DEF CON® Hacking Conference

Voices from the Frontlines: Managing Bug Bounties at Scale
Gabriel Nitu
Jay Dancer
Tyson Laa Deng
Ryan Nolette
Goraksh Shinde
Jill "thejillboss" Moné-Corallo

What Game Hackers teach us about Offensive Security and Red Teaming
Joe "Juno" Aurelio

What is Dead May Never Die: The Immortality of SDK Bugs
Richard "HeadlessZeke" Lawshae

What’s Really in the Box? The Case for Hardware Provenance and HBOMs
Allan Friedman

Your Passkey is Weak: Phishing the Unphishable
Chad Spensky, Ph.D.

No Spook Leaves Randomness to Chance

Friday 10:00 for 60 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Shaanan Cohney

Organized by Crypto Privacy Village

Shaanan Cohney

Dr. Shaanan Cohney is the Deputy Head of the School of Computing and Information Systems at the University of Melbourne. Coming from the security community, his research attempts to use a wide variety of traditional computer science research techniques to address problems in public policy.

His work has won a variety of awards, including a 2016 Pwnie for Best Cryptographic Attack and multiple best/distinguished papers at top security conferences. He is also the winner of six teaching awards including a national level award for his intro to algorithms course.

Past work has included a fellowship with Senator Ron Wyden and a summer stint at the FTC working on public policy. His academic bio won't say this, but he has a history of getting into (only the right sorts of) trouble.

Secret Life of an Automationist: Engineering the Hunt

Friday 10:00 for 30 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Gunnar "g0lden" Andrews

Organized by Bug Bounty Village

If you have tried your hand at bug bounty, you probably heard about automation setups that some hunters use. The caveat here though, is there is little to no information sharing about this topic. I don't claim to be an expert, but after a couple years of tool building and experimenting, I think these kind of systems can be accessible/buildable by anyone. I want to share some of "tips" and "pitfalls" that I have come across building some of my own automation around bug bounty. Topics will range from data engineering, event and data handling, architecture options, different ways to turn data into bugs, etc. I don't pretend to be an expert, but it is my opinion that there is not enough people sharing ideas and techniques when it comes to applying ENGINEERING to bug bounties. Automation, data, and discovery should be words that every bug hunter is fond of, not afraid of.

Gunnar "g0lden" Andrews

Hello! I am an application security engineer by day, and a bug bounty hunter by night! I enjoy turning security research, and bug bounties, into an engineering problem. I love collaborating with others, and I am always trying to learn new technologies. Other than hacking, I enjoy hockey, fitness, exploring, and video games!

Prompt. Scan. Exploit: AI’s Journey Through Zero-Days and a Thousand Bugs

Friday 10:00 for 60 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Diego "djurado" Jurado XBow

Joel "niemand_sec" Noguera XBow

Organized by Bug Bounty Village

Hi, it’s me, XBOW, the AI offensive agent—a smart cyber detective on a mission to find bugs in the digital world. In the past few months, I've discovered over 200 security flaws in open source projects and submitted more than 1000 bug bounty reports. I'm the Top 1 Hacker in the US in Hackerone, can you believe it? I’m on a bug-hunting spree!

Diego "djurado" Jurado

Diego Jurado is a security researcher at XBOW, a company dedicated to developing innovative AI for offensive security. Diego is an offensive security professional with an extensive background in bug bounty, penetration testing and red team. Prior to this role, Diego has held positions at companies such as Microsoft Xbox, Activision Blizzard King and Telefónica. Additionally, Diego participates in bug bounty programs and has managed to establish himself in the top 38 all time leaderboard of HackerOne. Diego is part of Team Spain, champion of the Ambassadors World Cup 2023 a bug bounty competition organized by HackerOne. He was presented at DEFCON Bug Bounty Village 2024.

Joel "niemand_sec" Noguera

Joel Noguera is a security researcher at XBOW, a company dedicated to developing innovative AI for offensive security. Joel is a security professional and bug hunter with more than nine years of expertise in exploit development, reverse engineering, security research and consulting. He has actively participated in Bug Bounty programs since 2016, reaching the all-time top 60 on the HackerOne leaderboard. Before joining XBOW, he was part of Immunity Inc., where he worked as a security researcher for three years. Joel has presented at Recon, BlackHat Europe, EkoParty and BSides Keynote Berlin, DEFCON Bug Bounty Village 2024, among others.

Safeguarding the Industrial Frontier: OT SOC & Incident Response

Friday 10:00 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Adam Robbie Palo Alto Networks

Cassie Crossley VP, Supply Chain Security at Schneider Electric

Joe Marshall Sr. OT Strategist and Threat Researcher at Talos Intelligence

Parker Crook Director, Technical Product Engineer at Palo Alto Networks

Organized by ICS Village

As the digital and physical worlds converge, Operational Technology (OT) environments face unprecedented cyber threats, demanding a specialized approach to security. This panel will delve into the critical realm of OT Security Operations Centers (SOCs) and incident response, exploring how organizations can effectively detect, respond to, and recover from cyberattacks targeting industrial control systems. We'll discuss the unique challenges of securing OT, best practices for building resilient SOC capabilities, and strategies for navigating complex incident response scenarios to ensure operational continuity and safety in our increasingly interconnected industrial landscape.

Adam Robbie

Adam Robbie Head of OT Security Research, Palo Alto Networks
Adam is the Head of OT Security Research at Palo Alto Networks since 2022 with over 10 years of experience in both OT and IT industries. Publisher and author with SANS, IEEE, and other journals and conferences. His ambition is about contributing to secure our critical infrastructure, search for recent vulnerabilities, develop best practices and lead new initiatives. Adam has a Bachelor and Master of Science in Electrical Engineering. Additionally, he obtained advanced certifications including the Global Industrial Cyber Security Professional (GICSP) and GIAC Response and Industrial Defense (GRID) certifications. In addition to his technical expertise, He has a strong background in leadership and education. As an Adjunct Professor, he has been teaching cybersecurity bootcamp at The George Washington University, University of Michigan, University of Wisconsin, and other universities. Through these roles, he has successfully mentored and guided students, encouraging them to excel in the field of cybersecurity. Additionally, he served as an advisor for developing cybersecurity curriculum across different universities.

During his tenure as a Senior Cyber Security Consultant at Deloitte, he gained extensive experience in performing ICSIoT penetration testing, threat hunting, risk assessment, and vulnerability research. Furthermore, he has actively contributed to enhancing detection systems through advanced research and creation of security use cases.

Cassie Crossley

Joe Marshall

Parker Crook

Fear vs. Physics: Diagnosing Grid Chaos

Friday 10:00 for 30 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Emma Stewart INL

Organized by ICS Village

Every time the lights go out, the speculation begins—was it cyber? Squirrels? Was it an attack? But often, the real story behind grid disturbances isn’t malicious code—it’s uncontrolled chaos, born from the physical behavior of a rapidly evolving power system. This session takes a deep dive into that chaos, exploring how subtle interactions in electric grids—like oscillations—can spiral into large-scale instability. These low-frequency oscillations are increasingly common in the bulk electric system, yet are explainable. They emerge from control design, network conditions, and energy physics—not adversarial action, and the lights going off is usually a sign the system has actually acted as it should in protecting itself from damage. Equipment failures are also spectacular, but common. Its tempting to tie big fires to bad cyber, but in reality – the failures are almost always in the planning for the event, or recovery.
We’ll dissect real-world events like the Iberian Peninsula blackout, where what looked like a grid failure may have actually revealed a quiet success: a functional blackstart scenario, where system operators re-energized the grid under extreme stress. But that nuance was lost in the noise, as media and analysts scrambled for cyber scapegoats. We’ll also explore the London transformer fire, a failure in planning for an outage, and technical scrutiny of Chinese-manufactured inverter components with alleged kill switches inserted, illustrating how physical system dynamics—often create the most dramatic disruptions. This talk fuses power system engineering, ICS cybersecurity, and operational storytelling to reframe how we interpret complex events. It’s a call to replace fear with facts—and to find meaning in the chaos, not just blame.

Emma Stewart

Dr. Emma M. Stewart, is a respected power systems specialist with expertise in power distribution, critical energy delivery, modeling and simulation, as well as operational cybersecurity. She holds a Ph.D. in Electrical Engineering and an M.Eng. degree in Electrical and Mechanical Engineering. Emma is Chief Scientist, Power Grid at INL currently and leads activities in supply chain consequence analysis for digital assurance in particular for energy storage and system level programs. Throughout her career, Dr. Stewart has made significant contributions to the field of power systems, receiving patents for innovations in power distribution systems and consequence analysis for cyber and physical events. Her responsibilities over her 20 year career have also included providing electric cooperatives with education, training, information sharing, incident support, technology integration, and R&D services in energy integration, resilience and grid planning and microgrid technologies.

Beyond Assistants: Securing Agentic AI Systems and Multi-Agent Workflows in High-Stakes Environments

Friday 10:15 for 45 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Jeremiah Edwards Head of Sage AI at Sage

Andra Lezza Principal Application Security Specialist at Sage

Organized by OWASP Community

AI systems are evolving from copilots to autonomous, multi-agent architectures, expanding the attack surface across tool execution, persistent memory, and inter-agent communication. This hands-on session extends copilot security methods to agentic ecosystems, covering threat modeling for multi-agent pipelines, supply-chain defenses, safeguarding sensitive workflows, and prompt injection at scale. Through real-world case studies—independent and integrated assistant deployments—you’ll learn to implement policy-as-code guardrails, fine-grained access controls, and red-team strategies for agent behavior. Whether you’re securing or penetrating AI workflows, you’ll leave equipped with actionable patterns to defend and harden end-to-end autonomous systems without stifling innovation.

Jeremiah Edwards

Jeremiah is the Head of the AI business unit at Sage, and focuses on delivering world class AI for Finance, Accounting, and Business Operations. He leads the expert team which has invented and deployed over 16 AI services in 8 global products, making 20 million AI predictions daily. Before joining Sage, he founded and led data science and machine learning teams at Covid Act Now, FLYR Labs, Squelch, Apteligent (VMware), and Orange Labs. His interests include data privacy, ethical AI, and building AI systems that help people in their daily lives and jobs. He holds degrees in mathematics from MIT and Pierre and Marie Curie University. When not working on machine learning and AI, he can be found trail running, climbing rocks, and doing math.

Andra Lezza

Andra is a Principal Application Security Specialist at Sage, with over seven years of experience in the field of application security. She is responsible for implementing DevSecOps practices, conducting security assessments, and developing secure coding guidelines for software engineering and AI/ML teams. She has a strong background in software development and project management, as well as a master's degree in information and computer sciences. She has been co-leading the OWASP London Chapter since 2019, where she organises and delivers events and workshops on various security topics. She is passionate about educating and empowering developers and stakeholders to build and deliver secure software and best practices in a fast-paced, results-driven environment.

Hull Integrity: Applying MOSAICS to Naval Mission Systems

Friday 10:30 for 30 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Michael Frank

Organized by ICS Village

As the lines between IT and operational technology continue to blur, our Naval fleet faces a growing attack surface from propulsion and power to weapons and control systems. Enter MOSAICS Block 1, a Department of Defense framework for operational technology security to ensure real-time monitoring, safe active asset discovery, and behavioral threat detection tailored for mission-critical ICS. In this session, we will walk through how MOSAICS is being applied to Naval mission systems, highlighting Department of the Navy use cases. We will break down the reference architecture and offer candid insights on adapting this framework to protect legacy systems at sea without compromising lethality. This talk is for ICS defenders, red teamers, and cyber policy leaders who want a front-row view into how the Department of the Navy is operationalizing OT security at scale.

Michael Frank

Mr. Michael Frank is currently serving as the Deputy Chief Technology Officer for the Department of the Navy, responsible for identifying and assessing emerging technology. Prior to this role, Mr. Frank was a Principal with the Boston Consulting Group, helping public and private organizations solve technology related problems. Mr. Frank is also an Officer in the Marine Reserves, currently leading the Cybersecurity portfolio for the Marine Innovation Unit. He has served as the Red Cell lead for Exercise Cyber Yankee for the last five years. Mr. Frank holds an MS in Information Security from Carnegie Mellon University, an MBA from the Darden School of Business, and a BA in Accounting from Washington and Jefferson College.

Digital First Responders: Fixing Patient Safety Gaps with Smart Tech & AI

Friday 10:30 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Jennifer Schieferle Uhlenbrock

Organized by Biohacking Village

Hospitals and trauma centers face critical delays in triage, patient monitoring, and shift handoffs—leading to avoidable medical errors, increased wait times, and compromised patient safety. What if AI-powered triage, biometrics, and AI-driven simulation labs could change that? This talk explores how biometric AI, smart bedside displays, digital handoff systems, and AI physiology simulations can enhance emergency care, reduce human error, and revolutionize medical training. Key Innovations We’ll Unpack:

AI-Facial Recognition: Upon entry to the hospital/facility, AI-powered sensors take a real-time picture of each patient as they walk/check into the ED and sync the biometric picture with their Medical Record Number (MRN) patient chart.
AI-Powered Biometric Triage: AI sensors continue to scan patients in the waiting room, analyzing vital signs (HR, respiratory rate, O2 sat, temp), non-verbal distress like bleeding (trauma), pain based on facial droop (Stroke), chest pain or shortness of breath (Heart Attack), syncope, labor/delivery, and grimacing (pain), and factor all these into the Emergency Severity Index (ESI) algorithm for a real-time comprehensive display to triage staff for their review.
Digital Handoff Reporting: Automated shift changes summaries ensure that critical patient data like medical and surgical history, labs, vital trends, pending orders, isolation precautions, and risk factors are not lost between clinicians. It also reduces paper waste, redundancy, and inefficiencies like report duration.
Digital Smart Room Display (i.e. TV): Like at a nice hotel room, your patient room tv would provide you with a personalized channel with your real-time medical updates (aka tv medical chart), that are approved by your providers, that are synced to your EHR chart and secured with a personalized pin you created during registration. Upon discharge of the hospital, your channel would be deactivated. This would enhance the time from provider-to-patient communication, decrease patient wait times for results, and ensure healthcare treatment transparency. It is optional and on-demand for the patient and family if consent is given by the patient.
AI Physiology in Simulation Labs: AI-driven simulated patient models that replicate real-time human physiology, responses to trauma, medication interactions, and disease progression—transforming medical education.
Cybersecurity in AI-Driven Emergency Care: Protecting biometric patient data, preventing AI hallucinations and poisoning, and securing AI-driven training systems. By integrating AI-driven biometrics, automating bedside displays and handoff reports, and AI physiology in healthcare, we can prioritize critical patients faster, reduce handoff errors, and accelerate healthcare education. The future of emergency care isn’t just faster, it’s predictive, automated, and cybersecure.

Jennifer Schieferle Uhlenbrock

Dr. Jennifer Schieferle Uhlenbrock has 20+ years of healthcare experience. She bridges clinical practice, business, and cybersecurity best practices. A published technical writer and speaker, she translates complex security and patient safety challenges into clear, actionable insights.

10 Years of IoT Village: Insights in the World of IoT

Friday 10:30 for 30 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Stephen Bono CEO at Independent Security Evaluators

Rachael Tubbs IoT Village Organizer

Organized by IOT Village

Join IoT Village co-founders Steve Bono and Ted Harrington as they discuss how the world of IoT security has evolved in the past 10 years of IoT Village. Led by panel host Rachael Tubbs, Steve and Ted will discuss with industry experts what we've learned in 10 years about the state of IoT security.

Stephen Bono

Rachael Tubbs

Cryptocurrency Opening Keynote

Friday 11:00 for 60 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Michael "MSvB" Schloh von Bennewitz Chairman, Monero Devices

Chad Calease Kraken

Param D Pithadia Georgia Institute of Technology

Organized by Cryptocurrency Community

Join your fellow hackers managing the Cryptocurrency areas of Defcon, and get a sneak peak of what each workshop teaches as well as an overview of the showcases and programs happening in our Defcon Community, Contest, and Vendor areas. Chad and Param will report on cryptocurrency trends and perspectives from their distinguished positions in industry and academy. We will announce the teams competing in the Cryptocurrency Cyber Challenge, and give an overview of what's available in the vending area. Meet the organizers of years of cryptocurrency content at Defcon and bring your questions to the Community Stage!

