DEF CON 32 (2024)

DEF CON 32 took place Aug. 8, 2024 through Aug. 11, 2024 (3 months, 1 week ago) at Las Vegas Convention Center in Las Vegas, Nevada, USA.

The general admission cost for the conference was $460.00^[1].

Presentations

Thursday, Aug. 8, 2024

09:00 - Offensive SCCM: Abusing Microsoft's C2 Framework Workshop
09:00 - Dissecting Malware for Defense - Crafting Custom Yara Rules Workshop
09:00 - Tracing The Pain Away - Practical Binary Tracing Techniques For Defeating Modern Malware Protections Workshop
09:00 - Med Team vs Red Team: Intro into Medical Device Hacking Workshop
09:00 - Supercharge SAST: Semgrep Strategies for Secure Software Workshop
14:00 - Flipping the Coin: Red and Blue Teaming in Windows Environments (++) Workshop
14:00 - Dodging the EDR Bullet: A Workshop on Malware Stealth Tactics Workshop
14:00 - 64-bit Intel Assembly Language Programming for Hackers Workshop
14:00 - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 201 Workshop
14:00 - Long Live Empire: A C2 Workshop for Modern Red Teaming Workshop

Friday, Aug. 9, 2024

09:00 - Finding the Needle: An Introduction to Detection Engineering Workshop
09:00 - Whitebox Web Exploit Development Workshop
09:00 - Traumatic Library Loading : If you want to use it, you have to implement it... Workshop
09:00 - Small Choices, Global Repercussions: A Tabletop Exercise about Decision-Making in Healthcare Cybersecurity Workshop
09:00 - Machine Learning for N00bs Workshop
10:00 - Docker Exploitation Framework Demo
10:00 - Zip It Up, Sneak It In - Introduction of apkInspector Demo
10:00 - Volatile Vault - Data Exfiltration in 2024 Demo
10:00 - Bluetooth Landscape Exploration & Enumeration Platform (BLEEP) Demo
10:00 - Nebula - 3 Years of Kicking *aaS and Taking Usernames Demo
10:00 - Where’s the Money: Defeating ATM Disk Encryption
10:00 - Welcome to DEF CON
10:00 - Securing CCTV Cameras Against Blind Spots
10:00 - Mobile Mesh RF Network Exploitation: Getting the Tea from goTenna
10:00 - Behind Enemy Lines: Going undercover to breach the LockBit Ransomware Operation
10:00 - Cloud Offensive Breach and Risk Assessment (COBRA) Demo
10:30 - Spies and Bytes: Victory in the Digital Age
10:30 - Defeating magic by magic：Using ALPC security features to compromise RPC services
11:00 - Open sesame - or how vulnerable is your stuff in electronic lockers
11:00 - The XZ Backdoor Story: The Undercover Operation That Set the Internet on Fire
11:00 - No Symbols When Reversing? No Problem: Bring Your Own
11:30 - High Intensity Deconstruction: Chronicles of a Cryptographic Heist
11:30 - Atomic Honeypot: A MySQL Honeypot That Drops Shells
11:30 - Listen to the whispers: web timing attacks that actually work
12:00 - The World Wide Paraweb Demo
