DEF CON 25 - Thursday, July 27
00:00
Schrenk
Social Engineering The News
MacPherson
Uncovering useful and embarrassing info with Maltego
10:00
Young
There's no place like 127.0.0.1 - Achieving reliable DNS rebinding in modern browsers
Medina
Where are the SDN Security Talks?
11:00
DeSantis
From Box to Backdoor: Using Old School Tools and Techniques to Discover Backdoors in Modern Devices
Hecker
Opt Out or Deauth Trying !- Anti-Tracking Bots Radios and Keystroke Injection
12:00
Suiche
Porosity: A Decompiler For Blockchain-Based Smart Contracts Bytecode
Bazaliy
Jailbreaking Apple Watch
13:00
Joyce
Amateur Digital Archeology
Rozner
Wiping out CSRF
13:30
Village Setup (Volunteers and Organizers Only)
14:00
Metcalf, Steere
Hacking the Cloud
Wixey
See no evil, hear no evil: Hacking invisibly and silently with light and sound
15:00
Forgety
Inside the "Meet Desai" Attack: Defending Distributed Targets from Distributed Attacks
Maldonado
Real-time RFID Cloning in the Field
15:20
Mendoza
Exploiting 0ld Mag-stripe information with New technology
15:30
Volunteer Huddle
16:00
HighWiz, Niki7a, Roamer, Shaggy, Unicorn, Wiseacre
DEF CON 101 Panel
Caezar, Eagle, Invisigoth, John, Myles, Vulc@n
The Last CTF Talk You'll Ever Need: AMA with 20 years of DEF CON Capture-the-Flag organizers
DEF CON 25 - Friday, July 28
10:00
Zheng
macOS/iOS Kernel Debugging and Heap Feng Shui
Tangent
Welcome to DEF CON 25
Kasparov
The Brain's Last Stand
Engel
Secret Tools: Learning about Government Surveillance Software You Can't Ever See
Welcome - Friday
10:20
Wardle
Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server
Sosonkin
Hacking travel routers like it's 1999
Bailey, Matwyshyn, McSweeny, Schwartz, Wiswell
Panel: Meet The Feds
10:30
Cheung
Hacking on Multiparty Computation
11:00
Sumner
Rage Against the Weaponized AI Propaganda Machine
Cauquil
Weaponizing the BBC Micro:Bit
Karagiannis
Hacking Smart Contracts
Wong
SHA-3 vs the world
11:30
Wheeler
WS: Mansion Apartment Shack House: How To Explain Crypto To Practic
12:00
Zatko
CITL and the Digital Standard - A Year Later
Seidle
Open Source Safe Cracking Robots - Combinations Under 1 Hour! (Is it bait? Damn straight it is.)
Tsai
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
Kanuck
Hacking Democracy: A Socratic Dialogue
Huerta
Alice and Bob are Slightly Less Confused
WS: Breaking the Uber Badge Ciphers
13:00
Madrigal
Controlling IoT devices with crafted radio signals
Pitts
Teaching Old Shellcode New Tricks
Behrens, Heffner
Starting the Avalanche: Application DoS In Microservice Architectures
Dingledine
Next-Generation Tor Onion Services
Forgety
Protecting Users' Privacy in a Location-Critical Enterprise: The Ch
Crowley
WS: FeatherDuster and Cryptanalib workshop
14:00
Robinson
Using GPS Spoofing to control time
Wardle
Death By 1000 Installers; on macOS, it's all broken!