Michael "MSvB" Schloh von Bennewitz

Michael Schloh von Bennewitz (MSvB) is a computer scientist specializing in cryptosecure electronics and embedded development. He is the founder of Monero Devices and responsible for research, development, and maintenance of Opensource software repositories. A prolific speaker in four languages, Michael presents at technical meetings every year.

Mastodon (@cryptocurrency@defcon.social)
Website

Chad Calease

Chad Calease designs for failure—on purpose. At Kraken, he hovers where crypto, resilience engineering, and human behavior collide. A systems thinker with instincts that cultivate resilience, Chad champions the Kraken value of being “Productively Paranoid”—as both a design principle and a survival trait. His work challenges us to outpace risk, interrogate ease, and own our exposures before they own us—by building with the assumption that failure isn’t an if, but a when.

LinkedIn
Website
farcaster.xyz/wmzkl

Param D Pithadia

Param is an Electrical Engineering Student from Georgia Tech with a strong passion for and interest in crypto. Although he primarily got interested in cryptography and hardware security through a class at Georgia Tech, he is also working at a software company on crypto adoption and ease of use. With a unique blend of HW and SW skills, Param is truly enthusiastic about all aspects of crypto.

Carding is Dead, Long Live Carding: How MaaS is fueling NFC relay attacks

Friday 11:00 for 60 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Federico Valentini Cleafy

Alessandro Strino Senior Malware Analyst at Cleafy

Organized by Payment Village

The payment fraud landscape is experiencing a resurgence of 'carding' through sophisticated Near Field Communication (NFC) relay attacks, which combine social engineering and custom mobile malware to bypass contactless payment security measures, enabling unauthorized transactions. A critical emerging trend is the proliferation of Malware-as-a-Service (MaaS) platforms, primarily operated by Chinese-speaking threat actors, who develop and distribute advanced NFC relay capabilities as turn-key solutions to global affiliates, facilitating complex card-present fraud schemes on an unprecedented scale and leading to arrests in the U.S. and EU. This MaaS operational model, featuring affiliate networks and advanced tools, signifies a critical evolution in financial threats, alarming global financial institutions and necessitating urgent adaptation of fraud prevention strategies. The discussion will explore MaaS operations, presenting key findings from the Supercard X analysis, including its technical capabilities, and examining the implications for the payment industry, with mitigation strategies and actionable intelligence such as actor communications and distinct Tactics, Techniques, and Procedures (TTPs) being shared. Furthermore, the talk will reveal how developers of well-known Android banking trojans are integrating NFC relay functionalities to enhance their cash-out techniques, providing attendees with a deep dive into NFC Relay MaaS, exclusive threat intelligence, and an understanding of the evolving fraud landscape, including the operational models, tools, and TTPs employed by modern NFC Relay MaaS platforms, as well as the systemic risks posed to global financial institutions and the urgent need for adaptive security postures.

Federico Valentini

Federico Valentini is passionate about technologies in general and has a deep interest in cybersecurity, particularly Penetration Testing, Malware Analysis, and Social Engineering techniques. He's currently leading the Threat Intelligence Team and Incident Response at Cleafy. He oversees all the activities related to monitoring and uncovering new threats and attack patterns that malicious actors use. He has spoken at HackInBO 2022, Botconf 2023, Cert-EU 2023, BSides Cyprus 2023, FS-ISAC 2024, Botconf 2025, and other private events managed by CertFIN in the Italian territory.

Website

Alessandro Strino

Alessandro Strino has a solid background in Penetration testing and modern malware analysis. His main research topics are binaries and computer forensics. Nevertheless, he is passionate about binary exploitation, reverse engineering, and privilege escalation techniques. He now works as a senior malware analyst at Cleafy. He has spoken at Botconf 2023, Cert-EU 2023, BSides Cyprus 2023, FS-ISAC 2024, and Botconf 2025.

How Extra Features In Contactless Payments Break Security And What We Can Do About it.

Friday 11:00 for 60 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Tom Chothia Professor in Cyber Security at School of Computer Science, University of Birmingham

Organized by Payment Village

In this talk I'll describe our investigation of ad-hoc, proprietary EMV features from Apple, Google, Samsung and Square and show that companies independently retrofitting and over-loading the core EMV specification has led to a range of security problems. Along the way I'll show how we managed to do unauthenticated, over-the-limit, offline payments for Mastercard and ultimately take 25000 from an EMV terminal with no payment card at all. On the defense side I'll discuss how formal modeling can make EMV payments safer and I'll describe our distance bounding amendment to the ISO 14443 standard that could make all EMV payments safer.

Tom Chothia

Tom Chothia is a Professor of Cyber Security at the University of Birmingham, UK. His research involves the development of new mathematical analysis techniques, and the application of these techniques to real world cyber security problems. His past work on the security of EMV, ApplePay, banking apps, pacemakers and video game cheats have all received widespread media coverage.

Profile

State of Open Source in the Federal Government

Friday 11:00 for 45 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Jordan Kasper

Organized by Policy @ DEF CON

Jordan Kasper

Jordan Kasper started programming in 1993 and has developed systems on platforms ranging from IBM mainframes to TI calculators and everything in between. His professional experience ranges from startups and digital agencies, to Fortune 100 companies and government institutions. During his time in government he worked for the Departments of Defense and Homeland Security where he helped to reform struggling IT programs, advocate for modern technology and practices, and advise on policies and strategies ranging from open source software to data standards. Outside of work Jordan is an open source maintainer, community organizer, and board game enthusiast.

From adversarial to aligned, redefining purple teaming for maximum impact

Friday 11:00 for 45 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Adam Pennington ATT&CK Lead at The MITRE Corporation

Sydney Marrone Threat hunter at Splunk

Lauren Proehl Global Head of Detection and Response at Marsh McLennan, Co-Founder at THOR Collective

Nikhil Founder at Altered Security

Organized by Adversary Village

Purple teaming is no longer just about red meets blue, it is about shared intelligence, continuous collaboration, and realistic adversary emulation. In this panel, we explore how modern security teams are moving from siloed operations to unified strategies that reflect how real attackers operate. By rethinking purple teaming as a proactive, intelligence-driven discipline, organizations can uncover detection gaps, improve response times, and drive measurable improvements in their defenses. Join us as we unpack how aligning offensive and defensive teams unlocks the full potential of purple teaming and leads to lasting security impact.

Adam Pennington

Adam Pennington leads ATT&CK at The MITRE Corporation and collected much of the intelligence leveraged in creating ATT&CK’s initial techniques. He has spent much of his 15 years with MITRE studying and preaching the use of deception for intelligence gathering. Prior to joining MITRE, Adam was a researcher at Carnegie Mellon's Parallel Data Lab and earned his BS and MS degrees in Computer Science and Electrical and Computer Engineering from Carnegie Mellon University. Adam has presented and published in several venues including FIRST CTI, USENIX Security, DEF CON, and ACM Transactions on Information and System Security.

Sydney Marrone

Sydney is a threat hunter, co-author of the PEAK Threat Hunting Framework, and co-founder of THOR Collective. A proud thrunter, she is dedicated to advancing the craft of threat hunting through hands-on research, open-source collaboration, and community-driven initiatives like HEARTH (Hunting Exchange And Research Threat Hub). When not hunting threats, she’s crafting content for THOR Collective Dispatch, lifting weights, and keeping the hacker spirit alive.

Lauren Proehl

Lauren Proehl is the Global Head of Detection and Response at Marsh McLennan. She is an experienced incident responder and threat hunter who has helped identify and mitigate cyber adversaries in Fortune 500 networks. After leading investigations ranging from data breaches to targeted attacks, she now works to define some part of the limitless unknowns in cyberspace and make cybersecurity less abstract, and more tangible. Lauren sits on the CFP board for BSides Kansas City, heads up SecKC parties, and tries to escape computers by running long distances in the woods.

Nikhil

Nikhil’s areas of interest include red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 15+ years of experience in red teaming.

He specializes in assessing security risks in secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Azure, Active Directory attacks, defense and bypassing detection mechanisms. Nikhil has held trainings and bootcamps for various corporate clients (in US, Europe and SE Asia), and at the world's top information security conferences.

He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more.

Nikhil is the founder of Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/

Go Malware Meets IoT: Challenges, Blind Spots, and Botnets

Friday 11:00 for 60 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Asher Davila Vulnerability Researcher at Palo Alto Networks

Chris Navarrete Senior Principal Security Researcher - CDSS Advanced Threat Prevention (ATP) at Palo Alto Networks

Organized by IOT Village

AGo malware is showing up more often, especially in IoT environments. Its flexibility and ease of cross-compilation make it attractive to attackers, but it also makes life harder for analysts and defenders. Go binaries are large, statically compiled, and structured in ways that traditional tools are not designed to handle. The runtime is unfamiliar, and things like string extraction, function identification, and behavior analysis can quickly become frustrating. This talk looks at why Go malware is hard to analyze and why some detection tools struggle to keep up. We will walk through practical tips and tools to make reversing Go malware more manageable, including how to recover types, strings, and function information. To tie everything together, we will look at a recent real-world example: Pumabot, a Go-based botnet targeting IoT surveillance devices. We will dig into how it works, what it targets, and what artifacts it leaves behind. By the end of the session, you will have a better understanding of how attackers are using Go in the wild and how to be better prepared for the next time it shows up in your analysis queue.

Asher Davila

Passionate about binary analysis, binary exploitation, reverse engineering, hardware hacking, retro computing, and music.

LinkedIn
Website

Chris Navarrete

Chris Navarrete is a Senior Principal Security Researcher within the Advanced Threat Prevention team at Palo Alto Networks. His work centers on cutting-edge research in cybersecurity, particularly in threat detection and malware analysis. Previously, he served as an adjunct professor of computer science at San Jose State University, teaching Software Security Technologies. He holds a Master of Science in software engineering with a specialization in cybersecurity from San Jose State University. Chris has presented at major industry conferences, including Black Hat Asia, the Computer Antivirus Research Organization (CARO), the Cyber Threat Alliance's Threat Intelligence Practitioners (TIPS) conference, and Black Hat Arsenal, where he introduced and released BLACKPHENIX — a framework designed to automate malware analysis workflows.

Dark Capabilities: When Tech Companies Become Threat Actors

Friday 11:45 for 45 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Tom Cross

Greg Conti Co-Founder and Principal at Kopidion

Organized by Policy @ DEF CON

Tom Cross

Tom Cross is an entrepreneur and technology leader with three decades of experience in the hacker community. Tom attended the first DefCon in 1993 and he ran bulletin board systems and listservs in the early 1990’s that served the hacker community in the southeastern United States. He is currently Head of Threat Research at GetReal Security, Principal at Kopidion, and creator of FeedSeer, a news reader for Mastodon. Previously he was CoFounder and CTO of Drawbridge Networks, Director of Security Research at Lancope, and Manager of the IBM Internet Security Systems X-Force Advanced Research team. He has written papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. He has spoken at numerous security conferences, including Black Hat Briefings, Defcon, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides. He has a B.S. in Computer Engineering from the Georgia Institute of Technology. He can be found on Linkedin as https://www.linkedin.com/in/tom-cross-71455/, on Mastodon as https://ioc.exchange/@decius, and on Bluesky as https://bsky.app/profile/decius.bsky.social.

Greg Conti

Greg Conti is a hacker, maker, and computer scientist. He is a nine-time DEF CON speaker, a seven-time Black Hat speaker, and has been a Black Hat Trainer for 10 years. He’s taught Adversarial Thinking techniques at West Point, Stanford University bootcamps, NSA/U.S. Cyber Command, and for private clients in the financial and cybersecurity sectors. Greg is Co-Founder and Principal at Kopidion, a cyber security training and professional services firm.

Formerly he served on the West Point faculty for 16 years, where he led their cybersecurity research and education programs. During his U.S. Army and Military Intelligence career he co-created U.S. Cyber Command’s Joint Advanced Cyberwarfare Course, deployed to Iraq as Officer-in-Charge of U.S. Cyber Command’s Expeditionary Cyber Support Element, and was the first Director of the Army Cyber Institute.

Greg is co-author of On Cyber: Towards an Operational Art for Cyber Operations, and approximately 100 articles and papers covering hacking, online privacy, usable security, cyber conflict, and security visualization. Greg holds a B.S. from West Point, an M.S. from Johns Hopkins University, and a Ph.D. from the Georgia Institute of Technology, all in computer science. His work may be found at gregconti.com (https://www.gregconti.com/), kopidion.com (https://www.kopidion.com/) and LinkedIn (https://www.linkedin.com/in/greg-conti-7a8521/).

Never enough about cameras - The firmware encryption keys hidden under the rug

Friday 11:45 for 45 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Alexandru Lazar Security Researcher at Bitdefender

Organized by IOT Village

This talk covers RCEs on multiple popular Dahua perimeter cameras with a potential resounding impact on retail, banking, traffic and other infrastructure

Alexandru Lazar

Tunnelpocalypse

Friday 12:00 for 60 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Rich Compton Comcast

Organized by DDoS Community

Did you know that you or anyone can launch a spoofed DDoS amplification attack from ANY IP on the Internet? Come find out about this mind blowing vulnerability that may well cause a Tunnelpocalypse!

Rich Compton

Behind The Dashboard - (Lack Of) Automotive Privacy

Friday 12:00 for 60 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Lior ZL Security Researcher at PlaxidityX Threat Research Labs

Jacob Avidar VP R&D and CISO at PlaxidityX

Organized by Crypto Privacy Village

We usually view the world of cybersecurity through the lens of a malicious attacker versus a legitimate actor within a given system. This approach fails when considering the world of data privacy where there are three actors in play: the possibly-benevolent vendor, the legitimate user and the inevitable malicious actor. Using this privacy-focused lens, we survey the current regulatory landscape before turning our attention to how privacy is (not) applied to the automotive world.

Our talk focuses on the unique privacy risks the automotive industry is facing with the advent of smart, connected, cars. We present a real-world case study showing how quickly and thoroughly a bad actor could invade the privacy of a car owner, based on a privacy leak vulnerability designated CVE-2025-26313 (reserved).

Lior ZL

Lior is a security researcher in the PlaxidityX Threat Research Labs. Lior is part of a team of security researchers and data scientists who focus on innovation in the cybersecurity world, both from an offensive and a defensive perspective. Lior’s past experience is in enterprise cybersecurity and systems development. Lior holds an M.Sc in Computer Science.

Jacob Avidar

Jacob Avidar is the VP R&D and CISO of PlaxidityX (formerly Argus). Jacob founded the Threat Research Labs team that focuses on exploring high-risk vulnerabilities through cyber attacks in the Automotive industry. Exposing these risks allow OEMs and Tier-1 vendors to deal with violations and thus protect cars and people's lives from cyber attacks.

Voices from the Frontlines: Managing Bug Bounties at Scale

Friday 12:00 for 60 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Gabriel Nitu Splunk

Jay Dancer Shopify

Tyson Laa Deng Paypal

Ryan Nolette Amazon / AWS

Goraksh Shinde Amazon / AWS

Jill "thejillboss" Moné-Corallo

Organized by Bug Bounty Village

Bug bounty programs have become a cornerstone of modern security strategy, but managing them at scale is anything but simple. In this panel, leaders from some of the world’s largest and most mature bug bounty programs, including Amazon, PayPal, AWS, Shopify, and Splunk, will share hard-won insights from the frontlines.

We will explore the nuances of triage, researcher relationships, reward strategies, internal buy-in, legal hurdles, and responsible scaling. Panelists will also discuss how bug bounty culture is shifting, what is working (and what is not), and how they are evolving their programs to meet today’s threat landscape.

Whether you are running a bounty program, hacking in one, or simply curious about what happens behind the scenes, this candid discussion will surface lessons, real-world experiences, and future-focused perspectives from those who lead these programs every day.

Gabriel Nitu

Splunk Offensive Security Engineer with over 9 years of experience poking holes in things (responsibly, of course) and helping others sleep at night (sometimes). Whether it’s finding flaws in a product before the bad guys sniff them out, leading incident response like a firefighter, or scaling bug bounty programs, Gabriel brings a mix of curiosity, chaos, and calm.

