DEF CON® Hacking Conference - DEF CON 20 Archive

skip to main content

DEF CON 20 Archive

Was July 26th-29th at the Rio Hotel & Casino

Speakers & Presentations

The Dark Tangent and LosT

Welcome & Making the
DEF CON 20 Badge

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

DEF CON Documentary Trailer

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Gail Thackeray and Dead Addict

Before, During, and After

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

DC 101 Thursday Talks

DaKahuna 10:00 Breaking Wireless Encryption Keys Ripshy 11:00 Intro to Digital Forensics: Tools & Tactics Siviak 12:00 The Cerebral Source Code Panel 13:00 DEF CON 101 Roamer 14:00 Screw the Planet, Hack the Job! Tuna15:00 HF Skiddies Suck, Don't Be One. Learn Some Basic Python LoST16:00 Hacking the Hackers: How Firm is Your Foundation? See it! (Dr. Tran14:10 Introduction to Lockpicking and Bypassing Physical Security See it! (

Jeremy Zerechak

Movie Night With The Dark Tangent: "Code2600" + Q&A With the Director

Joe Kawasaki, Sidney Sherman, Actors

Movie Night With The Dark Tangent: "Reboot" + Q&A With the Filmmakers and Actors

Movie Night with The Dark Tangent:
"We Are Legion: The Story
of the Hacktivists"

"MIT Mike" Aponte

Movie Night With The Dark Tangent: "21" + Q&A With "MIT Mike" Aponte

General Keith B. Alexander

Shared Values, Shared Responsibility

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Chema Alonso and Manu "The Sur"

Owning Bad Guys {And Mafia} With Javascript Botnets

Read It! (PDF | (White Paper) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

The Darknet of Things, Building Sensor Networks That Do Your Bidding

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Drones!

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

<ghz or bust: DEF CON

Read It! (PDF | Extras) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Adam "EvilPacket" Baldwin

Blind XSS

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Kevin Bankston, Matt Blaze and Jennifer Granick

Should the Wall of Sheep Be Illegal? A Debate Over Whether and How Open WiFi Sniffing Should Be Regulated

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Cryptohaze Cloud Cracking

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Rodrigo Rubira Branco, James Oakley, and Sergey Bratus

Overwriting the Exception Handling Cache PointerDwarf Oriented Programming

Read It! (PDF | White Paper) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Exploit Archaeology: Raiders of the Lost Payphones

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Jonathan Brossard

Hardware Backdooring is Practical

Read It! (PDF | White Paper) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Dave Brown: UPDATED :

DIY Electric Car

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Francis Brown and Rob Ragan

Tenacious Diggity: Skinny Dippin' in a Sea of Bing

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

KinectasploitV2: Kinect Meets 20 Security Tools

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Elie Bursztein and Patrick Samy

Fuzzing Online Games

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Linda C. Butler

The Open Cyber Challenge Platform

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Into the Droid: Gaining Access to Android User Data

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Jim Christy, Leon Carroll, Andy Fried, Jon Iadonisi, Rich Marshall, David McCallum, and Justin Wykes

Panel: Meet the Feds 1 - Law Enforcement

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Jim Christy, Rich Marshall, Rod Beckstrom, Jerry Dixon, Mishel Kwon, Riley Repko, Dr. Linton Wells, Mark Weatherford, Marcus Sachs, Robert E. Joyce

Meet the Feds 2 - Policy

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Sandy Clark, Matt Blaze

SIGINT and Traffic Analysis for the Rest of Us

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Bad (and Sometimes Good) Tech Policy: It's Not Just a DC Thing

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Greg Conti, Lisa Shay, and Woody Hartzog

Life Inside a Skinner Box: Confronting our Future of Automated Law Enforcement

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Michael Coppola

Owning the Network: Adventures in Router Rootkits

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Joshua Corman, Dan Kaminsky, Jeff Moss, Rod Beckstrom, and Michael Joseph Gross

World War 3.0: Chaos, Control & the Battle for the Net

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Ang Cui: UPDATED :

Embedded Device Firmware Vulnerability Hunting Using FRAK, the Firmware Reverse Analysis Konsole

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Looking Into The Eye Of The Meter

Read It! (PDF | White Paper) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Zachary Cutlip: UPDATED :