Domas
Breaking the x86 Instruction Set
Bursztein
How we created the first SHA-1 collision and what it means for hash security
Brandt
Breaking TLS: A Year in Incremental Privacy Improvements
15:00
XlogicX
Assembly Language is Too High Level
Owen
Phone system testing and other fun tricks
Dewes, Eckert
Dark Data
Böck
Abusing Certificate Transparency Logs
Mook, Wallenstrom
A New Political Era: Time to start wearing tin-foil hats following
Dain, Ermishkin
WS: NoiseSocket: Extending Noise to Make Every TCP Connection Secur
16:00
Knight, Newlin
Radio Exploitation 101: Characterizing, Contextualizing, and Applying Wireless Attack Methods
Klein, Kotler
The Adventures of AV and the Leaky Sandbox
Robbins, Schroeder
An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
McSweeny, Merrill
"Tick, Tick, Tick. Boom! You're Dead." — Tech & the FTC
Susanka
Security Analysis of the Telegram IM
Underhanded Crypto Announcement
16:30
Cryptanalysis in the Time of Ransomware
17:00
Kondratenko
Cisco Catalyst Exploitation
Grifter, Li, Malfunction, Moss, S0ups, Street, Waz, White
Panel: DEF CON Groups
Cramb, Schwartz
MEATPISTOL, A Modular Malware Implant Framework
Hill, Quintin
The Internet Already Knows I'm Pregnant
Connolly
WS: Supersingular Isogeny Diffie-Hellman
17:30
panel]
Unfairplay (NOT RECORDED)
20:00
Kanuck
Hacking Democracy
Kentaro
Horror stories of a translator and how a tweet can start a war with less than 140 characters
Buttar, Cardozo, Galperin, Opsahl, Walsh
Panel - An Evening with the EFF
DEF CON 25 - Saturday, July 29
10:00
Knowles
Persisting with Microsoft Office: Abusing Extensibility Options
Doctorow
$BIGNUM steps forward, $TRUMPNUM steps back: how can we tell if we're winning?
Holmes
Get-$pwnd: Attacking Battle-Hardened Windows Server
Lei, Yunhai
The spear to break the security wall of S7CommPlus
Welcome - Saturday
10:20
Staggs
Breaking Wind: Adventures in Hacking Wind Farm Control Networks
Coltel, Provost
WSUSpendu: How to hang WSUS clients
K2
(Un)Fucking Forensics: Active/Passive (i.e. Offensive/Defensive) memory hacking/debugging.
10:30
J4RV1S
The Surveillance Capitalism Will Continue Until Morale Improves
11:00
Baxendale
Microservices and FaaS for Offensive Security
FitzPatrick, Leibowitz
Secure Tokin' and Doobiekeys: How to roll your own counterfeit hardware security devices
Stanley, Williams
If You Give a Mouse a Microchip... It will execute a payload and cheat at your high-stakes video game tournament
Anderson
Evading next-gen AV using artificial intelligence
Tankersley
WS: Implementing An Elliptic Curve in Go
11:20
Snezhkov
Abusing Webhooks for Command and Control
0x00string, CJ_000, Maximus64, Zenofex
All Your Things Are Belong To Us
11:30
Kloc
Privacy is Not An Add-On: Designing for Privacy from the Ground Up
12:00
Bazhaniuk, Michael, Shkatov
Driving down the rabbit hole
Thieme
When Privacy Goes Poof! Why It's Gone and Never Coming Back
Nitterauer
DNS - Devious Name Services - Destroying Privacy & Anonymity Without Your Consent
Nangle
Operational Security Lessons from the Dark Web
12:30
Johnson
WS: Secrets Management in the Cloud
13:00
El-Sherei
Demystifying Windows Kernel Exploitation by Abusing GDI Objects.
Dillon, Harding
Koadic C3 - Windows COM Command & Control Framework
Manfred
Twenty Years of MMORPG Hacking: Better Graphics, Same Exploits
Raggo, Tully
A Picture is Worth a Thousand Words, Literally: Deep Neural Networks for Social Stego
The Symantec/Chrome SSL debacle - how to do this better...