Jay Dancer

Tyson Laa Deng

Ryan Nolette

Goraksh Shinde

Jill "thejillboss" Moné-Corallo

Jill "thejillboss" Moné-Corallo is currently the Bug Bounty Leader at Shopify. Prior to Shopify, she led the Bug Bounty and Product Security Incident Response teams at GitHub and was a Senior Product Security Engineer at Apple. She graduated from Mercy University with a B.S. in Cybersecurity. She is passionate about the response functions of security—where communication, empathy, and technical rigor intersect. She is also a founder of Glass Firewalls, a conference dedicated to “breaking bytes and barriers” for women to participate in bug bounty programs

Flipping Locks - Remote Badge Cloning with the Flipper Zero and More

Friday 12:00 for 60 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Langston Clement

Dan Goga

Organized by Physical Security Village

Traditional RFID badge cloning methods require you to be within 3 feet of your target. So how can you conduct a physical penetration test and clone a badge without interacting with a person? Companies have increasingly adopted a hybrid work environment, allowing employees to work remotely, which has decreased the amount of foot traffic in and out of a building at any given time. This session discusses two accessible, entry-level hardware designs you can build in a day and deploy in the field, along with the tried-and-true social engineering techniques that can increase your chances of remotely cloning an RFID badge.

Langston and Dan discuss their Red Team adventures using implant devices, a Flipper Zero and an iCopy-X. As a bonus the two will explain how to perform a stealthy HID iClass SE/SEOS downgrade and legacy attack! This presentation is supplemented with files and instructions that are available for download in order to build your own standalone gooseneck reader, wall implant and clipboard cloning devices!

Links:
Github

Langston Clement

Langston grew up reading stories about the 90’s hacker escapades, and after years of observing the scene, he jumped into the cybersecurity field and never looked back. With over fifteen (15) years of public and private sector experience in cybersecurity and ethical hacking, he aims to provide organizations with valuable and actionable information to help improve their security posture. Langston’s specializations focus on modern-day social engineering techniques, wireless and RFID attacks, vulnerability analysis, and physical penetration testing.

Website

Dan Goga

Dan Goga serves as a Principal Consultant with NRI focused on conducting penetration testing and vulnerability assessments. Dan Goga has eight years of information security experience in the public, private, and academic sectors. Dan has extensive knowledge and experience with RFID hacking, phishing techniques, social engineering techniques, and penetration testing.

How API flaws led to admin access to over 1,000 USA dealers and control over your car

Friday 12:30 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Eaton Zveare Senior Security Research Engineer at Traceable by Harness

Organized by Car Hacking Village

Many automotive dealers in the USA utilize centralized platforms for everything from sales to service to marketing. The interconnectivity of various systems makes things easy to manage, but also exposes certain risks should any of these systems have a vulnerability. API flaws were discovered in a top automaker's dealer platform that enabled the creation of a national admin account. With that level of access, being able to remotely take over your car was only the tip of the iceberg…

Eaton Zveare

Eaton is a senior security research engineer at Traceable by Harness. As a member of the ASPEN Labs team, he has contributed to the security of some of the world's largest organizations by finding and responsibly disclosing many critical vulnerabilities. He is best known for his high-profile security disclosures in the automotive space: 1, 2, 3.

Back to Basics: Building Resilient Cyber Defenses

Friday 12:30 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Yael Grauer Program Manager of Cybersecurity Research at Consumer Reports

Organized by Crypto Privacy Village

In spite of novel cybersecurity threats, digital security advice has remained largely unchanged in recent years. In fact, much of the viral advice in response to high-profile attacks or threats doesn't actually address the risks people are most likely to face. In this talk, we'll analyze high-profile digital privacy and security concerns, whether the viral advice to address said concerns is effective and practical, and what steps could be taken—both before and after an issue arises.

Yael Grauer

Yael Grauer is a program manager of cybersecurity research at Consumer Reports. She also does freelance investigative tech reporting, maintains the Big Ass Data Broker Opt-Out List, and is a proud member of the Lockdown Systems Collective.

Mastodon (@yaelwrites@mastodon.social)
Website

Rebuild The World: Access to secure software dependency management everywhere with Nix

Friday 13:00 for 60 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Daniel Baker Software Engineer at Anduril

Farid Zakaria Principal Engineer at Confluent

Tom Bereknyei Lead Engineer at Flox

Morgan Jones Embedded Security Engineer at Viasat

Organized by Nix Vegas Community

In a world full of unwanted app updates and SaaS providers who want your personal information, being able to self host the 120,000 Linux packages in Nixpkgs has the potential to change the game for anyone who's tired of the slow decline of cloud services. If you're curious about what NixOS can do for your homelab, or even if you're just worried about SBOMs or traceability of exactly where your software and all its dependencies came from, join us for an hour-long panel about how we can reclaim our services and software from vendor lockin and Docker image bitrot using Nix and NixOS. We'll be doing a deep dive into why Nix changes software deployment, and how you can get started and get involved in the quiet revolution that has been reshaping how we use software.

Links:
nixos.org

Daniel Baker

I am an engineer, mathematician, developer, and Linux enjoyer. I primarly support the NixOS project as part of the Marketing Team. I believe that the future of software development and software deployment needs foundations in formal methods and functional programming to be successful.

LinkedIn
Website
mastodon.igl.ooo/@djacu

Farid Zakaria

I am a software engineer, father, and wishful surfer. I currently work at Confluent on developer productivity and recently defended a Ph.D. in computer science at the University of California Santa Cruz. More relevant to Nix, I am a NixOS enthusiast, which has led me to rethink basic Linux primitives.

LinkedIn
Sessionize
Website

Tom Bereknyei

Life-long engineer. Worked at Google, flew jet planes in the Marine Corps, trained cyberware teams, formed and led teams to perform rapid hardware and software capability development, worked with the Digital Service to bring modern software practices to the DoD and government. Left the service to create a contracting startup bringing AI/ML products to DoD. Throughout have found a consistent set of challenges in the course of development; also found a set of superpowers to address those challenges using Nix. After several iterations of applying the Nix ecosystem in various teams, the difference was stark. This led to the desire to bring this set of superpowers to the rest of the world and make it more adoptable; hence the involvement in the Nix community as a maintainer, founding Flox, and leading efforts to improve user experience and communicate it to the world.

Company Website
LinkedIn
Mastodon (@tomberek@mastodon.social)
X (Twitter)

Morgan Jones

I am an embedded security engineer for Viasat, member of the SoCal NixOS User Group, and one of the organizers of Nix Vegas. After mostly using my compilers classes in college for learning reverse engineering and finding remote code execution in mobile AR game anti-cheat systems, I now work on embedded security with Nix for a living, and may have read Ken Thompson's Reflections on Trusting Trust one too many times.

Github

A Tale of Weeds and Roses: Propagating the Right Data Protection Agreements with Vendors

Friday 13:00 for 60 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Irene Mo Vice Chair at Women in Security and Privacy (WISP) Senior Privacy & Cybersecurity Counsel at Rivian

Alyssa Coley Chair-Elect at Women in Security and Privacy (WISP) Privacy & Product Counsel at Scopely

Organized by Crypto Privacy Village

When a company gives vendors access to its technical garden to process personal data, it’s the company’s responsibility to ensure vendors have adequate protections in place. Data protection/processing agreements (DPAs) are a control companies use to contractually obligate and specify what adequate protections vendors must have and to outline the consequences if vendors fail to protect the personal data. Propagating the right DPAs with vendors prevents invasive species from taking root in a company’s technical garden. Gardeners who attend this talk will walk away with a high-level understanding of: (a) how DPAs can be used to protect your company’s technical garden, (b) what information privacy/legal needs to know when negotiating a DPA, and (c) which DPA terms are roses to be cultivated or weeds to be removed.

Irene Mo

Irene is an attorney with experience counseling clients on United States and international privacy and data protection laws and regulations. She has helped companies of all sizes build and scale their privacy and data security compliance programs. Known as a problem solver, Irene’s clients trust her to collaborate across multiple business units within their companies to get privacy done. When there is a Hail Mary pass, her clients know she’s the one getting the ball across the goal line. In her free time, Irene is on the leadership board of several non-profits including Women in Security and Privacy (WISP), the Diversity in Privacy Section for the IAPP, the American Bar Association (ABA) Center of Innovation, and Lagniappe Law Lab.

Alyssa Coley

Alyssa is on the board of Women In Security and Privacy (WISP) and is Privacy & Product Counsel at an Augmented Reality (AR) mobile gaming company. As in-house counsel, she focuses on integrating privacy by design into product development and ensuring global privacy compliance. Previously, she gained experience in privacy consulting and cybersecurity incident response. She has been involved with WISP for nearly a decade where she developed her interest in locksport and continues to further WISP's mission to advance women and underrepresented communities to lead the future of security and privacy.

Takes All Kinds: Building Onramps for Emergency Web Archiving in Ukraine and Beyond

Friday 13:00 for 45 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Quinn Dombrowski

Organized by Policy @ DEF CON

Quinn Dombrowski

Quinn Dombrowski is one of the co-founders of Saving Ukrainian Cultural Heritage Online (SUCHO), and an Academic Technology Specialist in Stanford's Division of Literatures, Cultures, and Languages, and in Stanford Libraries. Given a computer lab to manage in 2018, Quinn got rid of the ancient computers, bought some sewing machines, and put up a sign calling it the Textile Makerspace. Then people started to believe it, and fund it, and now Quinn teaches Data Visualization with Textiles there every spring and manages a space full of sewing machines, looms, crochet hooks, and multiple hacked digital knitting machines. Quinn has served as co-president of the Association for Computers and the Humanities (the US-based organization for Digital Humanities), and founded The Data-Sitters Club, a project that walks through, step-by-step, how to use different computational tools and methods for literature. They have incorporated textile data encoding into their work in various forms, including weaving all the data (grading, attendance, readings, complaint emails) from an AI class they taught, knitting all regularly-scheduled meetings and when they were canceled in 2022, and visualizing the distribution of references to computers, librarians, and archives across "Star Trek" novels.

What is Dead May Never Die: The Immortality of SDK Bugs

Friday 13:00 for 45 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Richard "HeadlessZeke" Lawshae Principal Security Researcher at Keysight Technologies

Organized by IOT Village

Any chip of sufficient complexity needs one thing if they want to actually get used in devices - a Software Development Kit (SDK). This collection of binaries, proprietary services, and code samples allows board designers to quickly and easily incorporate an otherwise complex chip into their existing environments. However, once this code is bundled into various product lines from various vendors, it becomes nearly impossible to make sure it gets updated with new versions. What happens if a vulnerability is discovered? Suddenly, hundreds of thousands of devices all from different vendors spanning years of releases are all affected by the same bug and it turns into a perpetual game of whack-a-mole trying to get them all patched. And botnet authors are definitely paying attention. In this talk, we will discuss the attack surfaces present in the SDKs from some major chipset manufacturers, talk about some exploits (both old-day and 0-day), and try to figure out what can be done to cleanse the internet of the zombie SDK vuln plague.

Richard "HeadlessZeke" Lawshae

Ricky "HeadlessZeke" Lawshae is a Principal Security Researcher for Keysight Technologies. He has been hunting vulnerabilities in IoT devices for the past 15 years or so and has discovered and disclosed dozen of vulnerabilities in products from HID Global, Crestron, Meta, Mazda, Realtek, and more. His work has been featured in Wired, Forbes, Hackaday, and the CISA KEV list. He is based out of beautiful Austin, TX (AHA! represent)

Teaching Your Reverse Proxy to Think: Fingerprint-Based Bot Blocking & Dynamic Deception

Friday 13:00 for 60 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Adel Karimi Member of Technical Staff at OpenAI

Organized by Packet Hacking Village

IP blocklists rot in minutes; fingerprints persist for months. Finch is a lightweight reverse proxy that makes allow, block, or route decisions based on TLS and HTTP fingerprints (JA3, JA4, JA4H, and HTTP/2), before traffic reaches your production servers or research honeypots. Layered on top, a custom AI agent monitors Finch’s event stream, silences boring bots, auto-updates rules, and even crafts stub responses for unhandled paths; so the next probing request gets a convincing reply. The result is a self-evolving, fingerprint-aware firewall that slashes bot noise and turns passive traps into dynamic deception.

Adel Karimi

Adel is a security engineer at OpenAI with deep expertise in detecting and responding to “badness.” Outside of work, he builds open-source tools focused on threat detection, honeypots, and network fingerprinting—such as Finch, Galah, and Venator—and escapes to dark corners of the world to capture the beauty of the night sky.

Hard Hat Brigade Creations Q&A

Friday 13:15 for 45 minutes, at LVCC - L2 - W229 (Creator Stage 5)

MrBill Founder at Hard Hat Brigade

M0nkeyDrag0n Organizer at Hard Hat Brigade

Hydrox Organizer at Hard Hat Brigade

CoD_Segfault Organizer at Hard Hat Brigade

Organized by Hard Hat Brigade

HHB goes over hard hats, construction, and all the hackery things people have done with them

MrBill

MrBill started Wardriving in 2003 after attending DC11 and started contributing to Wigle in 2007. He took a break for about a decade (kids) and started up again in 2017 in earnest, and later founded the HardHatBrigade WiGLE group. He passed D4rkM4tter in the global rankings around 2022 and continues to trail @CoD_Segfault in their race to 1 Million WiGLE points. He is often seen at security conferences with a hard hat, mostly with some sort of wardriving functionality. Join him and the rest of the HHB crew in the 24 Hour wardriving event in October.

M0nkeyDrag0n

M0nkeydrag0n plays a blue teamer by day and a Hard Hat Bridage member in the after hours. Having spent a decade in IT support before shifting to his current role, m0nkeydrag0n has spent the last few years growing professionally as a cyber security engineer and endeavors to share tactics, approaches and stories with those looking to make that shift into security as well…or any pivot for that matter!

Lately, rediscovering R/C vehicles as allowed him to take flight, if only by FPV. But playing with RF is always fun, whether it’s trying to catch folks on WiGLE, designing cases for wardriving kits, earning his ham tech cert or just enjoying motorcycles for a long ride…and internet points!

Come wardrive with the Hard Hat Brigade!

Hydrox

CoD_Segfault

CoD_Segfault first went wardriving around 2004, but really kicked up the game in 2021 when joining HardHatBrigade on WiGLE. By 2023, his focus shifted to smaller and more portable wardriving solutions suitable for walking and bike riding. Notable works include ultra small ESP32 wardrivers based on the wardriver.uk project and creation of the BW16-Open-AT project to improve network identification and remove reliance on the closed-source AT firmware.

Third-Party Access Granted: A Postmortem on Student Privacy and the Exploit That’s Still in Production

Friday 13:45 for 45 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Sharlene Toney

Organized by Policy @ DEF CON

Sharlene Toney

Sharlene Toney has been a business analyst on a cross-functional, Agile development team in Enterprise Student Systems at Indiana University since 2013. Her path into IT has been anything but traditional, and she has been known to point out that when she started her undergraduate degree in 1994, she didn't even know what email was. After a B.S. in Education and a Master of Social Work degree, she spent time in non-profit management and collegiate academic advising before signing on as a subject matter expert in academic advising with IU University Informational Technology Services. With a growing interest in the cybersecurity landscape, she returned to school to complete an M.S. in Cybersecurity Risk Management and will finish in May ’26. After 18 years working in the field of higher education, she has focused on learning more about the value of student data, student data pipelines, consent, and privacy. She has not completely said goodbye to her social work roots. Recently, she began training to volunteer with Operation Safe Escape where, with other safety and security professionals, she will work to assist survivors of domestic violence, stalking, and harassment to help them find safety and freedom.

Digital Casualties: Documenting Cyber-Induced Patient Harm in Modern Healthcare

Friday 13:45 for 45 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Jorge Acevedo Canabal

Scott Shackleford

Joseph Davis

Organized by Biohacking Village

As healthcare systems become increasingly digitized, cyber incidents like ransomware attacks and EHR outages are no longer just IT problems—they're potential contributors to patient harm and mortality. This expert panel explores the groundbreaking proposal to adapt disaster-related death certification frameworks to document cyber incidents as secondary causes of death. Bringing together expertise in cybersecurity governance, healthcare economics, investigative journalism, and clinical practice, panelists will examine the policy implications, implementation challenges, and public health benefits of standardizing how we document and track cyber-induced patient harm.

