DEF CON 30
took place Aug. 11, 2022 through Aug. 14, 2022 (2 years, 4 months ago) at Caesars Forum, Flamingo, Linq, and Harrah's in Las Vegas, Nevada, USA.
The general admission cost for the conference was $360.00[1].
Presentations
Thursday, Aug. 11, 2022
Friday, Aug. 12, 2022
-
09:00 - CICD security: A new eldorado Workshop
-
09:00 - The Art of Modern Malware Analysis: Initial Infection Malware, Infrastructure, and C2 Frameworks Workshop
-
09:00 - Introduction to Cryptographic Attacks Workshop
-
09:00 - DFIR Against the Digital Darkness: An Intro to Forensicating Evil Workshop
-
09:00 - Finding Security Vulnerabilities Through Fuzzing Workshop
-
09:30 - Combatting sexual abuse with threat intelligence techniques
-
10:00 - Access Undenied on AWS Demo
-
10:00 - TheAllCommander Demo
-
10:00 - Vajra - Your Weapon To Cloud Demo
-
10:00 - Computer Hacks in the Russia-Ukraine War
-
10:00 - Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious software still matters
-
10:00 - Panel - DEF CON Policy Dept - What is it, and what are we trying to do for hackers in the policy world?
-
10:00 - Panel - "So It's your first DEF CON" - How to get the most out of DEF CON, What NOT to do.
-
10:00 - FISSURE: The RF Framework Demo
-
10:00 - Zuthaka: A Command & Controls (C2s) integration framework Demo
-
10:30 - OopsSec -The bad, the worst and the ugly of APT’s operations security
-
10:35 - Hundreds of incidents, what can we share?
-
11:00 - The Dark Tangent & Mkfactor - Welcome to DEF CON & The Making of the DEF CON Badge
-
11:00 - The PACMAN Attack: Breaking PAC on the Apple M1 with Hardware Attacks
-
11:30 - Running Rootkits Like A Nation-State Hacker
-
11:30 - A Policy Fireside Chat with the National Cyber Director
-
11:40 - Android, Birthday Cake, Open Wifi... Oh my!
-
12:00 - Avoiding Memory Scanners: Customizing Malware to Evade YARA, PE-sieve, and More
-
12:00 - Glitched on Earth by humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal
-
12:00 - Wakanda Land Demo
-
12:00 - One Bootloader to Load Them All
-
12:00 - AzureGoat: Damn Vulnerable Azure Infrastructure Demo
-
12:00 - EMBA - Open-Source Firmware Security Testing Demo
-
12:00 - Red Teaming the Open Source Software Supply Chain
-
12:00 - Packet Sender Demo
-
12:00 - Hacking law is for hackers - how recent changes to CFAA, DMCA, and global policies affect security research
-
12:00 - Mercury Demo
-
12:10 - The Richest Phisherman in Colombia
-
12:30 - Global Challenges, Global Approaches in Cyber Policy
-
12:45 - Taking Down the Grid
-
13:00 - You’re <strike>Muted</strike>Rooted
-
13:00 - Backdooring Pickles: A decade only made things worse
-
13:00 - Emoji Shellcoding: 🛠️, 🧌, and 🤯
-
13:30 - A Policy Fireside Chat with Jay Healey
-
13:30 - Weaponizing Windows Syscalls as Modern, 32-bit Shellcode
-
13:50 - Don't Blow A Fuse: Some Truths about Fusion Centres
-
14:00 - FROM ZERO TO HERO IN A BLOCKCHAIN SECURITY Workshop
-
14:00 - Meet the Feds: ONCO Edition
-
14:00 - Emerging Technical Cyber Policy Topics
-
14:00 - Space Jam: Exploring Radio Frequency Attacks in Outer Space
-
14:00 - Securing Smart Contracts Workshop
-
14:00 - Phreaking 2.0 - Abusing Microsoft Teams Direct Routing
-
14:00 - Process injection: breaking all macOS security layers with a single vulnerability
-
14:00 - Securing Industrial Control Systems from the core: PLC secure coding practices Workshop
-
14:00 - CyberPeace Builders Demo
-
14:00 - AWSGoat : A Damn Vulnerable AWS Infrastructure Demo
-
14:00 - PCILeech and MemProcFS Demo
-
14:00 - Hand On Mainframe Buffer Overflows - RCE Edition Workshop
-
14:00 - AADInternals: The Ultimate Azure AD Hacking Toolkit Demo
-
14:00 - Badrats: Initial Access Made Easy Demo
-
14:00 - Emerging Cybersecurity Policy Topics
-
14:00 - Hacking the Metal 2: Hardware and the Evolution of C Creatures Workshop
-
14:30 - Trace me if you can: Bypassing Linux Syscall Tracing
-
14:30 - Leak The Planet: Veritatem cognoscere non pereat mundus
-
14:55 - Cloud Threat Actors: No longer cryptojacking for fun and profit
-
15:00 - Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.