14:00
Eissa
Attacking Autonomic Networks
Cvrcek, Mavroudis
Trojan-tolerant Hardware & Supply Chain Security in Practice
Haltmeyer, Woodbury
Linux-Stack Based V2X Framework: All You Need to Hack Connected Vehicles
Cano
XenoScan: Scanning Memory Like a Boss
Rucker
Have you seen my naked selfies? Neither has my snoopy boyfriend. Pr
Guirao
WS: SECURE COMMUNICATIONS IN ANDROID WITH TLS/SSL
15:00
Thompson
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt)
Hernandez, MacDonald-Evoy, Richards
Tracking Spies in the Skies
trixr4skids
DOOMed Point of Sale Systems
Professor Plum
Digital Vengeance: Exploiting the Most Notorious C&C Toolkits
Corman, Hurd, Langevin
DC to DEF CON: Q&A with Congressmen James Langevin and Will Hurd
Sidorov
Yet another password hashing talk
15:30
Geers
Core Illumination: Traffic Analysis in Cyberspace
16:00
Ayoul3
Dealing the perfect hand - Shuffling memory blocks on z/OS
Raz, Shochat
From "One Country - One Floppy" to "Startup Nation" - the story of the early days of the Israeli hacking community, and the journey towards today's vibrant startup scene
Grayson, Lamb, Newlin
CableTap: Wirelessly Tapping Your Home Network
Brown, Latimer
Game of Drones: Putting the Emerging "Drone Defense" Market to the Test
Birr-Pixton
rustls: modern\, fast\, safer TLS
17:00
Gofman, Simakov
Here to stay: Gaining persistency by abusing advanced authentication mechanisms
Schenk
Taking Windows 10 Kernel Exploitation to the next level - Leveraging write-what-where vulnerabilities in Creators Update
Haddix
Introducing HUNT: Data Driven Web Hacking & Manual Testing
Plore
Popping a Smart Gun
Brotherston
Blue Team TLS Hugs
17:30
Romailler
Automated Testing using Crypto Differential Fuzzing (DO NOT RECORD)
20:00
Bailey, Dowsett, Friedman, Koran, Leiserson
Panel - Meet the Feds (who care about security research)
Corman, Dameff, McNeil, Radcliffe, Schwartz, Tully, Woods
D0 No H4RM: A Healthcare Security Conversation
DEF CON 25 - Sunday, July 30
10:00
Bashan, Makkaveev
Unboxing Android: Everything you wanted to know about Android packers
Gentry
I Know What You Are by the Smell of Your Wifi
Datko, Quartier
Breaking Bitcoin Hardware Wallets
0ctane
Untrustworthy Hardware and How to Fix It
10:20
Redezem
PEIMA (Probability Engine to Identify Malicious Activity): Using Power Laws to address Denial of Service Attacks
Azouri
BITSInject
chaosdata
Ghost in the Droid: Possessing Android Applications with ParaSpectre
10:30
Welcome - Sunday
11:00
Schrodinger
Total Recall: Implanting Passwords in Cognitive Memory
Fritschie, Teitelman
Backdooring the Lottery and Other Security Tales in Gaming over the Past 25 Years
spaceB0x
Exploiting Continuous Integration (CI) and Automated Build systems
Huang, Zheng
'Ghost Telephonist' Impersonates You Through LTE CSFB
Manian
WS: Reasoning about Consensus Algorithms
11:30
Lackey
Cypherpunks History
12:00
Ryan
The Black Art of Wireless Post Exploitation
Sprundel
Are all BSDs are created equally? A survey of BSD kernel vulnerabilities.
Bjarnason, Jones
The call is coming from inside the house! Are you ready for the next evolution in DDoS attacks?
Sotos
Genetic Diseases to Guide Digital Hacks of the Human Genome: How the Cancer Moonshot Program will Enable Almost Anyone to Crash the Operating System that Runs You or to End Civilization...
Duero
The Key Management Facility of the Root Zone DNSSEC KSK
12:30
Curevac
The Policy & Business Case for Privacy By Design
13:00
Cohen
Game of Chromes: Owning the Web with Zombie Chrome Extensions
Huber, Rasthofer
Bypassing Android Password Manager Apps Without Root
Mahjoub, Mathew
Malicious CDNs: Identifying Zbot Domains en Masse via SSL Certificates and Bipartite Graphs
Bohannon, Holmes
Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
13:30
Arciszewski
The Why and How for Secure Automatic Patch Management
14:00
Cohen
Call the plumber - you have a leak in your (named) pipe
Morris, Petro
Weaponizing Machine Learning: Humanity Was Overrated Anyway
Shan, Yuan
Man in the NFC
Mirosh, Muñoz
Friday the 13th: JSON attacks!
Closing
15:00
Shoshitaishvili
25 Years of Program Analysis
16:30
Closing Ceremony


Instructions

This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.

Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.