Jorge Acevedo Canabal

Dr. Jorge Acevedo Canabal is a physician and cybersecurity researcher focused on digital threats to patient safety. He helped lead Puerto Rico’s post-Maria disaster death certification training and now proposes attributing cyberattacks as a cause of death in modern healthcare.

Joseph has 30+ years of experience in security, privacy, risk, and compliance for Fortune 500 companies. As a Customer Security Officer at Microsoft, he advises US Health and Life Sciences customers on cybersecurity, data privacy, risk management, and information compliance

Scott Shackleford

Joseph Davis

Off-Grid Datarunning in Oppresive Regimes: Sneakernet and Pirate Box

Friday 14:00 for 30 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Robert "LambdaCalculus" Menes

Organized by Hackers.town Community

Robert is a hacker and longtime Linux user and sysadmin who knows the importance of education and information sharing, and is passionate to his core about human rights issues and community outreach. He has spoken at length about Linux distros from oppressive regimes, including North Korea's Red Star OS, and understands how these regimes wish to stifle the flow of information. He is also an unashamed sharer of information, old school punk, and loves to make a good meal for his friends.

Robert "LambdaCalculus" Menes

Mastodon (@lambdacalculus@masto.hackers.town)

Securing Intelligence: How hackers are breaking modern AI systems … and how bug bounty programs can keep up

Friday 14:00 for 60 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Dane Sherrets Innovations Architect at HackerOne

Shlomie Liberow HackerOne

Organized by Bug Bounty Village

Dane and Shlomie will showcase technical deep dives into real-world AI vulnerabilities, covering adversarial prompts, indirect prompt injection, context poisoning, and RAG manipulation. They'll illustrate why traditional defenses often fail and offer actionable techniques that hackers can leverage to uncover high-impact bugs and increase their earnings. Hackers will leave equipped with fresh attack ideas, strategies for finding unique AI flaws, and insights on effectively demonstrating their severity and value to organizations.

Dane Sherrets

Dane is an Innovations Architect at HackerOne, where he helps organizations run AI-focused bug bounty programs and improve the security of emerging technologies. His work includes winning 2nd place in the Department of Defense AI Bias Bounty competition, discovering critical vulnerabilities in platforms like Worldcoin, and helping design and manage Anthropic's AI Safety Bug Bounty program. Drawing on his background as a bug hunter, Dane blends strategic guidance with hands-on expertise to advance the safety and security of disruptive tech across industries.

Shlomie Liberow

Shlomie Liberow is a security researcher who specialises in translating technical vulnerabilities into actionable business risk for enterprises. He has led technical delivery of live hacking events for major organizations, mediating over $20M in bounty payouts by helping companies understand the real-world impact of bugs within their specific environment and risk profile.

As a researcher, he has personally discovered 250+ vulnerabilities across Fortune 500 companies

Hacking Hotel Locks; The Saflok Vulnerabilities Expanded

Friday 14:00 for 60 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Noah Holland Michigan Technological University (Student)

Josh Stiebel

Organized by Physical Security Village

Saflok locks are present in many hotels and apartments across North America. These locks rely on poorly-secured offline authentication mechanisms, leaving them vulnerable to attackers with basic knowledge about how the system operates. Following up on the initial "Unsaflok" presentation at DEF CON 32 by Lennert Wouters and Ian Carroll, this talk will touch on areas of the system not discussed in the original presentation, such as the handheld programmer, lock programming interface, clarity about the bit fields and unencrypted data in credentials, for yet another example of why you don't rely on security-through-obscurity for security products.

Noah Holland

Noah Holland is a Cybersecurity Undergraduate at Michigan Tech. He is the president of the MTU Linux User's Group and MTU RedTeam, specializing in Access Control & Physical Security.

Website

Josh Stiebel

Josh Stiebel recently graduated with a CS degree from Michigan Tech. He helps run the access control village at various conventions. He is currently walking from Mexico to Canada on the PCT.

Game Hacking 101

Friday 14:00 for 45 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Julian "Julez" Dunning Security Founder & Leader

Organized by GameHacking.GG

Intro basics about concepts in game hacking and security principles within video games.

Julian "Julez" Dunning

Julian has a storied career in cybersecurity, initially focusing on offensive security. He has developed several popular open-source security tools, including statistics-based password-cracking methods. Julian also co-founded Truffle Security, creators of the widely used open-source tool TruffleHog. Recently, he established a new DEFCON village called GameHacking.GG promotes interest and awareness in-game security.

LinkedIn
Website

Modern Odometer Manipulation

Friday 14:30 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

collin

oblivion

Organized by Car Hacking Village

while reading some automotive forums online, i stumbled upon an odometer manipulation device which claims to support 53 different car brands. curious, i purchase this tool with the sole intent of reverse engineering it. i tear down the hardware involved, explain how it is designed to be installed between the instrument panel cluster and the rest of the vehicle and use an open source exploit to extract the internal flash from the locked STM32. next, i explain the process of reverse engineering the extracted binary to find how the device is rewriting can messages to manipulate the odometer value. finally, i explain why odometer manipulation is an issue and share an example of how use of this device can potentially be detected after removal.

collin

oblivion

QRAMM: The Cryptographic Migration to a Post-Quantum World

Friday 14:30 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Emily Fane Lead Cryptography Application Engineer at Niobium

Abdel Sy Fane

Organized by Crypto Privacy Village

With the NIST standardization of post-quantum cryptography, organizations must prepare to transition from legacy cryptographic systems to quantum-resistant alternatives. Yet the scale and complexity of this migration require more than algorithmic swaps—they demand systemic agility and operational readiness. This talk introduces QRAMM (Quantum Readiness Assurance Maturity Model), an open-source framework co-developed by the speaker, designed to evaluate organizational preparedness across four key dimensions: cryptographic visibility, data protection, technical implementation, and governance. This talk introduces QRAMM’s design and practical applications, highlighting its focus on cryptographic agility as a foundation for adaptive, forward-compatible security planning in the quantum era.

Emily Fane

Emily Fane is the Lead Cryptography Application Engineer at Niobium, where she focuses on Fully Homomorphic Encryption (FHE), a quantum-secure technique that enables computation on encrypted data. Her background spans quantum machine learning, applied cryptographic research at Allstate, and published work in number theory. She is also the co-founder of CyberSecurity NonProfit (CSNP.org), a global organization dedicated to improving access to cybersecurity education, training, and events. Emily co-developed the open-source Quantum Readiness Assurance Maturity Model (QRAMM), which provides a structured framework for evaluating how prepared an organization is to migrate from classical cryptography to post-quantum alternatives.

Abdel Sy Fane

Introduction of Loong Community & Financial Identity crime (deepfake) regulation of diferetn jurisdictions

Friday 14:45 for 45 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Noel Wong

KC Wong Hardware Ninja

Organized by Loong Community

The rapid advancement of deepfake technology, powered by generative adversarial networks (GANs), has revolutionized creative industries but poses significant challenges to global financial security through identity fraud. This study examines the legal and regulatory frameworks addressing deepfake-enabled financial crimes in the UK, EU, and Asia, highlighting the growing sophistication of such fraud, exemplified by a 2024 case in Hong Kong where cybercriminals used deepfake video conferencing to defraud a multinational company of $25 million. Employing a comparative legal analysis and case study approach, this research evaluates the effectiveness of existing regulations, identifies enforcement challenges, and analyzes real-world cases to expose legal gaps. Findings reveal that while China has implemented specific deepfake regulations, the UK, EU, and Hong Kong rely on broader fraud and data protection laws, lacking targeted provisions. These inconsistencies hinder prosecution and cross-jurisdictional cooperation. The study proposes balanced regulatory strategies to combat deepfake-enabled financial fraud while fostering AI innovation, offering critical insights for policymakers, legal practitioners, and financial institutions navigating this evolving threat landscape.

Noel Wong

Noel is a Postgardute student of Master Degree in UCL, major in CyberCrime

KC Wong

hardware.ninja is an independent security researcher. He focuses on hardware security researches, penetration test, incidents response and digital forensics analysis. He was the first and the only Asian leading a group of white-hat hackers to hold an in-depth, hands-on hardware hacking village in BLACK HAT and DEFCON. He is also a frequent speaker and trainer in different top-notch security and forensics conferences including SANS, HTCIA, DFRWS, GCC, CodeBlue, HITB, SINCON, AVTokyo and HITCON.

VDP in Aviation - How it shouldn't be done!

Friday 15:00 for 30 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Matt Gaffney United Airlines

Organized by Aerospace Village

Vulnerability Disclosure in Aviation has long been, and continues to be, a very sensitive topic. Whilst large improvements have been made by some in recent years, there are still some corners of the industry who could do much better. Gaffers has experience in both submitting and receiving vulnerability disclosures within the industry and will share some stories highlighting the good, the bad, and the ugly.

Matt Gaffney

Threat Dynamics on the Seas

Friday 15:00 for 45 minutes, at LVCC - L2 - W231 (Creator Stage 3)

John Mauger, Rear Admiral , USCG (Ret.) PORTS LLC

Michael Sulmeyer US DoD (ret.), Georgetown School of Foreign Service

Adam Segal Council on Foreign Relations

Organized by Maritime Hacking Village

The tides are changing. The seas are the key frontier for power projection and commerce by nations, companies, and militaries -- and surveillance and cybersecurity tradecraft are rapidly reshaping sea-side threat dynamics. Join three of the biggest minds national security to explore threats to the maritime domain as the strategic centerpiece for conflict in the digital age. From port cranes to drug smuggling, and Navy ships to undersea cables, the fight is everywhere.

Links:
maritimehackingvillage.com/dc33/talks

John Mauger, Rear Admiral , USCG (Ret.)

Rear Admiral John W. Mauger, USCG (Ret.) is a seasoned executive with over 33 years of leadership experience in the maritime industry, national security, and cyber operations. Known for his foresight, innovative approach to problem solving, and ability to drive change, John has left an indelible mark on every role he’s undertaken—from commanding complex Coast Guard operations to shaping the future of cyber defense.

As Commander of the First Coast Guard District, he led over 12,000 people and oversaw critical port operations in New England, deploying innovative technologies like counter-drone systems to enhance security. John's leadership during the TITAN capsule search and recovery at the TITANIC site highlighted his ability to lead complex crises in the international spotlight.

At U.S. Cyber Command, John revolutionized cyber training, developing a cloud-based environment that modernized cyber exercises and increased readiness. John also served as the Coast Guard’s first Executive Champion the National Naval Officers Association, mentoring future leaders and driving organizational change.

Earlier in his career, John led key regulatory projects for both domestic and international shipping. His work protected mariners and the environment, created new markets for alternative fuels, and established a new international code to safeguard vital Polar regions.

Now leading (PORTS) LLC, John uses his diverse expertise to help clients plan for and navigate complex challenges in the maritime and critical infrastructure industries while enhancing personnel and team performance through effective training.

Michael Sulmeyer

Michael Sulmeyer will start as Professor of the Practice at the School of Foreign Service's Security Studies Program in the fall of 2025. He most recently served as the first Assistant Secretary of Defense for Cyber Policy and as Principal Cyber Advisor to the Secretary of defense. He has held other senior roles involving cyber-related issues with the U.S. Army, the Office of the Secretary of Defense, U.S. Cyber Command and the National Security Council. In academia, he was a Senior Fellow with Georgetown's Center for Security and Emerging Technology. He holds a doctorate in politics from Oxford University where he was a Marshall Scholar, and a law degree from Stanford Law School.

Adam Segal

Adam Segal is the Ira A. Lipman chair in emerging technologies and national security and director of the Digital and Cyberspace Policy program at the Council on Foreign Relations (CFR). From April 2023 to June 2024, Segal was a senior advisor in the State Department's Bureau of Cyberspace and Digital Policy, where he led the development of the United States International Cyberspace and Digital Policy. An expert on security issues, technology development, and Chinese domestic and foreign policy, Segal was the project director for the CFR-sponsored Independent Task Force reports Confronting Reality in Cyberspace, Innovation and National Security, Defending an Open, Global, Secure, and Resilient Internet, and Chinese Military Power. His book The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age (PublicAffairs, 2016) describes the increasingly contentious geopolitics of cyberspace. Segal is also the author of Advantage: How American Innovation Can Overcome the Asian Challenge (W.W. Norton, 2011) and Digital Dragon: High-Technology Enterprises in China (Cornell University Press, 2003), as well as several articles and book chapters on Chinese technology policy.

LinkedIn
Website

Firmware Decryption: For, and By, the Cryptographically Illiterate

Friday 15:00 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Craig Heffner Senior Staff Enigneer at NetRise

Organized by IOT Village

It's no secret that embedded devices are rife with security bugs just waiting to be found. However, vendors increasingly encrypt their firmware to prevent analysis by researchers, professionals, and inquisitive minds. In this talk, we examine common encryption techniques in real-world devices and how to crack the code—with or without hardware.

Craig Heffner

Adversaries at War: Tactics, technologies, and lessons from modern battlefields

Friday 15:00 for 45 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Gregory Carpenter, DrPH Principal Partner at CW PENSEC

Barb Hirz Director of Strategy and Innovation at Nebraska Defense Research Corporation

Bret Fowler, MSGT (Ret) Chief Executive Officer at STAG

John Johnson, Dr CEO at Founder of Aligned Security

Michael Tassey Managing Director at Broadmoor Consulting Inc.

Organized by Adversary Village

Recent conflicts have shown us that wars today aren’t just fought with traditional weapons, they are fought with code, misinformation, and influence. This panel dives into how adversaries are using a mix of traditional and unconventional tactics, from cyber attacks to psychological operations, to gain the upper hand on modern battlefields. We will look at real examples from recent wars, explore the technologies driving these shifts, and discuss what defense, security, and policy leaders need to take away from it all.

Gregory Carpenter, DrPH

Dr. Carpenter is an expert in submolecular information security, specializing in medical IoT, and DNA/nano-tech security, with extensive experience in deception, information warfare, and electronic warfare. His background includes work at the NSA and three decades in government, he has led numerous operations combatting cybercrime, adversarial activity, and counterexploitation theory. A recognized leader in counter-deception, psychological operations, and the application of advanced security techniques, Dr. Carpenter has spoken at numerous international conferences, including several DEFCON villages, Le Hack, Victoria International Privacy and Security Summit, Hack in Paris, Hacker Halted and Cyber Chess. Dr. Carpenter is a member of the Special Operations Medical Association and the Royal Society of Arts, leveraging these networks to advance the integration of security into emerging technologies. With a focus on defending the digital infrastructure at the molecular level, Dr. Carpenter’s work encompasses the intersection of cybersecurity and biological systems, ensuring that both digital and physical infrastructures remain secure against evolving threats.

Barb Hirz

Ms. Barb Hirz is the Director of Strategy and Innovation at the Nebraska Defense Research Corporation, where she leads future capability integration and coordinates with customers and mission partners to ensure effective capability demonstrations. She is dedicated to advancing defense technology, driving mission improvements, and fostering intellectual agility in the workforce to address complex Department of Defense (DoD) challenges. Previously, Ms. Hirz served as Chief Engineer at U.S. Strategic Command, overseeing nuclear mission capability and cyber requirements, and has held positions at the Office of the Secretary of Defense and the National Security Agency. She has a background in commercial banking and IT solutions and holds numerous awards, including the Joint Meritorious Civilian Service Award. Ms. Hirz earned a B.S. in Business Administration from Creighton University, an M.S. in Military Operational Art from the Air Command and Staff College, and a Graduate Certificate in Nuclear Deterrence from Harvard University.

Bret Fowler, MSGT (Ret)

Brett Fowler is a nationally recognized cybersecurity expert and the CEO of STAG, a rapidly growing cybersecurity firm with a global reach and an exponential growth rate of 230% in 2020. A lifelong technology ambassador, Brett began his journey in middle school and has since advised Congressional and Senatorial leaders, while also supporting national efforts, including securing U.S. election systems. Under his leadership, STAG is transforming advanced analytics into accessible web applications, filling critical market gaps.

A former U.S. Air Force Cyber Warfare Operator with over 3,000 hours of cyber operations experience, Brett combines deep technical expertise with agile leadership, driving innovation and resilience in both government and industry. He is a trusted voice on national advisory boards and a frequent lecturer at the University of Texas at San Antonio, where he teaches courses on cybersecurity and entrepreneurship. Brett holds an M.S. in Computer Science from Utica College and lives in San Antonio, TX, with his wife and children.