-
15:00 - LSASS Shtinkering: Abusing Windows Error Reporting to Dump LSASS
-
15:30 - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
-
15:30 - How Russia is trying to block Tor
-
16:00 - Automated Trolling for Fun and No Profit
-
16:00 - Moving Regulation Upstream - An Increasing focus on the Role of Digital Service Providers
-
16:00 - Election Security Bridge Building
-
16:00 - Wireless Keystroke Injection (WKI) via Bluetooth Low Energy (BLE)
-
16:00 - Hacking ISPs with Point-to-Pwn Protocol over Ethernet (PPPoE)
-
16:30 - A dead man’s full-yet-responsible-disclosure system
-
16:30 - The Internet’s role in sanctions enforcement: Russia/Ukraine and the future
-
17:00 - Hunting Bugs in The Tropics
-
17:00 - Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS
-
17:05 - Deadly Russian Malware in Ukraine
-
17:30 - Deanonymization of TOR HTTP hidden services
-
17:30 - Walk This Way: What Run D.M.C. and Aerosmith Can Teach Us About the Future of Cybersecurity
-
18:00 - Pulling Passwords out of Configuration Manager: Practical Attacks against Microsoft's Endpoint Management Software
-
18:00 - Tear Down this Zywall: Breaking Open Zyxel Encrypted Firmware
-
18:00 - Killer Hertz
-
18:30 - Dragon Tails: Supply-side Security and International Vulnerability Disclosure Law
-
19:00 - Meet the Feds: CISA Edition (Lounge)
-
20:00 - Meet the Feds: DHS Edition (Lounge)
Saturday, Aug. 13, 2022
-
09:00 - Dig Dug: The Lost Art of Network Tunneling Workshop
-
09:00 - CTF 101: Breaking into CTFs (or “The Petting Zoo” - Breaking into CTFs) Workshop
-
09:00 - Windows Defence Evasion and Fortification Primitives Workshop
-
09:00 - Pivoting, Tunneling, and Redirection Master Class Workshop
-
09:00 - Master Class: Delivering a New Construct in Advanced Volatile Memory Analysis for Fun and Profit Workshop
-
09:30 - Geo-Targeting Live Tweets
-
10:00 - EDR detection mechanisms and bypass techniques with EDRSandBlast Demo
-
10:00 - Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All
-
10:00 - Memfini - A systemwide memory monitor interface for linux Demo
-
10:00 - svachal + machinescli Demo
-
10:00 - Brazil Redux: Short Circuiting Tech-Enabled Dystopia with The Right to Repair
-
10:00 - Hacking Operational Collaboration
-
10:00 - Literal Self-Pwning: Why Patients - and Their Advocates - Should Be Encouraged to Hack, Improve, and Mod Med Tech
-
10:00 - Injectyll-HIDe: Pushing the Future of Hardware Implants to the Next Level Demo
-
10:00 - Imagining a cyber policy crisis: Storytelling and Simulation for real-world risks
-
10:00 - Empire 4.0 and Beyond Demo
-
10:35 - What your stolen identity did on its CoViD vacation
-
11:00 - No-Code Malware: Windows 11 At Your Service
-
11:00 - How To Get MUMPS Thirty Years Later (or, Hacking The Government via FOIA'd Code)
-
11:00 - My First Hack Was in 1958 (Then A Career in Rock’n’Roll Taught Me About Security)
-
11:30 - Reversing the Original Xbox Live Protocols
-
11:40 - This one time, at this Hospital, I got Ransomware
-
12:00 - Defensive 5G Demo
-
12:00 - Tracking Military Ghost Helicopters over our Nation's Capital
-
12:00 - All Roads leads to GKE's Host : 4+ Ways to Escape
-
12:00 - alsanna Demo
-
12:00 - unblob - towards efficient firmware extraction Demo
-
12:00 - PMR - PT & VA Management & Reporting Demo
-
12:00 - Addressing the gap in assessing (or measuring) the harm of cyberattacks
-
12:00 - Hacking Aviation Policy
-
12:00 - SharpSCCM Demo
-
12:00 - The Evil PLC Attack: Weaponizing PLCs
-
12:30 - The hitchhacker’s guide to iPhone Lightning & JTAG hacking
-
12:30 - Analyzing PIPEDREAM: Challenges in testing an ICS attack toolkit.
