Presented at
DEF CON 33 (2025),
Aug. 8, 2025, 9 a.m.
(240 minutes).
This hands-on course provides an in-depth exploration of Medical Device Penetration Testing, equipping security professionals with the skills to identify and exploit vulnerabilities in medical technologies. Participants will engage in practical exercises covering device board analysis and attacks, external network threats, bypassing kiosk controls, Windows and Linux post-exploitation techniques, and execution restriction bypasses. By leveraging real-world scenarios, this course ensures a comprehensive understanding of modern security risks and defense strategies in medical environments.
Presenters:
-
Michael "v3ga" Aguilar
- Principal Consultant at Sophos Red Team
Michael Aguilar (v3ga) is a Principal Consultant for Sophos Red Team. He leads efforts in Medical Device testing, Adversarial Simulations, Physical Security assessments, Network testing and more. Currently, he has 8 CVE vulnerabilities aligned with security issues located during testing at DEF CON's Biohacking Village Device Lab. He has also led the winning team of the DEF CON Biohacking Village CTF for two consecutive years.
-
Alex "cheet" Delifer
A seasoned medical device red team hacker with nearly a decade in the trenches, Alex Delifer (cheet) breaks stuff so others can sleep at night. He operates out of an unnamed medtech company, where he regularly tears through embedded systems, surgical robots, industrial controllers, APIs, and BIOS firmware like it’s target practice. A Biohacking Village Capture the Flag Champion at DEF CON, he’s known in some circles as the medical device testing sledgehammer—swinging hard, finding the flaws others miss, and leaving no UART unturned.
Similar Presentations: