Dan Loosen

Dan Loosen

KEYNOTE: The History of Video Game Console Hacking

Dan will discuss the history of hacking video game consoles from the Atari 2600 to today, including some of the landmark legal cases that helped to develop a consensus on what was legal. This presentation will also include the positives and negatives of working with older hardware to develop new games, both from the developers and from the publishers perspective!


Eric Escobar

Eric Escobar

Wireless Hacking & Capture The Flag

Eric Escobar will be presenting on wireless hacking concepts and will go into details on the CypherCon 2.0 wireless capture the flag!


Cody Florek

Cody Florek

The Upside Down: Going from NetSec to AppSec

When I took on the world of AppSec, I thought many of my life lessons in network security operations would carry over. I found out that it didnt work that way. As I progressed in AppSec, I soon discovered many other folks were like me but had no idea what to do or where to start.

From a security operations world looking glass, I want to give a presentation on how to think, what terms to use, what tools to use, and where to go to learn. If you are a seasoned AppSec pen tester, this presentation isn’t for you. If you’ve been doing Sec Ops, this is probably for you.


Ed Abrams (zeroaltitude)

Ed Abrams (zeroaltitude) Demetrius Comes (cmdc0de)

Demetrius Comes (cmdc0de)

A Look Behind the Scenes of DEFCON DarkNet

cmdc0de and zeroaltitude will present an overview of the DEFCON DarkNet challenge, currently getting ready for its fifth year.  This presentation will also give an inside look at the DarkNet hardware, software, badges, and quests done over the years.

 

DEFCON DarkNet has created a Daemon who controls the DarkNet; and players interact with it through the website at dcdark.net . The Daemon keeps track of player quests and their DarkNet inventory.  DarkNet badges, once assembled as a learning quest, act as a valuable tool to identify your role as a player and to help you with certain quests.  Physical puzzle items such as lockpick stations and phonebooths, as well as interactions with DarkNet Operatives, provide further avenues to engage players in their quests and learning experiences.

 

Cmdc0de and zeroaltitude will be presenting two ciphers at the end of their talk, and discussing a little bit of how they think about ciphers.  They will then invite people to join them in the cipher village after their talk to work on these.

 

Experiences within the DarkNet will take you to the limit of your existing knowledge… and beyond. If you join us, we will send you on quests to improve your technical abilities. You will meet others like you and you will learn from each other and grow stronger. As you proceed within the DarkNet, you’ll discover hidden messages you would never have noticed and you’ll accomplish goals you never would have achieved alone. To succeed, you have to find your way through the quests and if you make it to the end, you will have proven yourself worthy to join us in our stand against those who seek to control us.

 

DarkNet’s mission is to secure a safe, independent and self-sustaining community free from intrusion and infiltration by those who would enslave us to their own ends. Our opponents are many and they grow ever more modern — spying on us through our information streams and controlling us through messages that we see wherever we go. We must resist.


Dr. Alexander Rasin

Dr. Alexander Rasin

Forensic Deconstruction of Databases through Direct Storage Carving

The increasing use of databases in the storage of critical and sensitive information in many organizations has lead to an increase in the rate at which databases are the target of computer crimes. While there are some techniques and tools available for database forensics, they typically assume apriori preparation (e.g., detailed logging) and rely on built-in database features working properly (e.g., no hacking). Investigators, alternatively, need forensic techniques that make no such assumptions and tools that can be applied to a damaged or an already-compromised database system.
In this talk we present DBCarver, a tool for reconstructing database content from database storage (disk, RAM, etc.) without relying on any metadata from the database, or needing metadata from the OS/file system. The tool uses database page carving to reconstruct both query-able data and non-query-able data (deleted and auxiliary data). We describe how the two kinds of data can be combined to enable a variety of forensic analysis questions hitherto unavailable to forensic investigators, including finding evidence of database tampering. We conclude with a brief demo of DBCarver.

Kat Traxler

Kat Traxler

JavasCrypto: How we are using browsers as Cryptographic Engines

In order to achieve end-to-end encryption, build zero-knowledge systems, and provide users with the convenience they are accustomed to, Web 2.0 is pushing cryptography to your browser. From secure e-mail to credit card transactions, our security is increasingly dependent on the integrity of client side javascript.
The opportunities for exploit are many but with every new vulnerability has come a potential mitigation, all in an attempt to strong arm these sensitive operations into the browser, limit an applications liability, and keep us users happy.
In my presentation, we will look at the fundamental nature of javascript, web browsers, and conclude what level of protection, in the best of circumstances, JavasCrypto affords the end user.


Zapp

Zapp

From zero to Bender in 12 months, how a software guy turned hardware

In this talk Zapp will walk you through how he went from barely knowing how to solder to building 175 electronic badges for DEF CON. He will detail the steps he took including projects he used to learn just enough to design, code, and produce the badges as well as share many of the screw-ups along the way. Finally, he will share a preview of the group’s DEF CON 25 badge.


Adam Everspaugh

Adam Everspaugh

Protecting Passwords with Oblivious Cryptography

Current schemes to protect user passwords like bcrypt, scrypt, and iterative hashing are insufficient to resist attacks when password digests are stolen. We present a modern cloud service, called Pythia, which protects passwords using a cryptographically keyed pseudorandom function (PRF). Unlike existing schemes like HMAC, Pythia permits key updates as a response to compromises. Key updates nullify stolen password digests, enable digests to be updated to the new key, and don’t require users to change their passwords. The keystone of Pythia is a new cryptographic construction called a partially-oblivious PRF that provides these new features.


Robert Reif

Robert Reif

Cluster Cracking Passwords & MDXfind

Password auditing is more important than ever before. We take a deep dive into some password cracking tools you probably have never seen.  Implementing a unified cluster interface allows you to complete password audits faster and gives collaborative teams access to information in real time. What about cracking unknown and obscure hashes? MDXfind covers a very wide array of hash algorithms and iterative hash types which can all be ran simultaneously. Come see how these tools work and how they can make your next password audit or penetration test a step above the rest.


Zapp & Toymakers

Zapp & Toymakers Mr. Blinky Bling  (Charles Lehman & Ben Hibben) + Mini

Mr. Blinky Bling (Charles Lehman & Ben Hibben) + Mini

Hackable Electronic Badge Panel

Hacker Conference Electronic Badge Panelists