-
12:30 - UFOs, Alien Life, and the Least Untruthful Things I Can Say.
-
12:45 - Voter Targeting, Location Data, and You
-
13:00 - Chromebook Breakout: Escaping Jail, with your friends, using a Pico Ducky
-
13:00 - Exploring Ancient Ruins to Find Modern Bugs: Discovering a 0-Day in an MS-RPC Service
-
13:30 - Do Not Trust the ASA, Trojans!
-
13:30 - HACK THE HEMISPHERE! How we (legally) broadcasted hacker content to all of North America using an end-of-life geostationary satellite, and how you can set up your own broadcast too!
-
13:50 - INTERNET WARS 2022: These wars aren't just virtual
-
14:00 - ResidueFree Demo
-
14:00 - Hybrid Phishing Payloads: From Threat-actors to You Workshop
-
14:00 - hls4ml - Open Source Machine Learning Accelerators on FPGAs Demo
-
14:00 - Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet
-
14:00 - OpenCola. The AntiSocial Network
-
14:00 - The COW (Container On Windows) Who Escaped the Silo
-
14:00 - Creating and uncovering malicious containers. Workshop
-
14:00 - Evading Detection: A Beginner's Guide to Obfuscation Workshop
-
14:00 - Automated Debugging Under The Hood - Building A Programmable Windows Debugger From Scratch (In Python) Workshop
-
14:00 - Xavier Memory Analysis Framework Demo
-
14:00 - Return-Oriented Policy Making for Open Source and Software Security
-
14:00 - OpenTDF Demo
-
14:00 - Control Validation Compass – Threat Modeling Aide & Purple Team Content Repo Demo
-
14:00 - Securing Web Apps Workshop
-
14:30 - Digging into Xiaomi’s TEE to get to Chinese money
-
14:30 - Doing the Impossible: How I Found Mainframe Buffer Overflows
-
15:00 - You Have One New Appwntment - Hacking Proprietary iCalendar Properties
-
15:00 - Déjà Vu: Uncovering Stolen Algorithms in Commercial Products
-
15:00 - The Big Rick: How I Rickrolled My High School District and Got Away With It
-
15:30 - Perimeter Breached! Hacking an Access Control System
-
15:30 - Automotive Ethernet Fuzzing: From purchasing ECU to SOME/IP fuzzing
-
15:30 - Tor: Darknet Opsec By a Veteran Darknet Vendor & the Hackers Mentality
-
16:00 - Trailer Shouting: Talking PLC4TRUCKS Remotely with an SDR
-
16:00 - Right Hand, Meet Left Hand: The Cybersecurity Implications of Non-Cybersecurity Internet Regulation (Community Roundtable)
-
16:00 - Dancing Around DRM
-
16:00 - Low Code High Risk: Enterprise Domination via Low Code Abuse
-
16:00 - International Government Action Against Ransomware
-
16:30 - Defeating Moving Elements in High Security Keys
-
16:30 - Why did you lose the last PS5 restock to a bot Top-performing app-hackers business modules, architecture, and techniques
-
17:00 - Hacking The Farm: Breaking Badly Into Agricultural Devices.
-
17:00 - Internal Server Error: Exploiting Inter-Process Communication with new desynchronization primitives
-
17:05 - Ghost Guns: Rapidly acquiring, constructing or improvising firearms
-
17:15 - Thinking About Election Security: Annual Debrief (Community Roundtable)
-
17:30 - Crossing the KASM -- a webapp pentest story
-
17:30 - Black-Box Assessment of Smart Cards
-
18:00 - The CSRF Resurrections! Starring the Unholy Trinity: Service Worker of PWA, SameSite of HTTP Cookie, and Fetch
-
18:30 - Digital Skeleton Keys - We’ve got a bone to pick with offline Access Control Systems
-
19:00 - D0 N0 H4RM: A Healthcare Security Conversation (Lounge)
Sunday, Aug. 14, 2022
Monday, Aug. 15, 2022
Tuesday, Aug. 16, 2022
- ^ This price is meant to give a general idea of the cost of attending the conference. Many conferences have varying prices based on number of days of attendance, early registration, tiers of support, or additional costs for workshops or trainings. The price here is meant to represent the most common cost for the majority of attendees. See the conference's homepage, if applicable, for details.