SQL Injection to MIPS Overflows: Rooting SOHO Routers

Read It! (PDF | White Paper | Extras) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Jeff Moss, Jericho, and Russ Rogers

DC RECOGNIZE Awards

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Christian "quaddi" Dameff and Jeff "r3plicant" Tully

Hacking Humanity: Human Augmentation and You

Read It! (PDF | Cited Works) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Blakdayz, Anarchy Angel, Anch, Dave Marcus and Nick Farr

Connected Chaos: Evolving the DCG/Hackspace Communication Landscape

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Not-So-Limited Warranty: Target Attacks on Warranties for Fun and Profit

Read It! (PDF | Extras) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

DivaShark - Monitor your Flow

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Beyond the War on General Purpose Computing: What's Inside the Box?

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Sploitego - Maltego's (Local) Partner in Crime

Read It! (PDF | Extras) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Not So Super Notes, How Well Does US Dollar Note Security Prevent Counterfeiting?

Read It! (PDF | Images) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Post Metasploitation: Improving Accuracy and Efficiency in Post Exploitation Using the Metasploit Framework

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

esden, dotAero, misterj, and cifo

The Paparazzi Platform: Flexible, Open-Source, UAS Software and Hardware

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Amir "Zenofex" Etemadieh, CJ Heres, Dan Rosenberg, and Tom "tdweng" Dwenger

Hacking the Google TV

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Owned in 60 Seconds: From Network Guest to Windows Domain Admin

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Hellaphone: Replacing the Java in Android

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Hacking [Redacted] Routers

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Svetlana Gaivoronski and Dennis Gamayunov

Demorpheus: Getting Rid Of Polymorphic Shellcodes In Your Network

Read It! (PDF | Extras) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

New Techniques in SQLi Obfuscation: SQL never before used in SQLi

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Uncovering SAP Vulnerabilities: Reversing and Breaking the Diag Protocol

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Andrew Gavin, Michael Baucom and Charles Smith

Post-Exploitation Nirvana: Launching OpenDLP Agents over Meterpreter Sessions

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Kenneth Geers: UPDATED :

The Art of Cyberwar

Read It! (PDF | Extras) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Joe Grand and Zoz

More Projects of Prototype This!

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Dan Griffin: UPDATED :

Hacking Measured Boot and UEFI

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Exchanging Demands

Read It! (PDF | Extras) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Changing the Security Paradigm: Taking Back Your Network and Bringing Pain to the Adversary

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Dustin Hoffman, Semon Rezchikov

Busting the BARR: Tracking "Untrackable" Private Aircraft for Fun & Profit

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Crypto and the Cops: the Law of Key Disclosure and Forced Decryption

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Passive Bluetooth Monitoring in Scapy

Read It! (PDF | Extras) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Alberto García Illera

How to Hack All the Transport Networks of a Country

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Jameel Jaffer, William Binney, James Bamford, and Alex Abdo

Bigger Monster, Weaker Chains: The National Security Agency and the Constitution

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Black Ops

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Dave Kennedy and Dave DeSimone

Owning One to Rule Them All

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Detecting Reflective Injection

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

An Inside Look Into Defense Industrial Base (DIB) Technical Security Controls: How Private Industry Protects Our Country's Secrets

Read It! (PDF | Extras) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Xeno Kovah and Corey Kallenberg

No More Hooks: Detection of Code Integrity Attacks

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Anthony "Darkfloyd" Lai, Tony "MT" Miu, Kelvin "Captain" Wong, and Alan "Avenir" Chung

DDoS Black and White "Kungfu" Revealed

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

NFC Hacking: The Easy Way

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Robots: You're Doing It Wrong 2

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Amber Lyon, Gabriella Coleman, Marcia Hoffman, Mercedes Haefer, Jay Leiderman, and Gráinne O'Neill

Anonymous and the Online Fight for Justice

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Tim Maletic and Christopher Pogue

OPFOR 4Ever

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

David "thelightcosine" Maloney

Weaponizing the Windows API with Metasploit's Railgun

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Moxie Marlinspike, David Hulton, and Marsh Ray

Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

SCADA HMI and Microsoft Bob: Modern Authentication Flaws With a 90's Flavor

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Don't Stand So Close To Me: An Analysis of the NFC Attack Surface