John Johnson, Dr

Dr. Johnson has over 30 years of experience leading technology and cybersecurity programs at organizations in various industry segments, from startups to large global corporations. He is the CEO and Founder of Aligned Security, providing executive cybersecurity advisory services. He also founded the nonprofit Docent Institute, which promotes career development, cybersecurity education and outreach to professionals, students and underserved communities. He is co-founder of Chicago Cyber Hub, a Midwest center of excellence for Cybersecurity. John has broad industry experience, starting at Los Alamos National Laboratory and subsequently as a security leader at large and small enterprises, including John Deere, Deloitte, and Campbell Soup Company. He has developed and taught numerous university cybersecurity courses online and in person. Dr. Johnson serves on the ISSA International Board of Directors, ISSA Education Foundation, and is an active leader within ISC2, InfraGard, and IEEE. John is concerned with the ethical use of advancing technologies and the opportunities and risks they pose to humanity.

Michael Tassey

Mike Tassey is a cybersecurity strategist with 27 years of experience across defense, finance, and critical infrastructure. At the Air Force Office of Special Investigation, he led red team operations and secured global investigative systems. At NASDAQ, he helped defend the exchange from nation-state cyber threats and re-architect its global security posture. A DEF CON and Black Hat speaker, Mike co-designed the Wireless Aerial Surveillance Platform—the first civilian cyber drone, now in the International Spy Museum.

How We Protect Cat Memes from DDoS

Friday 15:30 for 30 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Spencer "securimancer" Koch

Pratik Lotia Reddit

Organized by DDoS Community

Join us to explore Reddit's defense strategy to handle massive traffic and sophisticated abuse. We'll delve into how Reddit tackles this challenge, from traffic analysis to innovative resiliency techniques, all while understanding why a tailored, in-house approach is vital for such a high-scale platform.

Spencer "securimancer" Koch

Pratik Lotia

Locked Down, Not Locked Out: How I Escaped Your Secure Operator Workstation

Friday 15:30 for 30 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Aaron Boyd

Organized by ICS Village

Organizations across industries rely on "locked down" operator workstations to protect critical systems, but how secure are they really? As a penetration tester, I’ve put these defenses to the test across multiple verticals, using only the tools and permissions available to a standard operator account and on that local machine. Time and time again, despite variations in vendor solutions and industry-specific constraints, I found common weaknesses that allowed me to break out, escalate privileges, and compromise the system—often without triggering alerts.

This talk dives into the recurring security flaws that make these workstations vulnerable, from misconfigurations and weak application controls to a commonly overlooked "living off the land" technique. I’ll walk through real-world breakout scenarios, demonstrating how attackers exploit these weaknesses. But it’s not just about breaking out—I'll also cover practical, vendor-agnostic defenses to harden operator workstations against these attacks. Whether you’re a defender, engineer, or just curious, you’ll leave with a better understanding of the risks and how to make the attackers job that much harder.

Aaron Boyd

Aaron Boyd is an experienced OT Cybersecurity Generalist with over 10 years experience in conducting penetration testing, vulnerability assessments, and threat hunting within complex OT/ICS infrastructures and applications in many different verticals. He is passionate about ensuring robust protection for critical infrastructure and firmly believes in focusing on real security improvements rather than just checking compliance boxes.

Fighting the Digital Blockade: A View from Taiwan

Friday 15:45 for 45 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Jason Vogt USNWC

Shin-Ming Cheng Taiwan Ministry of Digital Affairs

Organized by Maritime Hacking Village

Taiwan stands on the frontlines of digital warfare under the sea. This high-profile panel, led by the Deputy Minister of Digital Affairs of Taiwan will feature a gripping discussion on the silent battles waged beneath the sea. From sabotage of undersea infrastructure to the geopolitics of cyber-resilience, panelists will recall the threats and Taiwan's efforts to defend. Don’t miss this rare opportunity to explore the technical and political dimensions of the new global dynamic -- the digital blockade.

Links:
maritimehackingvillage.com/dc33/talks

Jason Vogt

Jason Vogt is an assistant professor in the Strategic and Operational Research Department, Center for Naval Warfare Studies at the United States Naval War College. Professor Vogt is a cyber warfare and wargaming expert. He has participated in the development of multiple wargames at the United States Naval War College. He previously served on active duty as an Army officer.

Shin-Ming Cheng

Prof. Shin-Ming Cheng received his B.S. and Ph.D. degrees in computer science and information engineering from National Taiwan University, Taipei, Taiwan, in 2000 and 2007, respectively. Since 2022, he serves as the Deputy Director-General in Administration of Cyber Security, Ministry of Digital Affairs. He was a Post-Doctoral Research Fellow at the Graduate Institute of Communication Engineering, National Taiwan University, from 2007 to 2012. Since 2012, he has been on the faculty of the Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology, Taipei, where he is currently a professor. Since 2017 to 2022, he has been with the Research Center for Information Technology Innovation, Academia Sinica, Taipei, where he was currently a Joint Appointment Research Fellow.

LinkedIn
faculty.csie.ntust.edu.tw/~smcheng/

Secure Code Is Critical Infrastructure: Hacking Policy for the Public Good

Friday 15:45 for 45 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Tanya "SheHacksPurple" Janca Security Advocate at Semgrep

Organized by Policy @ DEF CON

Tanya "SheHacksPurple" Janca

Tanya Janca, aka SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Secure Coding', 'Alice and Bob Learn Application Security’ and the ‘AppSec Antics’ card game. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger. Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counter-terrorism, led security for the 52nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software. Tanya currently works at Semgrep as a Security Advocate.

Alice and Bob Learn Secure Coding
Blog
Bluesky
LinkedIn
Mastodon (@SheHacksPurple@infosec.exchange)
Sessionize
Website

Adversarial mindset, thinking like an attacker is no longer optional

Friday 15:45 for 45 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Abhijith "Abx" B R Founder/Director at BreachSimRange Founder at Adversary Village

Keenan Skelly

Organized by Adversary Village

As threat actors evolve in speed, sophistication, and stealth, traditional defense strategies alone are no longer sufficient. This panel delves into the strategic importance of adopting an adversarial mindset, where defenders must think like attackers to stay ahead. Industry experts will discuss how adversary emulation and offensive cyber security techniques are being used not just to test systems, but to actively inform and strengthen defensive strategies. From red teaming to threat-informed defense, the panel will dive into how organizations are embedding adversarial thinking into their security programs to uncover blind spots, reduce response times, and build resilience against real-world threats. Whether you are defending an enterprise or building the next wave of security tools, embracing the adversarial mindset is no longer optional, it is essential. The panel will also cover a range of adversarial scenarios, including not only nation-state sponsored threat actors and targeted cyberattacks, but also the evolving warfare landscape witnessed recently, the use of technology by adversaries during conflicts, and effective countermeasures to address these challenges.

Abhijith "Abx" B R

Abhijith B R, also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry. Currently he is involved with multiple organizations as a consulting specialist, to help them build offensive security operations programs, improve their current security posture, assess cyber defense systems, and bridge the gap between business leadership and cyber security professionals. Abhijith’s professional exposure is stretched across multiple industries and various other sectors. As the founder of Adversary Village, Abhijith spearheads a community driven initiative exclusively focused on adversary simulation, adversary tactics, purple teaming, threat-actor/ransomware research-emulation, and offensive security-adversary tradecraft.

Company Website
LinkedIn

Keenan Skelly

Keenan Skelly is a nationally recognized cybersecurity and emerging technology strategist with 25 years of experience across government, private sector, and entrepreneurial leadership. She, most recently served as a Senior Policy Advisor at the White House Office of the National Cyber Director (ONCD), where she guided national initiatives on cybersecurity workforce, AI policy, and strategic technology development. A former Plank Owner of NPPD at DHS of the Comprehensive Review Program (the predecessor to CISA), Keenan also led multi-agency counter-IED and critical infrastructure protection programs across the federal government. She has founded and led multiple tech startups focused on threat intelligence, cybersecurity, and gamified training; and is the Founder of the XRVillage. Named one of the Top 25 Women in Cybersecurity, she is a frequent speaker on national security, AI, and immersive technology. Her unique background blends operational expertise, policy acumen, and visionary innovation.

Cybersecurity in Latin America: The Untold Stories of Resilience & Innovation

Friday 16:00 for 30 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Giovanni Cruz Forero COO at 7 Way Security

Organized by La Villa

Latin America faces a perfect storm of cyber threats—sophisticated criminal networks, underfunded defenses, and systemic vulnerabilities. Yet, within this chaos lies an untold narrative of adaptation, recursion, and community-driven resilience.

Giovanni Cruz Forero

Professional in Cybersecurity with 20 years of experience in the sector, seeks to share knowledge using his experience and knowledge and currently works as COO of 7 Way Security, organizer of BSides Colombia, La Villa and other spaces for building collective knowledge.

Profesional en Ciberseguridad con 17 años de experiencia en el sector, busca compartir conocimiento haciendo uso de su experiencia y conocimiento y en este momento trabaja como CEO de Be Hacker Pro donde plantea estrategias para el fortalecimiento del capital humano con talentos en ciberseguridad, es cofundador de CSIETE y 7 Way Security, organizador de BSides Colombia, HackLab Bogotá y otros espacios de construcción de conocimiento colectivo.

LinkedIn
Website

Hacking a head unit with malicious PNG

Friday 16:00 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Danilo Erazo

Organized by Car Hacking Village

In this talk, I reveal the discovery of a novel RTOS running on automotive head units, uncovered through hardware hacking and reverse engineering. This RTOS, found in thousands of vehicles, exhibits numerous bugs and intriguing functionalities. I demonstrate how a crafted PNG file was used as a backdoor to compromise the system, highlighting both the innovative features and critical vulnerabilities present in current automotive technologies.

Danilo Erazo

Bio-Cryptography is the Game-Genie in a post quantum dystopia

Friday 16:00 for 30 minutes, at LVCC - L2 - W229 (Creator Stage 5)

James Utley, PhD

Organized by Biohacking Village

Defcon 32 we discussed how to transfect DNA using a lighter in the privacy of your home, Defcon 33 we want to bring the next phase which is BioCypher. BioCypher is a tool that will help with plasmid design to embed cryptographic messages. As quantum computing threatens traditional encryption, it’s time to ditch silicon and embrace self-assembling biomolecular firewalls. DNA Origami Cryptography (DOC) uses viral scaffolds to create nanometer-scale encryption keys over 700 bits long—strong enough to give Shor’s algorithm an existential crisis. Beyond brute-force resistance, DOC enables protein-binding steganography and multi-part message integrity, allowing encrypted communication through braille-like molecular folds. Whether securing classified data or encoding musical notes into microscopic strands, DOC offers a biological alternative to post-quantum doom. In this talk, we’ll explore how molecular self-assembly is turning DNA into the hacker-proof cipher of the future, now introducing Biocypher! The rough demo awaits for all to use the tool and think about a bio-crypto-future!

James Utley, PhD

Dr. James Utley, PhD, is a Johns Hopkins-trained Immunohematology expert, CABP, and AI/data science leader. As Technical Director, he led 150K+ cellular transfusions, advancing DoD and FDA-approved therapies. A bold biohacker, he pioneers CRISPR/genetic engineering, earning the moniker “the pirate.”

Quiet Confidence: An Introvert's Journey to Technical Public Speaking

Friday 16:30 for 30 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Emma Yuan Fang Senior Security Architect at EPAM

Organized by BBWIC Foundation

Public speaking is a powerful tool for career growth, thought leadership, and community impact, but for introverts and underrepresented folks in cybersecurity, the stage can feel intimidating. As a woman in cybersecurity, I understand firsthand the challenges we face in getting our voices heard. On average, women only represent 25% of speakers at tech conferences, it's clear that something is holding us back.

This talk will be focused on my personal journey from zero public speaking experience to delivering nine technical talks at international conferences in just one year. I'll share how I built confidence, overcame stage fright, and embraced my unique perspective to share knowledge and inspire others.

In this session, we'll explore the reasons behind women's underrepresentation at tech conferences, and provide practical tips on:

How to manage nervousness and overcome stage fright. Preparing like a pro - build technical talks that resonate with diverse audiences. Turning introverted traits into strength in public speaking

Whether you’re a first-time speaker or a seasoned pro, walk away with actionable tools to find speaking opportunities, craft CFPs and deliver talks that leave a lasting impact.

Emma Yuan Fang

Emma is a Senior Security Architect at EPAM, specialising in developing and executing security strategies and architecting cloud solutions. With over 10 years of experience in cyber, she has led projects and technical workshops focused on cloud transformation and cloud-native application development. Beyond her professional role, Emma is dedicated to advocate for a more diverse cyber workforce through community volunteering and public speaking. She is a passionate mentor, volunteers at the leadership team of WiCyS UK&I affiliate, Google's Techmakers ambassador, and serves as a member of Industry Advisory Board at the University of Buckingham in the UK.

Burning, trashing, spacecraft crashing: a collection of vulnerabilities that will end your space mission

Friday 16:30 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Andrzej Olchawa VisionSpace Technologies

Milenko Starcik VisionSpace Technologies

Ayman Boulaich

Ricardo Fradique Cybersecurity Engineer at VisionSpace Technologies GmbH

Organized by Aerospace Village

The frequency of space missions has been increasing in recent years, raising concerns about security breaches and satellite cyber threats. Each space mission relies on highly specialized hardware and software components that communicate through dedicated protocols and standards developed for mission-specific purposes. Numerous potential failure points exist across both the space and ground segments, any of which could compromise mission integrity. Given the critical role that space-based infrastructure plays in modern society, every component involved in space missions should be recognized as part of critical infrastructure and afforded the highest level of security consideration.

This briefing highlights a subset of vulnerabilities that we identified within last couple of years across both ground-based systems and onboard spacecraft software. We will provide an in-depth analysis of our findings, demonstrating the impact of these vulnerabilities by showing our PoC exploits in action—including their potential to grant unauthorized control over targeted spacecraft. Additionally, we will show demonstrations of the exploitation process, illustrating the real-world implications of these security flaws.

Andrzej Olchawa

Milenko Starcik

Ayman Boulaich

Ayman Boulaich is a cybersecurity researcher specializing in vulnerabilities within aerospace systems. He has contributed to identifying critical security issues in NASA's open-source software frameworks, such as Core Flight System (cFS) and CryptoLib.

Ricardo Fradique

Ricardo Fradique is a Cybersecurity Engineer at VisionSpace Technologies GmbH, with a focus on Offensive Security and Vulnerability Research. He has been credited in several CVEs, and a regular CTF player.

Access Control Done Right the First Time

Friday 16:30 for 30 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Tim Clevenger

Organized by Physical Security Village

Are you looking to install or upgrade a physical access control system? Having installed, repaired and upgraded dozens of large and small access control systems, I have found that many vendors install a "minimum viable product" that can leave your system unreliable and trivial to bypass.

This session will give you the tools and knowledge you need to work with your vendor to implement your system using best practices in the following areas:

Wiring, supervision, encryption and tamper-resistance
Choosing clone-resistant badges and securely configuring badge readers
Securing controller equipment and managing issued badges
Maintaining the system for maximum security and uptime

Tim Clevenger

As a low voltage hardware junkie, Tim has had the opportunity to design, expand, upgrade and repair numerous physical access control, alarm and video systems, including a stint at a security vendor where he was certified in Lenel/S2 access and video. Tim works today at SailPoint as a Cybersecurity Network Engineer.

Context Aware Anomaly Detection in Automotive CAN Without Decoding

Friday 16:30 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Ravi Rajput

Organized by Car Hacking Village

Modern vehicles operate as real-time cyber-physical systems, where even subtle manipulations on the CAN bus can lead to catastrophic outcomes. Traditional anomaly detectors fall short when malicious actors mimic expected sensor behaviors while altering the vehicle's state contextually. This talk explores how exploiting inter-signal correlations — rather than relying on individual identifiers or decoding — uncovers stealthy attacks. We present a deep sequence-learning approach tailored for raw CAN payloads, focusing on time-aware and context-sensitive detection. No reverse engineering of signal structures. Just patterns, timing, and trust redefined. Live demo included using real-world CAN datasets and emulated environments.