12:00 - Skynet Demo
12:00 - Tengu Marauder Demo
12:00 - BypassIT - Using AutoIT & Similar Tools for Covert Payload Delivery Demo
12:00 - distribRuted - Distributed Attack Framework Demo
12:00 - Serberus Demo
12:00 - Fireside Chat with DNSA Anne Neuberger
12:00 - On Your Ocean's 11 Team, I'm the AI Guy (technically Girl)
12:00 - Veilid Dev and Community Meetup
12:30 - Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnerabilities for Initial Access
13:00 - Defeating EDR Evading Malware with Memory Forensics
13:00 - If Existing Cyber Vulnerabilities Magically Disappeared Overnight, What Would Be Next?
13:00 - Sshamble: Unexpected Exposures in the Secure Shell
13:30 - Xiaomi The Money - Our Toronto Pwn2Own Exploit and Behind The Scenes Story
13:30 - Digital Emblems: When markings are required under international law, but you don’t have a rattle-can handy
14:00 - The Way To Android Root: Exploiting Your GPU On Smartphone
14:00 - From an attacker's lair to your home: A practical journey through the world of Malware Workshop
14:00 - Dissecting and Defeating Ransomware's Evasion Tactics Workshop
14:00 - Hopper - Distributed Fuzzer Demo
14:00 - XenoboxX - Hardware Sandbox Toolkit Demo
14:00 - Automated Control Validation with Tommyknocker Demo
14:00 - HIDe & SEEK Demo
14:00 - Garak Demo
14:00 - SCAGoat - Exploiting Damn Vulnerable SCA Application Demo
14:00 - Learning to Hack Bluetooth Low Energy with BLE CTF Workshop
14:00 - Hack the connected plant! Workshop
14:00 - Ghidra Analysis & Automation Masterclass Workshop
14:00 - DEF CON Unplugged: Cocktails & Cyber with Jeff & Jen
14:00 - Optical Espionage: Using Lasers to Hear Keystrokes Through Glass Windows
14:30 - Joe and Bruno's Guide to Hacking Time: Regenerating Passwords from RoboForm's Password Generator
14:30 - Breaching AWS Accounts Through Shadow Resources
15:00 - Abusing Windows Hello Without a Severed Hand
15:00 - DC101 Panel
15:00 - Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?
15:30 - Taming the Beast: Inside the Llama 3 Red Team Process
15:30 - Social Engineering Like you’re Picard
16:00 - Making the DEF CON 32 Badge
16:00 - Eradicating Hepatitis C With BioTerrorism
16:00 - Outlook Unleashing RCE Chaos: CVE-2024-30103 & CVE-2024-38021
16:30 - Leveraging private APNs for mobile network traffic analysis
16:30 - Why are you still, using my server for your internet access.
17:00 - Bricked & Abandoned: How To Keep The IoT From Becoming An Internet of Trash
17:00 - One for all and all for WHAD: wireless shenanigans made easy !
17:00 - Breaking Secure Web Gateways (SWG) for Fun and Profit
17:30 - Stranger in a Changed Land
17:30 - Exploiting Bluetooth - from your car to the bank account$$
18:00 - DEF CON Franklin Project