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Alexander Minozhenko

How to Hack VMware vCenter Server in 60 Seconds

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

David Mortman, Rich Mogull, Chris Hoff, Dave Maynor, Larry Pesce, James Arlen, Robert David Graham

DEF CON Comedy Jam V, V for Vendetta

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Cortana: Rise of the Automated Red Team

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Fergus Noble and Colin Beighley

Making Sense of Static - New Tools for Hacking GPS

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Jason A. Novak and Andrea (Drea) London

SQL ReInjector - Automated Exfiltrated Data Identification

Read It! (PDF | Extras) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Kurt Opsahl, Marcia Hofmann, Hanni Fakhouri, Peter Eckersley, Eva Galperin, and Trevor Timm

Meet the EFF

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Jason Ostrom, Karl Feinauer, William Borskey

The End of the PSTN As You Know It

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

APK File Infection on an
Android System

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Panel: The Making of DEF CON 20

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Nicholas J. Percoco and Sean Schulte

Adventures in Bouncerland

Michael Perklin: UPDATED :

Anti-Forensics and Anti-Anti-Forensics: Attacks and Mitigating Techniques for Digital-Forensic Investigations

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Creating an A1 Security Kernel in the 1980s (Using “Stone Knives and Bear Skins”)

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Dan "AltF4" Petro

Network Anti-Reconnaissance: Messing with Nmap Through Smoke and Mirrors

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Bypassing Endpoint Security for $20 or Less

Read It! (PDF | Extras) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Robert Portvliet and Brad Antoniewicz

The Safety Dance - Wardriving the Public Safety Band

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Kevin Poulsen Answers Your Questions

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Q&A with the Men (and Women) in Black

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Hacker + Airplanes = No Good Can Come Of This

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Jim Rennie, Jennifer Granick

MegaUpload: Guilty or Not Guilty?

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Ryan Reynolds and Jonathan Claudius

Stamp Out Hash Corruption! Crack All The Things!

Read It! (PDF | White paper | Extras) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Michael Robinson and Chris Taylor

Spy vs Spy: Spying on Mobile Device Spyware

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Sergio 'flacman' Valderrama and Carlos Alberto Rodriguez

Scylla: Because There's no Patch for Human Stupidity

Read It! (White Paper) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Bruce Schneier Answers Your Questions

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Rebecca "bx" Shapiro and Sergey Bratus

Programming Weird Machines with ELF Metadata

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Mickey Shkatov and Toby Kohlenberg

We Have You by the Gadgets

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Christopher Soghoian, Ben Wizner, Catherine Crump, and Ashkan Soltani

Can You Track Me Now? Government And Corporate Surveillance Of Mobile Geo-Location Data

See it! (Slides Video) Hear it! (m4b Audio)

Aditya K. Sood and Richard J. Enbody

Botnets Die Hard - Owned and Operated

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Jayson E. Street

How to Channel Your Inner Henry Rollins

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Chris "TheSuggmeister" Sumner and Randall Wald

Can Twitter Really Help Expose Psychopath Killers' Traits?

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Chris Tarnovsky

Attacking TPM Part 2: A Look at the ST19WP18 TPM Device

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Twenty Years Back, Twenty Years Ahead: The Arc of DEF CON Past and Future

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Josh "m0nk" Thomas and Jeff "stoker" Robble: UPDATED :

Off-Grid Communications with Android: Meshing the Mobile World

Read It! (PDF | White paper) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Thor (Hammer of God)

Socialized Data: Using Social Media as a Cyber Mule

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Marc Weber Tobias, Matt Fiddler, and Tobias Bluzmanis

Safes and Containers: Insecurity Design Excellence

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Ben Toews and Scott Behrens

Rapid Blind SQL Injection Exploitation with BBQSQL

Read It! (PDF | Extras) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Matthew Toussain and Christopher Shields

Subterfuge: The Automated Man-in-the-Middle Attack Framework

Read It! (PDF | White paper) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Drinking From the Caffeine Firehose We Know as Shodan

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Paul Vixie and Andrew Fried

The DCWG Debriefing - How the FBI Grabbed a Bot and Saved the Internet

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Mark Weatherford

The Christopher Columbus Rule and DHS

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

The Art Of The Con

See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)

Improving Web Vulnerability Scanning

Read It! (PDF) See it! (Speaker & Slides | Slides Video) Hear it! (m4b Audio)