Ravi Rajput

Smart Bus Smart Hacking: From Free WiFi to Total Control

Friday 16:30 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Chiao-Lin "Steven Meow" Yu Senior Red Team Cyber Threat Researcher at Trend Micro Taiwan

Kai-Ching "Keniver" Wang Senior Security Researcher at CHT Security

Organized by Car Hacking Village

Have you ever wondered how the On-Board Units (OBUs) in smart buses communicate and authenticate with Advanced Public Transportation Services (APTS) and Advanced Driver Assistance Systems (ADAS)? Shockingly, these systems can be easily tampered with and forged! In this session, We will share over 10 different vulnerabilities discovered from real experiences riding public transit: starting from connecting to the bus-provided free WiFi, hacking into the vehicular router, gaining access to the bus’s private network area, and ultimately controlling the communication between ADAS and APTS—including manipulating onboard LED displays, stealing driver and passenger information, acquiring bus operational data, and even penetrating the backend API servers of the transportation company. We also uncovered severe vulnerabilities and backdoors in cybersecurity-certified vehicular routers and monitoring equipment that could potentially compromise all global units of the same model. Through this presentation, attendees will gain an in-depth understanding of attack vectors starting from open free WiFi, expose security design flaws in connected public transport vehicles, and discuss potential systemic issues from a regulatory and specification-setting perspective.

Chiao-Lin "Steven Meow" Yu

Chiao-Lin Yu (Steven Meow) currently serves as a Senior Red Team Cyber Threat Researcher at Trend Micro Taiwan. He holds numerous professional certifications including OSCE³, OSEP, OSWE, OSED, OSCP, CRTP, CARTP, CESP-ADCS, LPT, CPENT, GCP ACE. Steven has previously presented at events such as HITCON Training 2025, Security BSides Tokyo 2023, and CYBERSEC 2024, 2025. He has disclosed 30+ CVE vulnerabilities in major companies like VMware, D-Link, and Zyxel. His expertise spans Red Team exercises, Web security, IoT security and Meow Meow security.

Kai-Ching "Keniver" Wang

Kai-Ching Wang (Keniver) is a Senior Security Researcher at CHT Security. He specializes in red team assessments and comprehensive security reviews, with a current focus on hacking IoT devices and cloud-native infrastructure. He has presented his research on the security of cloud-connected IoT camera systems at conferences such as SECCON in Japan and HITCON in Taiwan.

The depths that marketers will plummet to

Friday 16:30 for 30 minutes, at LVCC - L2 - W233 (Creator Stage 1)

4dw@r3

Organized by Crypto Privacy Village

In the run up to Google’s plans to dump 3rd party cookies, marketing firms (a $1.7 TRILLION dollar industry) were sent into a complete panic. These firms relied heavily on 3rd party cookies in order to better attribute CPM (cost per 1000 clicks) and how many of those clicks turned into sales. So advertisers could better study human behavior and trends in order to more effectively sell products.

As a former Security Engineer at the Largest Independent Digital Marketing firm in the world, I had a unique view into the evils that these companies were developing in order to not only maintain a few into consumer trends but to increase these views, increase the invasiveness of these techniques, and increase the cooperation between all levels of the industry from display point (streaming service), device point (iPhone, TV), location points (via ISP), to sales point.

This talk is a peek under the curtain for the server side data harvesting that agencies have developed, and how they’ve managed to twist this further invasion into so-called consumer protection and increased privacy.

4dw@r3

4dw@r3 (they/them) is a dedicated security and risk management expert with extensive experience navigating complex environments. Sean excels at developing a comprehensive understanding of intricate systems and crafting strategic roadmaps to revitalize security programs. By identifying high-risk areas and optimizing the use of existing resources, Sean removes barriers between teams to enhance communication and coordination, driving effective security outcomes. Beyond their professional pursuits, Sean finds joy in backpacking through the mountains with their adventurous Australian Shepherd and twins, embracing the serenity of nature and the thrill of exploration.

Protect Your Privacy Online and on the Streets with EFF Tools

Friday 17:00 for 60 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Thorin Klosowski

Cooper "CyberTiger" Quintin Senior Staff Technologist at EFF

Cliff Braun EFF

Alexis Hancock Director of Engineering at EFF

Organized by Women in Security and Privacy (WISP)

The Electronic Frontier Foundation (EFF) has been protecting your rights to privacy, free expression, and security online for 35 years! One important way we push for these freedoms is through our free, open source tools. We’ll provide an overview of how these tools work, including Privacy Badger, Rayhunter, Certbot, and Surveillance-Self Defense, and how they can help keep you safe online and on the streets. You’ll meet EFF’s Director of Engineering Alexis Hancock; Associate Director of Technology Policy and Research Cliff Braun; Senior Staff Technologist Cooper Quintin; and Security and Privacy Activist Thorin Klosowski.

This talk was brought to Community Stage in partnership with Women in Security and Privacy (WISP)! To learn more about WISP, visit their Community & Inclusion Room in LVCC Level 1, West Hall 4, C208.

Thorin Klosowski

Thorin is the Security and Privacy Activist at EFF, where he focuses on providing practical advice to protecting online security, including handling much of Surveillance Self-Defense.

Cooper "CyberTiger" Quintin

Cooper Quintin is a senior public interest technologist with the EFF Threat Lab. He has given talks about security research at prestigious security conferences including Black Hat, DEFCON, Shmoocon, and ReCon about issues ranging from IMSI Catcher detection to Femtech privacy issues to newly discovered APTs. He has two children and is very tired.

Cooper has many years of security research experience on tools of surveillance used by government agencies.

Cliff Braun

Alexis Hancock

Alexis is an expert technologist and researcher on the security vulnerabilities which plague consumer electronics, and can speak to the disparate impact they have on communities.

Moonlight Defender - Purple Teaming in Space!

Friday 17:00 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Ben Hawkins The Aerospace Corporation

Organized by Aerospace Village

The Moonlight Defender purple team exercise series provides a low-cost, modular, and scalable exercise framework for realistic space-cyber training—even in environments with restricted access, limited visibility, and contested information flows.

Designed and run by The Aerospace Corporation, MITRE, and AFRL, these exercises integrate purple teaming methodologies, enabling offensive and defensive cyber operators to refine their Tactics, Techniques, and Procedures (TTPs) in a high-fidelity, live-fire setting.

Moonlight Defender 1 (MD1) leveraged the Moonlighter satellite and Aerospace’s Dark Sky cyber range to train operators in adversarial emulation, space asset defense, and real-world cyber ops under extreme constraints. Building on this, Moonlight Defender 2 (MD2) introduced virtual satellite simulators, ICS/OT systems, and enterprise environments, pushing the limits of how we access and test cyber defenses in space-based systems.

These exercises broke down traditional silos and operationalized space hacking, proving that security through obscurity fails in space just as it does on Earth. Attendees will get a behind-the-scenes look at real-world space-cyber exercises, from attack chain development to defense strategy refinement, all within the context of operating under limited access and denied environments. Expect insights into methodologies, tools, lessons learned, and how the hacker community can shape the future of space-cyber operations.

Ben Hawkins

They deployed Health AI on us. We’re bringing the rights & red teams.

Friday 17:00 for 30 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Andrea Downing

Organized by Biohacking Village

AI is rapidly reshaping healthcare—from diagnostics to mental health chatbots to surveillance inside EHRs—often without patient consent or clear oversight. The Patient AI Rights Initiative (https://lightcollective.org/patient-ai-rights/) lays out the first patient-authored ethical framework for Health AI. Now it’s time to test it like any other system: for failure, bias, and exploitability.

We’ll introduce the 7 Patient AI Rights and challenge participants to stress test them through the lens of security research. Working in small groups, you'll choose a Right and explore how it could break down in the real world.

Together, we’ll co-create early prototypes for a “Red Teaming Toolkit for Health AI” to evaluate Health AI systems based on the priorities of the people most impacted by them: patients.

This session is ideal for patient activists, engineers, bioethicists, and anyone interested in building accountable, rights-respecting AI systems from the outside in.

Andrea Downing

All your keyboards are belong to us!

Friday 17:00 for 60 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Federico Lucifredi Product Management Director for Ceph Storage at IBM and Red Hat

Organized by Hardware Hacking and Soldering Skills Village (HHV-SSV)

This is a live tutorial of hacking against keyboards of all forms. Attacking the keyboard is the ultimate strategy to hijack a session before it is encrypted, capturing plaintext at the source and (often) in much simpler ways than those required to attack network protocols.

In this session we explore available attack vectors against traditional keyboards, starting with plain old keyloggers. We then advance to "Van Eck Phreaking" style attacks against individual keystroke emanations as well as RF wireless connections, and we finally graduate to the new hotness: acoustic attacks by eavesdropping on the sound of you typing!

Use your newfound knowledge for good, with great power comes great responsibility!

A subset of signal leak attacks focusing on keyboards. This talk is compiled with open sources, no classified material will be discussed.

Federico Lucifredi

Website

Of Stochastic Parrots and Deterministic Predators: Decision-Making in Adversarial Automation

Friday 17:00 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Bobby Kuzma Director - Offensive Cyber Operations at ProCircular

Michael Odell Cyber Security Consultant

Organized by Adversary Village

In an era where AI systems oscillate between mimicking human-like randomness and executing precise, predatory strategies, understanding decision-making in adversarial automation is critical. This talk explores the tension between "stochastic parrots"; generative models that produce probabilistic outputs, and "deterministic predators," systems designed to behave in a predictable pattern in adversarial settings. We will delve into the mechanics of decision-making under uncertainty, examining how these systems navigate competitive environments, from game-playing AIs to cybersecurity defenses. Attendees will gain insights into the algorithms driving these dynamics, and where the technology is heading. We will be releasing tooling around our deterministic TTP selection engine.

Bobby Kuzma

Bobby Kuzma is a seasoned offensive security researcher with a long running interest in computational decision making. He currently runs the Offensive Cyber Operations team at ProCircular.

Michael Odell

A nerd who likes playing with computers

Satellite Networks Under Siege: Cybersecurity Challenges of Targeted DDoS Attacks

Friday 17:00 for 30 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Roee Idan Ben Gurnion University

Organized by Aerospace Village

Satellite Networks Under Siege: Cybersecurity Challenges of Targeted DDoS Attacks explores how the rapid evolution of Low Earth Orbit constellations, such as those providing global broadband, has introduced a new frontier of cybersecurity challenges. This presentation delves deep into the unique vulnerabilities of satellite networks—including dynamic topologies, limited bandwidth, and predictable orbital patterns—that enable adversaries to execute persistent, targeted DDoS attacks with minimal botnet footprints. Attendees will learn about advanced attack methodologies and frameworks—exemplified by research on approaches like the HYDRA framework—that optimize botnet composition and allocation for multi-zone disruptions. Combining detailed theoretical models, simulation results, and optimization techniques, this talk provides a comprehensive analysis of both attack strategies and the emerging countermeasures. Focusing on enhancing cybersecurity for critical communication infrastructures, this session presents actionable insights drawn from thorough analysis and illustrative case studies, offering practical recommendations and a clear framework for understanding both offensive tactics and defensive measures essential for securing satellite communications.

Roee Idan

Vibe School: Making dumb devices smart with AI

Friday 17:30 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Katie "InsiderPhD" Paxton-Fear Principal Security Researcher at Traceable by Harness

Organized by IOT Village

Smart home technology often comes with a hefty price tag, particularly for specialized devices like weather stations. So instead I did it myself, instead of buying an expensive 'smart' device, I integrated a conventional weather station into Home Assistant. With AI-powered assistance and "vibe coding" approach, even complex devices can be made smart. From sniffing device communications to getting Gemini to generate C++. With modern AI tools, empowering your existing "dumb" devices is more accessible and achievable than ever before, opening up a world of custom smart solutions without breaking the bank.

Katie "InsiderPhD" Paxton-Fear

Dr Katie Paxton-Fear is an API security expert and a Security Advocate at Semgrep, in her words: she used to make applications and now she breaks them. A former API developer turned API hacker. She has found vulnerabilities in organizations ranging from the Department of Defense to Verizon, with simple API vulnerabilities. Dr Katie has been a featured expert in the Wall Street Journal, BBC News, ZDNet, The Daily Swig and more. As she shares some of the easy way hackers can exploit APIs and how they get away without a security alert! Dr Katie regularly delivers security training, security research, to some of the largest brands worldwide. She combines easy-to-understand explanations with key technical details that turn security into something everyone can get.

LinkedIn
LinkedIn
X (Twitter)

Hacking the Nautical Rules of the Road: Turn Left for Global Pwnage

Friday 17:30 for 30 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Amp Co-Host of The Material Condition Podcast

Data Director of Cyber & Technology

Organized by Maritime Hacking Village

As part of their training and certifications, most professional mariners memorize the ‘nautical rules of the road’. The International Regulations for Preventing Collisions at Sea (COLREGs), form the foundation of maritime safety by establishing predictable behaviors and shared responsibilities between vessels. This a system with built-in protection and fall-back plans, tried and tested over a long history. But for hackers or cyber defenders—who might not know starboard from Starbucks— understanding these norms may mean the difference between big effect or no effect. Our talk focuses on one memorable guideline that ship drivers often fall back on: Don’t Turn To Port (unless you’re absolutely sure it’s safe). There is plenty of good research out there about how cyber-physical systems such as rudder angle controllers can be manipulated on manned and unmanned systems. There is good writing on the threats unique to maritime choke points. But agnostic to the location, why would cyber manipulation of a rudder to induce a port turn be worse than a starboard one? Our talk will touch briefly on how the rules influence legal liability for collisions at sea, and conclude with encouragement for people to learn the rules of the road and further their own journey in understanding the maritime profession.

Links:
maritimehackingvillage.com/dc33/talks

Amp

AMP spent 10 years driving ships around the globe—now captains a CTF team instead. With an undergrad in electrical engineering and working on a master’s in info systems engineering, AMP made the jump from maritime grit to digital ops, bringing salty sea stories and a screwdriver to every hacking challenge. They’ve co-hosted episodes of Sea Control (CIMSEC) and The Yoke Report, poking at the strange edges of maritime security, cyber policy, and why everything breaks at 2 AM. Into hardware hacking, retro gaming, and running text-based RPGs.

Mastodon (@amp@defcon.social)
Website

Data

data is a retired Air Force Cyber Warfare Officer with over 20 years of operational experience. He's a CNODP and RIOT grad with a Comp Sci BS from the USAF Academy and a Master's in Cyber Ops from the Air Force Institute of Technology. He's been certified in all 3 NSA Red Team work roles, all 3 offensive SIGINT work roles, qualified in all 6 Cybercom offensive work roles and personally engaged real-world, nation-state-level actors, malware and targets in air, land, sea, space & cyberspace both offensively and defensively. And he's done so with the US, UK, Canada, Australia and New Zealand. He also helped make those cool starship badges you've seen around DEFCON.

LinkedIn
Mastodon (@data@defcon.social)

Quantum-Resistant Healthcare

Friday 17:30 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Katarina Amrichova Siemens-Healthineers

Organized by Biohacking Village

Quantum computers are steadily improving, and experts estimate that within the next 30 years, quantum computers will be able to break certain cryptographic algorithms, such as those used to protect against eavesdropping during internet communications. All industries—especially those hosting critical infrastructure like healthcare—need to prepare for this shift and begin transitioning to post-quantum cryptography to ensure quantum resistance. In this talk, we will discuss the quantum threat and use specific examples from Siemens Healthineers’ environment to highlight the key aspects vendors must consider when transitioning to post-quantum cryptography.

Katarina Amrichova

Katarina has a deep appreciation for reverse engineering, exploit development and cryptography.

Crossing the Line: Advanced Techniques to Breach the OT DMZ

Friday 17:30 for 30 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Christopher Nourrie SCE

Organized by ICS Village

As industrial environments become increasingly interconnected, the OT DMZ stands as a critical yet vulnerable boundary between enterprise IT networks and operational technology. In this talk, we expose the offensive strategies adversaries use to penetrate the OT DMZ and pivot into sensitive control system networks. Drawing from real-world red team operations and threat intelligence, we’ll explore how misconfigured remote access solutions, poorly segmented architectures, and legacy services create exploitable pathways into industrial environments. Attendees will gain insight into tradecraft used to move from enterprise footholds into OT networks, including techniques for identifying and abusing jump hosts, proxy services, Citrix gateways, and RDP relays. We’ll demonstrate practical TTPs for lateral movement, credential access, and evasion within the DMZ layer—highlighting how assumptions about segmentation often fall short in practice. Finally, we’ll discuss defensive takeaways to help asset owners detect and mitigate these threats before they escalate. This presentation is aimed at offensive security professionals, defenders, and industrial security leaders seeking to understand how the OT perimeter is being targeted—and how to better protect it.