Saturday, Aug. 10, 2024

09:00 - Sharp Security from All Angles: Mastering Security in .NET Core 8 and Angular 17 Applications Workshop
09:00 - Industrial Control Systems: how to secure them in practice! Workshop
09:00 - Hacking The Metal: A Spark of Intelligence Workshop
09:00 - Hacking Apps on Salesforce Workshop
09:00 - Capture the Flag 101 Workshop
10:00 - MITRE Caldera Demo
10:00 - Testbed Virtual Factory Demo
10:00 - 5Ghoul Framework - 5G NR Attacks & 5G OTA Fuzzing Demo
10:00 - Tempest Demo
10:00 - Maestro Demo
10:00 - Cyber Security Transformation Chef (CSTC) Demo
10:00 - The Pwnie Awards
10:00 - Reverse Engineering MicroPython Frozen Modules: Data Structures, Reconstruction, and Reading Bytecode
10:00 - Mutual authentication is optional
10:00 - Laundering Money
10:00 - CULT OF THE DEAD COW & Friends Present: Prime Cuts from Hacker History - 40 Years of 31337
10:30 - Smishing Smackdown: Unraveling the Threads of USPS Smishing and Fighting Back
10:30 - Gotta Cache ‘em all: bending the rules of web cache exploitation
11:00 - SHIM me what you got - Manipulating Shim and Office for Code Injection
11:00 - The Rise and Fall of Binary Exploitation
11:30 - QuickShell: Sharing is caring about an RCE attack chain on Quick Share
11:30 - Sudos and Sudon’ts - Peering inside Sudo for Windows
12:00 - GC2 - The First Serverless Command & Control Demo
12:00 - CODASM - Hiding Payloads in Plain .text Demo
12:00 - automobiles, alcohol, blood, sweat, and creative reversing of an obfuscated Car-Modding tool
12:00 - Grand Theft Actions: Abusing Self-Hosted GitHub Runners at Scale
12:00 - Disenshittify or die! How hackers can seize the means of computation and build a new, good internet that is hardened against our asshole bosses' insatiable horniness for enshittification.
12:00 - FACTION Demo
12:00 - MPT - Pentest in Action Demo
12:00 - The Metasploit Framework v6.4 Demo
12:00 - Open Hardware Design for BusKill Cord Demo
12:30 - AMD Sinkclose: Universal Ring -2 Privilege Escalation
12:30 - The Secret Life of a Rogue Device - Lost IT Assets on the Public Marketplace
13:00 - Fireside Chat with Jay Healey and National Cyber Director Harry Coker, Jr.
13:00 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’
13:00 - OH-MY-DC: Abusing OIDC all the way to your cloud
13:30 - NTLM - The Last Ride
13:30 - Behind Enemy Lines: Engaging and Disrupting Ransomware Web Panels
14:00 - Vovk - Advanced YARA Rule Generator v2.0 Demo
14:00 - TheAllCommander 2.0 Demo
14:00 - Drop-Pi Demo
14:00 - Moriarty Demo
14:00 - Crash Course in Physical Access Control Systems Workshop
14:00 - Email Detection Engineering and Threat Hunting Workshop
14:00 - SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level
14:00 - Discovering and exploiting local attacks against the 1Password MacOS desktop application
14:00 - Hacking Millions of Modems (and Investigating Who Hacked My Modem)
14:00 - Farming Ndays with GreyNoise Demo
14:00 - Master Class: Hands-On Machine Learning to Enhance Malware Analysis, Classification, and Detection Workshop
14:00 - MITRE Caldera for OT Demo
14:00 - Playing with RFID Workshop
14:30 - Troll Trapping Through TAS Tools - Exposing Speedrunning Cheaters
14:30 - ACE up the Sleeve: From getting JTAG on the iPhone 15 to hacking into Apple's new USB-C Controller
15:00 - Exploiting the Unexploitable: Insights from the Kibana Bug Bounty
15:00 - Measuring the Tor Network
15:00 - A Shadow Librarian in Broad Daylight: Fighting back against ever encroaching capitalism
15:30 - HookChain: A new perspective for Bypassing EDR Solutions
15:30 - Unsaflok: Hacking millions of hotel locks
16:00 - Compromising an Electronic Logging Device and Creating a Truck2Truck Worm
16:00 - Encrypted newspaper ads in the 19th century - The world's first worldwide secure communication system
16:00 - Secrets and Shadows: Leveraging Big Data for Vulnerability Discovery at Scale
16:30 - DEF CON Academy: Cultivating M4D SK1LLZ In the DEF CON Community
16:30 - Breaking the Beam: Exploiting VSAT Satellite Modems from the Earth's Surface
16:30 - Watchers being watched: Exploiting the Surveillance System and its supply chain
17:00 - Techniques for Creating Process Injection Attacks with Advanced Return-Oriented Programming
17:00 - A Treasure Trove of Failures: What History’s Greatest Heist Can Teach Us About Defense In Depth
17:30 - Nano-Enigma: Uncovering the Secrets Within eFuse Memories
17:30 - Iconv, set the charset to RCE: exploiting the glibc to hack the PHP engine

Sunday, Aug. 11, 2024

Presenters

^ This price is meant to give a general idea of the cost of attending the conference. Many conferences have varying prices based on number of days of attendance, early registration, tiers of support, or additional costs for workshops or trainings. The price here is meant to represent the most common cost for the majority of attendees. See the conference's homepage, if applicable, for details.