DEF CON 30
took place Aug. 11, 2022 through Aug. 14, 2022 (1 year, 8 months ago)
at Caesars Forum, Flamingo, Linq, and Harrah's in Las Vegas, Nevada, USA.
The general admission cost for the conference was $360.00[1].
Presentations
Thursday, Aug. 11, 2022
Friday, Aug. 12, 2022
-
09:00 - CICD security: A new eldorado Workshop
-
09:00 - The Art of Modern Malware Analysis: Initial Infection Malware, Infrastructure, and C2 Frameworks Workshop
-
09:00 - Finding Security Vulnerabilities Through Fuzzing Workshop
-
09:00 - Introduction to Cryptographic Attacks Workshop
-
09:00 - DFIR Against the Digital Darkness: An Intro to Forensicating Evil Workshop
-
09:30 - Combatting sexual abuse with threat intelligence techniques
-
10:00 - Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious software still matters
-
10:00 - Access Undenied on AWS Demo
-
10:00 - Panel - "So It's your first DEF CON" - How to get the most out of DEF CON, What NOT to do.
-
10:00 - FISSURE: The RF Framework Demo
-
10:00 - Zuthaka: A Command & Controls (C2s) integration framework Demo
-
10:00 - Vajra - Your Weapon To Cloud Demo
-
10:00 - TheAllCommander Demo
-
10:00 - Panel - DEF CON Policy Dept - What is it, and what are we trying to do for hackers in the policy world?
-
10:00 - Computer Hacks in the Russia-Ukraine War
-
10:30 - OopsSec -The bad, the worst and the ugly of APT’s operations security
-
10:35 - Hundreds of incidents, what can we share?
-
11:00 - The PACMAN Attack: Breaking PAC on the Apple M1 with Hardware Attacks
-
11:00 - The Dark Tangent & Mkfactor - Welcome to DEF CON & The Making of the DEF CON Badge
-
11:30 - A Policy Fireside Chat with the National Cyber Director
-
11:30 - Running Rootkits Like A Nation-State Hacker
-
11:40 - Android, Birthday Cake, Open Wifi... Oh my!
-
12:00 - Avoiding Memory Scanners: Customizing Malware to Evade YARA, PE-sieve, and More
-
12:00 - Glitched on Earth by humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal
-
12:00 - Wakanda Land Demo
-
12:00 - One Bootloader to Load Them All
-
12:00 - Red Teaming the Open Source Software Supply Chain
-
12:00 - Hacking law is for hackers - how recent changes to CFAA, DMCA, and global policies affect security research
-
12:00 - AzureGoat: Damn Vulnerable Azure Infrastructure Demo
-
12:00 - Mercury Demo
-
12:00 - EMBA - Open-Source Firmware Security Testing Demo
-
12:00 - Packet Sender Demo
-
12:10 - The Richest Phisherman in Colombia
-
12:30 - Global Challenges, Global Approaches in Cyber Policy
-
12:45 - Taking Down the Grid
-
13:00 - Backdooring Pickles: A decade only made things worse
-
13:00 - You’re <strike>Muted</strike>Rooted
-
13:00 - Emoji Shellcoding: 🛠️, 🧌, and 🤯
-
13:30 - Weaponizing Windows Syscalls as Modern, 32-bit Shellcode
-
13:30 - A Policy Fireside Chat with Jay Healey
-
13:50 - Don't Blow A Fuse: Some Truths about Fusion Centres
-
14:00 - Badrats: Initial Access Made Easy Demo
-
14:00 - CyberPeace Builders Demo
-
14:00 - AWSGoat : A Damn Vulnerable AWS Infrastructure Demo
-
14:00 - PCILeech and MemProcFS Demo
-
14:00 - AADInternals: The Ultimate Azure AD Hacking Toolkit Demo
-
14:00 - Emerging Cybersecurity Policy Topics
-
14:00 - Hacking the Metal 2: Hardware and the Evolution of C Creatures Workshop
-
14:00 - FROM ZERO TO HERO IN A BLOCKCHAIN SECURITY Workshop
-
14:00 - Hand On Mainframe Buffer Overflows - RCE Edition Workshop
-
14:00 - Meet the Feds: ONCO Edition
-
14:00 - Emerging Technical Cyber Policy Topics
-
14:00 - Securing Smart Contracts Workshop
-
14:00 - Securing Industrial Control Systems from the core: PLC secure coding practices Workshop
-
14:00 - Process injection: breaking all macOS security layers with a single vulnerability
-
14:00 - Phreaking 2.0 - Abusing Microsoft Teams Direct Routing
-
14:00 - Space Jam: Exploring Radio Frequency Attacks in Outer Space
-
14:30 - Leak The Planet: Veritatem cognoscere non pereat mundus
-
14:30 - Trace me if you can: Bypassing Linux Syscall Tracing
-
14:55 - Cloud Threat Actors: No longer cryptojacking for fun and profit
-
15:00 - Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.