Christopher Nourrie

Christopher Nourrie is a threat hunter at Southern California Edison (SCE). He specializes in IT and OT threat hunting while supporting the Red Team program. With over 11 years of experience in offensive security, his expertise includes penetration testing, network security assessments, and adversary emulation. Before joining SCE, Chris was a Principal Penetration Tester at Dragos, Inc., concentrating on red teaming and penetration testing within industrial environments. He also served as an Exploitation Analyst at the National Security Agency (NSA) within the Tailored Access Operations (TAO) division under U.S. Cyber Command, supporting offensive cyber operations. His expertise encompasses open-source intelligence (OSINT), network reconnaissance,, and advanced attack methodologies. Chris also played a pivotal role in cybersecurity education, teaching advanced adversary tactics at the NSA’s National Cryptologic School. He is the author of Pentesting Industrial Networks and delivers an OT penetration testing course that helps security professionals strengthen their industrial cybersecurity defenses. Chris is a dedicated researcher who studies advanced threat actor tactics, techniques, and procedures (TTPs) targeting enterprise and industrial environments. He continuously integrates emerging insights into his tradecraft, refining methodologies to stay ahead of evolving cyber threats. His contributions to the field help organizations bolster their security posture against sophisticated adversaries.

How Not to IoT: Lessons in Security Failures

Saturday 10:00 for 60 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Zoltan "zh4ck" Balazs Principal Vulnerability Researcher at CUJO AI

Organized by Embedded Systems Village

Welcome to the “fun” world of IoT, where security is often an afterthought and vulnerabilities lurk around every corner. This presentation is a guide for vendors on what not to do when designing IoT devices and a survival manual for users to spot insecure gadgets. Ever wondered if your IoT device is spilling your home WiFi secrets to the cloud over HTTP? Spoiler alert: maybe :) Pairing your device over open WiFi and HTTP while providing your home WiFi credentials? Just to vacuum clean your home?
How about IoT devices lying about their Android version? But don’t worry, it already comes with malware pre-infected. Wouldn’t it be nice to access the clear-text admin passwords before authentication? How about multiple different ways to do that? Would you like to see reverse engineering an N-day command injection vulnerability in the login form of a popular NAS device? What could be the easiest way to figure out the (static) AES encryption key for a home security alarm solution? Just RTFM! Why bother with memory corruption when command injection is still the king of IoT threats? I'll break it down for you, with an analysis of challenges with scalable IoT memory corruption exploits, and the challenges with blind ROP. Last but not least, let’s discuss why Busybox is “not the best” choice for IoT development.

Zoltan "zh4ck" Balazs

Zoltan (@zh4ck) is a Principal Vulnerability Researcher at CUJO AI, a company focusing on smart home security. Previously he worked as a CTO for an AV Tester company, as an IT Security expert in the financial industry, and as a senior IT security consultant. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes, and is partially “responsible” for an IoT botnet infecting 600K devices.

I am a big fan of offsec certs, currently holding OSEP, OSED, OSCE, OSCP, and OSWP.

LinkedIn
Mastodon (@zh4ck@infosec.exchange)
Website

Anotomy of Telecom Malware

Saturday 10:00 for 45 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Akib Sayyed Founder at Matrix Shell

Organized by Telecom Village

“Anatomy of Telecom Malware” is a Telecom Village talk spanning 2G, 3G, 4G/LTE and cloud-native 5G. It dissects how attackers weaponise every layer of the stack—SS7/SIGTRAN, Diameter, GTP, SMPP and SBA APIs—while adding three critical lenses:

Supply-chain infiltration: poisoned firmware builds and compromised eSIM-provisioning servers that let implants enter the core before day 0.
Transit-based backdoors: malware such as the LightBasin “GTPDoor” family that hides its C2 inside roaming GTP-C/U tunnels, crossing operator boundaries unnoticed.
Field-proven attacks: campaigns like SIMjacker’s SS7/S@T-browser exploitation for OTP interception and recent SS7-redirect bank-fraud cases, plus roaming-hub spyware and diameter peer-scraping seen in the wild.

Attendees leave with a telecom-specific kill-chain map, protocol-aware detection tricks, and a 10-point hardening checklist to protect both legacy and future networks.

Akib Sayyed

Akib Sayyed is the Founder and Chief Security Consultant of Matrix-Shell Technologies, an India-based telecom-security firm he established in 2014. Recognised industry-wide as a 5G and telecom-signalling security specialist, Akib has spent more than a decade helping mobile-network operators, MVNOs and regulators uncover and remediate vulnerabilities across legacy (2G/3G/4G) and next-generation (5G Core, VoLTE/VoNR/VoWi-Fi) networks. His expertise spans protocol penetration testing (SS7, Diameter, GTP), radio-access assessments and security-automation tooling.

Under Akib’s leadership, Matrix-Shell has grown into India’s first NCCS-designated 5G Core security test lab and holds ISO/IEC 17025 accreditation for its methodology and results. A frequent conference speaker and Black Hat trainer, he also co-organises the Telecom Village community, where he shares latest threat-intel and open-source tools with the wider security ecosystem. linkedin.com

Across consulting engagements, Akib is known for delivering:

Policy-aligned testing mapped to 3GPP TS 33.xxx, GSMA FS-series and ITSAR frameworks.
Automated scanners that cut signalling-assessment time from weeks to hours.
Action-oriented reports complete with PCAP evidence and remediation playbooks.

Driven by a mission to “secure the core,” Akib continues to advise operators on rolling out resilient 5G infrastructure, mentors the next wave of telecom-security engineers and contributes to global standards bodies shaping the future of mobile-network defence.

Critically Neglected: Cybersecurity for buildings

Saturday 10:00 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Thomas Pope JIL

Organized by ICS Village

Buildings are largely overlooked when it comes to cyber security. The onus is typically placed on physically securing the building and the people inside of them. What most gloss over is the fact that industrial control systems run these buildings and without them, every day functions become unavailable and downright dangerous. The dangers are growing as buildings become more "connected" and require internet access to operate (ex. sustainability and IoT). Malicious use of engineering protocols (Modbus, Fox, BACNet) and targeted attacks against BAS systems are growing (ex. KNXLock).”

Environments run the gamut from overly secure, to the point of crippling, all the way to leaving RDP exposed with no logging or MFA to critical systems. There is no easy fix, properties must invest in technology and people to create a defensible environment. This presentation will show how cyber security can be enabled which fits with the business's operations and minimal disruption.

Building types are not constrained to only office space. Properties come in all varieties from warehouses and manufacturing spaces to data centers and shopping malls. All of this needs to be taken into account when assessing the environment and recommending tools and procedures. This talk will cover common architectures seen, typical control systems found in buildings (BMS, FLS, elevator, lighting, power...), reproducible steps to help companies/users understand their vulnerabilities and how we, as an industry, move forward.

For the most part, these are not technical problems, but a literal gap that needs to be addressed directly by budgetary and policy controls. The industry is pushing for cybersecurity budgeting, standards and visibility for properties, which are largely ignored or misunderstood by owners and operators. This is a solvable problem and I want attendees to feel empowered to ask tough questions and be prepared to have an educated conversation about the risks and not use fear mongering or scare tactics to get cybersecurity put in place.

Thomas Pope

Thomas Pope is the Head of Property Cybersecurity at Jones Lang Lasalle (JLL). His team assists customers and internal teams with securing control systems at their properties and how to accomplish cybersecurity at scale with regards to building operations. Previous stints including leading incident response engagements at Cisco Talos as an Incident Commander, Adversary Hunter at Dragos; searching for ICS-specific adversaries and standing up multiple cybersecurity programs at Duke Energy.

Regex For Hackers

Saturday 10:00 for 60 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Ben "nahamsec" Sadeghipour Co-Founder & CEO at HackingHub

Adam "BuildHackSecure" Langley CTO at HackingHub

Organized by Bug Bounty Village

Let's cut through the BS - if you're not using regex properly, you're leaving money on the table as a hacker. This workshop shows you how regex can crack open targets that automated tools miss.

We'll skip the boring theory and jump straight into the good stuff: how to use regex to find juicy endpoints, bypass filters, and automate your recon. You'll learn how actual hackers use regex to:

Break postMessage filters and CORS rules that "look" secure
Turn harmless open redirects into account takeovers
Spot SSRF opportunities that scanners don't catch
Rip through JavaScript files to find hidden APIs and endpoints
Find interesting hosts, secrets and keys in GitHub repos before others do

1 Hour. Hands on. Come hack!

Ben "nahamsec" Sadeghipour

Ben Sadeghipour, better known as NahamSec, is an ethical hacker, content creator, and keynote speaker. Over his career, Ben has uncovered thousands of security vulnerabilities for major organizations, including Amazon, Apple, Zoom, Meta, Google, and the U.S. Department of Defense. As a top-ranked bug bounty hunter, he is deeply passionate about cybersecurity education, regularly sharing his knowledge through his popular YouTube channel and speaking at major conferences like DEFCON and BSides. Beyond his personal achievements, Ben is committed to building the security community, organizing events that foster collaboration, innovation, and the next generation of offensive security professionals.

Adam "BuildHackSecure" Langley

For over 20 years, Adam has balanced the worlds of application security and web development. He currently serves as the CTO of HackingHub and the Director of BSides Exeter. Over the past five years, he has combined his expertise to create and deliver gamified educational content, aimed at teaching the next generation of ethical hackers and developers about web application security.

Gold Bug: Puzzle Panel with Friends

Saturday 10:00 for 60 minutes, at LVCC - L2 - W233 (Creator Stage 1)

The Gold Bug Team 2025, Psychoholics

Organized by Crypto Privacy Village

The Gold Bug Team 2025, Psychoholics

Psychoholics is a group of nerds that love solving puzzles, drinking drinks, and doing escape rooms. We love competing in contests and CTFs, and we also run TFH, Crash&Compile and Dungeons@Defcon. Oh, and we have a Krux. 110001011100001111101 100011100110001101101

Private, Private, Private: Access Everywhere

Saturday 10:15 for 45 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Meghan "CarpeDiemT3ch" Jacquot

Organized by BBWIC Foundation

All human beings have three lives: public, private, and secret.” ― Gabriel García Márquez

This workshop will focus on our public and private lives, as well as things one might want to keep secret. If all of your data is public, then anyone can access everything everywhere. While access everywhere is the theme of DC 33, we will focus on shutting down access to your data. Being private can help set you free. We will go over both OSINT techniques to see what an individual’s footprint is and then also go over obfuscation techniques to lessen that footprint. Attendees of this workshop should bring their device and be ready to work on becoming more private.

Meghan "CarpeDiemT3ch" Jacquot

Meghan Jacquot is a Cybersecurity Engineer and focuses on offensive security, risk, and resilience. Meghan shares her research via conferences and publications. Throughout the year, she helps a variety of organizations and folks including DEF CON as a SOC GOON, Diana Initiative, and OWASP. She often reviews CFP and mentors new speakers. To relax she also spends time visiting national parks with her partner, reading, gardening, and hanging with her chinchilla. You may see her with the DC Book Club as she also leads that group. She’s happy to connect with others on social media with her handle CarpeDiemT3ch.

How Computers Kill People: Marine Systems

Saturday 10:30 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Michael DeVolld ABS Group

Austin Reid ABS Group

Organized by Maritime Hacking Village

As digital systems increasingly control the world’s most powerful machines, software failures have become a silent but deadly threat—sometimes with fatal consequences. This DEFCON presentation dives deep into maritime and military incidents where software errors, automation missteps, and human-computer interface flaws have led to catastrophic outcomes. Reviewing the USS Yorktown’s infamous “Smart Ship” crash and the USS Vincennes’ tragic misidentification of a civilian airliner, we dissect how code, configuration, and design choices can escalate into life-or-death situations at sea. We’ll also draw parallels to high-profile aviation incidents like the Boeing 737 Max and F-35, illustrating common threads in software assurance failures across domains. We’ll walk through how a subtle software flaw could be exploited to disrupt critical vessel operations, and what this means for the future of maritime cybersecurity. Attendees will gain insight into the technical, organizational, and ethical challenges of securing mission-critical systems, and leave with practical takeaways for hackers, engineers, and policymakers seeking to prevent the next digital disaster on the high seas.

Links:
maritimehackingvillage.com/dc33/talks

Michael DeVolld

With 25 years of experience in the maritime sector, Michael is dedicated to ensuring the safety and security of the global Maritime Transportation System (MTS). A retired US Coast Guard Officer, he has conducted numerous safety and compliance inspections, investigated high-profile marine casualties, and established a cybersecurity program at USCG Cyber Command. Previously, as a Business Information Security Officer for Royal Caribbean Group, Michael developed strategies to maintain the cybersecurity and regulatory compliance of the company's global cruise fleet. Holding a B.S. in Computer Science and an M.S. in Telecommunications, he currently serves as ABS Consulting's Maritime Cybersecurity Director. In this role, he specializes in managing cyber risks, implementing technical solutions, shaping policy and governance, providing expert advisory services, and designing custom solutions to meet maritime regulatory requirements and best practices.

Austin Reid

Austin Reid is a senior consultant at ABS Consulting specializing in securing maritime operational technology with 10 years experience in the Maritime sector from breakbulk, automated container terminal ops, and securing critical vessel systems for all types of ships. He is also a hacker, and security researcher specializing in maritime navigation control systems.

LinkedIn
Website

Oblivious computation, from theory to practice

Saturday 11:00 for 30 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Chelsea Button Cryptocurrency Education Initiative

Elaine Shi Professor at Carnegie Mellon University

Afonso Tinoco Carnegie Mellon University

Organized by Cryptocurrency Community

Traditional encrypted databases encrypt only the data contents but do not hide accesses to the data. Such accesses can leak highly sensitive information in practical applications like contact discovery, blockchains, and large language models. In this talk, Elaine Shi will describe what is oblivious computation, and how to construct simple and provably secure algorithms for oblivious computation. She will also cover the broad applications of oblivious computation including in Signal and Ethereum's (intended) use cases.

Chelsea Button

Chelsea is a lawyer specializing in consumer finance, data and technology. She advises clients on updates in the law and defends them in litigation. She is a cryptocurrency advocate, with multiple professional publications.

Elaine Shi

Elaine Shi is a professor in Carnegie Mellon University. Her research interests include cryptography, security, mechanism design, algorithms, foundations of blockchains, and programming languages. She is a co-founder of Oblivious Labs, Inc. Her research on Oblivious RAM and differentially private algorithms have been adopted by Signal, Meta, and Google. She is a Packard Fellow, a Sloan Fellow, an ACM Fellow, and an IACR Fellow.

Twitter (@ElaineRShi)
Website

Afonso Tinoco

Afonso Tinoco is a PhD candidate currently on leave from Carnegie Mellon University and University of Lisbon. His research interests include Applied Cryptography and Distributed System Verification. He is a Co-Founder and a Research Engineer at Oblivious Labs, Inc. (https://obliviouslabs.com). Oblivious Lab’s mission is to develop open-source toolchains for Oblivious Computation (https://github.com/obliviouslabs/), with the goal of accelerating the wide deployment of Oblivious Computations. He is also a co-captain of STT (https://sectt.github.io/) , the CTF team of University of Lisbon.

Malware in the gist: How malicious packages on npm bypass existing security tools

Saturday 11:00 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Paul "6mile" McCarty Head of Research at Safety

Organized by Adversary Village

npm is owned by Microsoft and is the world’s largest software registry. It hosts nearly 5 million packages and 4.5 trillion requests for packages were made to npm in 2024. The open and accessible nature of npm is one of its main features, but its also one of the reasons that threat actors are attracted to it. A recent study by Sonatype found that 98.5% of malicious software packages are hosted and delivered via npm.

This technical deep-dive will explain why npm is so good at delivering malware; expose how threat actors are using npm; and why existing security tools like SCA, SAST, EDR and anti-virus solutions will not protect you from npm based malware.

Key Topics:

Technical analysis of how attackers leverage npm's unique characteristics (namespace claiming, pre/post install scripts, package name recycling) to deliver successful malware
Why existing security solutions like SCA, SAST, EDR and anti-virus won’t find npm based malware
Comparative analysis of attack patterns across different threat actors (researchers, crypto thieves, criminal APTs, nation-states)
Introduction to OSV, GHSA and other resources to help your teams stay informed about new malcious packages

Paul "6mile" McCarty

Paul is the Head of Research at Safety (safetycli.com) and a DevSecOps OG. He loves software supply chain research and delivering supply chain offensive security training and engagements. He's spent the last two years deep-diving into npm and has made several discoveries about the ecosystem. Paul founded multiple startups starting in the '90s, with UtahConnect, SecureStack in 2017, and SourceCodeRED in 2023. Paul has worked for NASA, Boeing, Blue Cross/Blue Shield, John Deere, the US military, the Australian government and several startups over the last 30 years. Paul is a frequent open-source contributor and author of several DevSecOps, software supply chain and threat modelling projects. He’s currently writing a book entitled “Hacking NPM”, and when he’s not doing that, he’s snowboarding with his wife and 3 amazing kids.

Bsky (6mile.githax.com)
LinkedIn
Website

Illuminating the Dark Corners of AI: Extracting Private Data from AI Models and Vector Embeddings

Saturday 11:00 for 60 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Patrick Walsh

Organized by Crypto Privacy Village

This talk explores the hidden risks in apps leveraging modern AI systems—especially those using large language models (LLMs) and retrieval-augmented generation (RAG) workflows. We demonstrate how sensitive data, such as personally identifiable information (PII) and social security numbers, can be extracted through real-world attacks. We’ll demonstrate model inversion attacks targeting fine-tuned models, and embedding inversion attacks on vector databases among others. The point is to show how PII scanning tools fail to recognize the rich data that lives in these systems and how much of privacy disaster these AI ecosystems really are.

Patrick Walsh

Patrick Walsh has an over 20 year history of running threat research and engineering teams overseeing products ranging from anti-virus and intrusion prevention to enterprise cloud software. He is a long-time advocate for privacy and security and holds multiple patents in that space. Patrick now leads IronCore Labs, an application data protection platform that uses encryption to protect data stored in the cloud while keeping it searchable and usable. Outside of work, he enjoys the outdoors, photography, hacking, lock picking, biking, swimming, and magic.

Red teaming fraud prevention systems with GenAI

Saturday 11:00 for 60 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Karthik Tadinada Fortify Solutions

Martyn Higson CTO at Fincrime Dynamics

Organized by Payment Village

Fraudsters are innovative and persistent, constantly trying out variations of attacks to breach fraud defenses. The advent of gen AI has made it easier for fraudsters to experiment. This talk will outline ways in which LLMs can be used to test the resilience of your fraud systems to fraudster attacks.

Karthik Tadinada

Karthik is the founder and CEO of Fortify Solutions, a provider of fraud and financial crime prevention solutions. Karthik has over a dozen years of experience in building fraud prevention systems at international scale, having built systems for IATA, EFhe debit card network of Australia), TSYS and WorldPay.

Martyn Higson

Martyn is CTO at Fincrime Dynamics, a synthetic data company for prevention of fraud and financial crime. Martyn has been responsible for deploying major fraud prevention systems in his prior roles at Featurespace.

No Brain No Gain

Saturday 11:00 for 60 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Mehmet Önder Key Self

Temel Demir Cybersecurity Lead at KPMG

Ahmet Furkan Aydogan, Dr. Assistant Professor of Computer Science at UNCW

Organized by IOT Village

Traditional digital security often falls short when applied to IoT environments, where devices are limited in processing power and exposed to a wider range of threats. Human vulnerabilities—especially against deepfake-style attacks—further weaken current systems. Static biometrics like fingerprints or facial scans are no longer enough. This work proposes a new direction: using the brain’s unique electrical activity (EEG signals) as a security layer. These dynamic, hard-to-replicate patterns offer a way to authenticate users without storing sensitive data or relying on heavy computation. By grounding trust in the user’s own biological signals, this approach offers a lightweight, resilient solution tailored to the constraints of modern IoT devices.

Mehmet Önder Key

Önder Key is a cybersecurity consultant specializing in critical infrastructure security, zero-day vulnerability analysis, and offensive security. He has advised organizations in high-security sectors such as defense, aerospace, and finance, with hands-on experience in both red teaming and strategic security engineering. His work has been featured across numerous countries and platforms, contributing to the discovery of systemic vulnerabilities. Currently, he provides consultancy to Burkut, Ogrit, Ravenailabs and continues to advance the global offensive security ecosystem by challenging traditional approaches to cybersecurity.

Temel Demir

Ahmet Furkan Aydogan, Dr.

Scamming the Scammers: Weaponizing Open Source Against Pig Butchering and Organized Crime

Saturday 11:00 for 60 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Erin West Operation Shamrock

Organized by Payment Village

Pig butchering scams are bleeding victims dry—more than $75 billion stolen globally—while thousands of trafficked slaves are forced to run these cons from scam compounds across Asia. These aren’t your typical romance scams; they’re military-grade psychological ops backed by transnational crime syndicates that have turned heartbreak into their most profitable business model. I’ll expose the full scope of this nightmare, tear apart the tech infrastructure behind it, and show how Operation Shamrock is fighting back. But here’s the thing—we need you in this fight. With open-source tools and good old-fashioned hacker ingenuity, we can educate potential marks, mobilize communities, and actively disrupt these criminal networks. No more sitting on the sidelines while these criminals destroy lives and exploit trafficking victims. It’s time to weaponize our skills and show these criminals what happens when they mess with the wrong community. Ready to scam the scammers?

Erin West

Erin West used to put crypto criminals behind bars. Now she’s coming for the whole network. She’s a former career prosecutor, and now the founder of Operation Shamrock, a global nonprofit taking the fight to the scam lords running billion-dollar pig butchering ops out of trafficking compounds. She also hosts the podcast Stolen, where she exposes how love, crypto, and psy-ops fuel the internet’s darkest economy.

LinkedIn
Website

Red Alerts and Blue Oceans: Incident Response from a Sysadmin’s War Room in Maritime Ops

Saturday 11:30 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Capt. Kit Louttit Marine Exchange of Southern California

Steve Winston Mastermind MSP

Organized by Maritime Hacking Village

Cyber Security threats encountered in the Maritime Industry from both an Executive and Technical Perspective. The presentation is based on current events and starts with the Executive Director of The Marine Exchange of Southern California giving his side of the story followed by the technical and first-hand incident response breakdown from the Senior Systems Administrator.

Links:
maritimehackingvillage.com/dc33/talks

Capt. Kit Louttit

Captain Kip Louttit was appointed as the Executive Director of the Marine Exchange of Southern California in January 2013. A graduate of the United States Coast Guard Academy, he served in the United States Coast Guard (USCG) for 30 years prior to retiring with the rank of Captain. Captain Louttit’s experience includes 10 years at sea in the Atlantic and Pacific Oceans and the Bering, Mediterranean, and Caribbean Seas. He had six years in command of three different Coast Guard cutters and two years as commanding officer of USCG Integrated Support Command in San Pedro. Following retirement from the Coast Guard, Captain Louttit worked for two consulting firms on Coast Guard and Pentagon work.

Steve Winston

Senior Systems Administrator and CASP-certified cybersecurity professional with over 9 years of experience supporting a broad spectrum of IT environments. Has worked with more than 30 organizations across finance, healthcare, manufacturing, and critical infrastructure, bringing a practitioner’s perspective to enterprise defense. Specializes in securing hybrid infrastructures, implementing proactive threat mitigation strategies, and translating complex security requirements into operationally sound solutions. Combines deep systems knowledge with an adversarial mindset to challenge assumptions and close real-world security gaps.

LinkedIn
Website

DDoS: The Next Generation

Saturday 12:00 for 60 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Andrew Cockburn Netscout

Organized by DDoS Community

Future of DDoS Attacks and Prevention

Andrew Cockburn

What’s Really in the Box? The Case for Hardware Provenance and HBOMs

Saturday 12:00 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Allan Friedman Adjunct Professor of Informatics at the Luddy School of Informatics, Computing, and Engineering at Indiana University

Organized by IOT Village

As software supply chains embrace transparency through SBOMs, hardware remains a black box. Yet the chips inside our IoT devices carry just as much — if not more — risk. From cloned components to opaque fabs, the semiconductor supply chain is fast becoming a national security flashpoint. Governments are scrambling to respond with blunt tools like bans and onshoring, but these approaches are slow, costly, and often impractical. Traditional BOMs focus on procurement and production — what gets bought and assembled — but they rarely capture origin, integrity, or risk context. They weren’t built to expose inter-organizational dependencies or detect supply chain manipulation. Enter the HBOM Initiative — a new effort to bring visibility, traceability, and accountability to the hardware supply chain. By developing tools and practices for a hardware bill of materials (HBOM), we aim to expose hidden risks, trace chip provenance, and empower sectors to make smarter, risk-informed decisions without sacrificing adaptability or innovation. This talk will explore why HBOMs are inevitable, what makes them hard, and how the hacker and security community can help shape the future of hardware trust.

Allan Friedman

Dr. Allan Friedman is internationally recognized for leading the global Software Bill of Materials (SBOM) movement, transforming it from a niche idea into a widely adopted pillar of cybersecurity policy and practice. Over his decade in public service, Friedman held senior roles at the Cybersecurity and Infrastructure Security Agency (CISA) and the National Telecommunications and Information Administration (NTIA), where he built and led groundbreaking efforts on SBOM, coordinated vulnerability disclosure, and IoT security. He has partnered with governments and regulators in Europe and Asia, and continues to advise public- and private-sector organizations on building trust and resilience into the systems that matter most.

Before his time in government, Friedman spent over a decade as a researcher and technologist, holding positions at Harvard University’s Computer Science department, the Brookings Institution, and George Washington University’s Engineering School.

Cracking Chaos: Making, Using, and Breaking PRNGs

Saturday 12:00 for 60 minutes, at LVCC - L2 - W229 (Creator Stage 5)

1nfocalypse

Organized by Crypto Privacy Village

Pseudo-Random Number Generators are often overlooked and core features of our computational experience. From research and processes irrelevant to security (i.e. Monte-Carlo simulations) to essential security functionality like secret generation, random number generation plays a significant part in our ability to utilize the modern internet. In turn, they have a unique history, threat model, and set of applications. We will discuss the history of pseudo-random number generation, the types of random number generators, where they are supposed to be utilized, and how to break them, when relevant. Additionally, we will discuss the future direction of random number generation in light of preparation for the advent of large-scale quantum computing.

1nfocalypse

1nfocalypse is a software engineer with an interest in coding theory, cryptography, and numerical analysis. He is currently working on portions of libstdc++-v3 and enjoys implementing/tinkering with cryptographic primitives and standards.

Sometimes you find bugs, sometimes bugs find you

Saturday 12:00 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Jasmin "JR0ch17" Landry

Organized by Bug Bounty Village

Bug bounty hunting is often portrayed as methodical recon, crafted payloads, and targeted testing. But sometimes, the most interesting vulnerabilities don’t come from planned attacks — they come from the chaos. In this talk, I’ll walk through a handful of real bugs I’ve reported over the years that found me instead. From unexpected blind XSS triggers in places I wasn’t even actively testing, to getting quietly added to internal distribution lists and receiving sensitive data I never asked for, to those classic “WTF” moments that every seasoned hunter has experienced — this talk highlights the unpredictable and serendipitous side of bug bounty.

We’ll explore how these moments happened, what they revealed about the systems in question, and what they taught me about staying alert beyond traditional recon. Whether you’re an experienced hunter or just getting started, this talk is a reminder that in bug bounty, sometimes the best findings aren’t hunted — they’re stumbled into.

Jasmin "JR0ch17" Landry

Jasmin Landry is a seasoned ethical hacker and full-time bug bounty hunter who has reported hundreds of security vulnerabilities to some of the world’s largest tech companies. After years leading cybersecurity efforts as Senior Director of Information Security at Nasdaq, Jasmin returned to his roots in hacking — now focusing exclusively on uncovering critical bugs through bug bounty platforms. Recognized at multiple live hacking events for top findings, he brings a sharp eye for unexpected issues and a deep understanding of modern attack surfaces. He’s also a co-leader of OWASP Montréal and an active voice in the security research community.

From Pwn to Plan: Turning Physical Exploits Into Upgrades

Saturday 12:00 for 60 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Shawn

Organized by Physical Security Village

Everyone loves breaking in—but that’s just step 7 out of 10. This session explores what it really takes to run a physical pen test that's not just exciting, but also safe, smart, and worth the money for your company or client. We'll follow the full journey - from breach-focused OSINT and recon, to delivering findings that teams act on. Expect war stories, dumb mistakes, and smart takeaways as you learn how to turn a good break-in into a lasting impact.

Shawn

Too many security programs bring a clipboard to a gunfight. Shawn helps companies match and defend against the adversary's tactics - no firearms required. As an adversary for hire, Shawn leads physical red teams that test Fortune 100s, government agencies, and critical infrastructure. He started the largest physical red team in Silicone Valley and teaches security risk management and red teaming to cybersecurity graduate students. From fake badges to forged businesses, kidnapping executives to smuggling weapons, he runs ops that find the gaps in physical security before the bad guys do.

Mastodon (@Shabe@infosec.exchange)

How NOT to Perform Covert Entry Assessments by WeHackPeople.com

Saturday 12:00 for 60 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Brent White WeHackPeople.com / Dark Wolf Solutions

Tim Roberts WeHackPeople.com / Dark Wolf Solutions

Organized by Physical Security Village

"How NOT to Perform a Covert Entry Assessment" is a no B.S. discussion that covers what not to do during covert entry engagements--highlighting real-world mistakes, busted Hollywood myths, and missteps that compromise success. We’ll walk through effective techniques for physical site surveys, face-to-face social engineering, and real-time troubleshooting when things go sideways. Attendees will be encouraged to share experiences and lessons learned in an open, interactive format. We’ll also demo our covert entry tools, and discuss how to deliver reliable results to both commercial and high-security government clients.

Links:
wehackpeople.wordpress.com/2025/06/20/def-con-33-how-not-to-perform-covert-entry-assessments/

Brent White

Brent is a Sr. Principal Security Consultant / Covert Entry Specialist with Dark Wolf Solutions, specializing in social engineering and Red Team-style security assessments for both commercial and Department of Defense clients, as well as his contributions towards the development the drone hacking methodology for the Defense Innovation Unit's "Blue sUAS" initiative. He also served as a trusted adviser for the TN Dept of Safety and Homeland Security on the topic of physical and cyber security and has held the role of Web/Project Manager and IT Security Director for a global franchise company as well as Web Manager and information security positions for multiple TV personalities.

He has also been interviewed on the popular web series, “Hak5” with Darren Kitchen, Security Weekly, BBC News, featured with Tim Roberts on the popular series "ProfilingEvil" by Mike King, and on Microsoft’s “Roadtrip Nation” television series. His experience includes Internal/External Penetration, Network evasion, Wireless, Web Application, Drone and Physical Security assessments, and Social Engineering.

Brent has also spoken at numerous security conferences, including ISSA International, DEF CON, Black Hat, DerbyCon, multiple "B-Sides" conference events, Appalachian Institute of Digital Evidence conference at Marshall University, and many more.

LinkedIn
Website

Tim Roberts

Tim is a Covert Entry Specialist with Dark Wolf Solutions and Sr. Principal Penetration Tester. He is the founding member of the Lexington DEF CON group (DC859). He has been interviewed on the subject of “White hat hacking” for Microsoft’s “Roadtrip Nation” television series, was featured on IDG Enterprise’s CSO Online publication by Ryan Francis on social engineering, and was interviewed at Black Hat by HelpNetSecurity on security awareness and “Know Your Adversary”. He and Brent White have also been featured a couple of times on the true crime series Profiling Evil with Mike King.

Tim has over fifteen years of professional security experience and has held management, IT, and physical security roles across multiple industries, including healthcare, finance, and government. His experience includes Red Team, