualizing The Vulkan Leaks & Historical State-Sponsored Offensive Operations
Joe Slowik
45 minutes
12:00
-
Track 1
#NoFilter: Abusing Windows Filtering Platform for privilege escalation
Ron Ben-Yizhak
45 minutes
๐ป ๐ ๐ชฒ -
Track 2
Terminally Owned - 60 years of escaping
David Leadbeater
45 minutes
๐ป ๐ชฒ -
Track 3
Retro Exploitation: Using Vintage Computing Plaforms as a Vulnerability Research Playground and Learning Environment
Wesley McGrew
45 minutes
๐ป ๐ ๐ชฒ -
Track 4
LLMs at the Forefront: Pioneering the Future of Fuzz Testing in a Rapidly Changing World
X
45 minutes
๐ ๐ชฒ
13:00
-
Track 3
The Price of Convenience: How Security Vulnerabilities in Global Transportation Payment Systems Can Cost You
Omer Attias
45 minutes
๐ป ๐ -
Track 4
Exploring Linux Memory Manipulation for Stealth and Evasion: Strategies to bypass Read-Only, No-Exec, and Distroless Environments
Carlos Polop & Yago Gutierrez
45 minutes
๐ป ๐
14:00
-
Track 1 & 2
Contest Closing Ceremonies & Awards
Contest Goons
75 minutes
-
Track 3
TETRA Tour de Force: Jailbreaking Digital Radios and Base Stations for Fun and Secrets
Carlo Meijer, Wouter Bokslag, Jos Wetzels -
75 minutes
๐ป ๐ ๐ชฒ -
Track 4
Hacker Court Interactive Scenario
winn0na, and Panel
75 minutes
15:30
-
Track 1 & 2
DEF CON Closing Ceremonies & Awards
DT & DEF CON Senior Staff
Until it ends minutes