-
15:00 - LSASS Shtinkering: Abusing Windows Error Reporting to Dump LSASS
-
15:30 - How Russia is trying to block Tor
-
15:30 - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
-
16:00 - Automated Trolling for Fun and No Profit
-
16:00 - Hacking ISPs with Point-to-Pwn Protocol over Ethernet (PPPoE)
-
16:00 - Election Security Bridge Building
-
16:00 - Wireless Keystroke Injection (WKI) via Bluetooth Low Energy (BLE)
-
16:00 - Moving Regulation Upstream - An Increasing focus on the Role of Digital Service Providers
-
16:30 - The Internet’s role in sanctions enforcement: Russia/Ukraine and the future
-
16:30 - A dead man’s full-yet-responsible-disclosure system
-
17:00 - Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS
-
17:00 - Hunting Bugs in The Tropics
-
17:05 - Deadly Russian Malware in Ukraine
-
17:30 - Deanonymization of TOR HTTP hidden services
-
17:30 - Walk This Way: What Run D.M.C. and Aerosmith Can Teach Us About the Future of Cybersecurity
-
18:00 - Pulling Passwords out of Configuration Manager: Practical Attacks against Microsoft's Endpoint Management Software
-
18:00 - Tear Down this Zywall: Breaking Open Zyxel Encrypted Firmware
-
18:00 - Killer Hertz
-
18:30 - Dragon Tails: Supply-side Security and International Vulnerability Disclosure Law
-
19:00 - Meet the Feds: CISA Edition (Lounge)
-
20:00 - Meet the Feds: DHS Edition (Lounge)
Saturday, Aug. 13, 2022
-
09:00 - Pivoting, Tunneling, and Redirection Master Class Workshop
-
09:00 - Dig Dug: The Lost Art of Network Tunneling Workshop
-
09:00 - CTF 101: Breaking into CTFs (or “The Petting Zoo” - Breaking into CTFs) Workshop
-
09:00 - Windows Defence Evasion and Fortification Primitives Workshop
-
09:00 - Master Class: Delivering a New Construct in Advanced Volatile Memory Analysis for Fun and Profit Workshop
-
09:30 - Geo-Targeting Live Tweets
-
10:00 - EDR detection mechanisms and bypass techniques with EDRSandBlast Demo
-
10:00 - Empire 4.0 and Beyond Demo
-
10:00 - Literal Self-Pwning: Why Patients - and Their Advocates - Should Be Encouraged to Hack, Improve, and Mod Med Tech
-
10:00 - Imagining a cyber policy crisis: Storytelling and Simulation for real-world risks
-
10:00 - Brazil Redux: Short Circuiting Tech-Enabled Dystopia with The Right to Repair
-
10:00 - svachal + machinescli Demo
-
10:00 - Hacking Operational Collaboration
-
10:00 - Memfini - A systemwide memory monitor interface for linux Demo
-
10:00 - Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All
-
10:00 - Injectyll-HIDe: Pushing the Future of Hardware Implants to the Next Level Demo
-
10:35 - What your stolen identity did on its CoViD vacation
-
11:00 - My First Hack Was in 1958 (Then A Career in Rock’n’Roll Taught Me About Security)
-
11:00 - No-Code Malware: Windows 11 At Your Service
-
11:00 - How To Get MUMPS Thirty Years Later (or, Hacking The Government via FOIA'd Code)
-
11:30 - Reversing the Original Xbox Live Protocols
-
11:40 - This one time, at this Hospital, I got Ransomware
-
12:00 - The Evil PLC Attack: Weaponizing PLCs
-
12:00 - unblob - towards efficient firmware extraction Demo
-
12:00 - alsanna Demo
-
12:00 - Defensive 5G Demo
-
12:00 - Tracking Military Ghost Helicopters over our Nation's Capital
-
12:00 - All Roads leads to GKE's Host : 4+ Ways to Escape
-
12:00 - PMR - PT & VA Management & Reporting Demo
-
12:00 - SharpSCCM Demo
-
12:00 - Addressing the gap in assessing (or measuring) the harm of cyberattacks
-
12:00 - Hacking Aviation Policy
-
12:30 - UFOs, Alien Life, and the Least Untruthful Things I Can Say.
-
12:30 - The hitchhacker’s guide to iPhone Lightning & JTAG hacking
-
12:30 - Analyzing PIPEDREAM: Challenges in testing an ICS attack toolkit.
-
12:45 - Voter Targeting, Location Data, and You
-
13:00 - Chromebook Breakout: Escaping Jail, with your friends, using a Pico Ducky
-
13:00 - Exploring Ancient Ruins to Find Modern Bugs: Discovering a 0-Day in an MS-RPC Service
-
13:30 - Do Not Trust the ASA, Trojans!
-
13:30 - HACK THE HEMISPHERE! How we (legally) broadcasted hacker content to all of North America using an end-of-life geostationary satellite, and how you can set up your own broadcast too!
-
13:50 - INTERNET WARS 2022: These wars aren't just virtual
-
14:00 - Return-Oriented Policy Making for Open Source and Software Security
-
14:00 - hls4ml - Open Source Machine Learning Accelerators on FPGAs Demo
-
14:00 - Control Validation Compass – Threat Modeling Aide & Purple Team Content Repo Demo
-
14:00 - ResidueFree Demo
-
14:00 - Securing Web Apps Workshop
-
14:00 - Hybrid Phishing Payloads: From Threat-actors to You Workshop
-
14:00 - OpenCola. The AntiSocial Network
-
14:00 - Evading Detection: A Beginner's Guide to Obfuscation Workshop
-
14:00 - Automated Debugging Under The Hood - Building A Programmable Windows Debugger From Scratch (In Python) Workshop
-
14:00 - Creating and uncovering malicious containers. Workshop
-
14:00 - Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet
-
14:00 - Xavier Memory Analysis Framework Demo
-
14:00 - OpenTDF Demo
-
14:00 - The COW (Container On Windows) Who Escaped the Silo
-
14:30 - Digging into Xiaomi’s TEE to get to Chinese money
-
14:30 - Doing the Impossible: How I Found Mainframe Buffer Overflows
-
15:00 - The Big Rick: How I Rickrolled My High School District and Got Away With It
-
15:00 - Déjà Vu: Uncovering Stolen Algorithms in Commercial Products
-
15:00 - You Have One New Appwntment - Hacking Proprietary iCalendar Properties
-
15:30 - Tor: Darknet Opsec By a Veteran Darknet Vendor & the Hackers Mentality
-
15:30 - Perimeter Breached! Hacking an Access Control System
-
15:30 - Automotive Ethernet Fuzzing: From purchasing ECU to SOME/IP fuzzing
-
16:00 - Right Hand, Meet Left Hand: The Cybersecurity Implications of Non-Cybersecurity Internet Regulation (Community Roundtable)
-
16:00 - International Government Action Against Ransomware
-
16:00 - Dancing Around DRM
-
16:00 - Trailer Shouting: Talking PLC4TRUCKS Remotely with an SDR
-
16:00 - Low Code High Risk: Enterprise Domination via Low Code Abuse
-
16:30 - Defeating Moving Elements in High Security Keys
-
16:30 - Why did you lose the last PS5 restock to a bot Top-performing app-hackers business modules, architecture, and techniques
-
17:00 - Internal Server Error: Exploiting Inter-Process Communication with new desynchronization primitives
-
17:00 - Hacking The Farm: Breaking Badly Into Agricultural Devices.
-
17:05 - Ghost Guns: Rapidly acquiring, constructing or improvising firearms
-
17:15 - Thinking About Election Security: Annual Debrief (Community Roundtable)
-
17:30 - Black-Box Assessment of Smart Cards
-
17:30 - Crossing the KASM -- a webapp pentest story
-
18:00 - The CSRF Resurrections! Starring the Unholy Trinity: Service Worker of PWA, SameSite of HTTP Cookie, and Fetch
-
18:30 - Digital Skeleton Keys - We’ve got a bone to pick with offline Access Control Systems
-
19:00 - D0 N0 H4RM: A Healthcare Security Conversation (Lounge)
Sunday, Aug. 14, 2022
Monday, Aug. 15, 2022
Tuesday, Aug. 16, 2022
- ^ This price is meant to give a general idea of the cost of attending the conference. Many conferences have varying prices based on number of days of attendance, early registration, tiers of support, or additional costs for workshops or trainings. The price here is meant to represent the most common cost for the majority of attendees. See the conference's homepage, if applicable, for details.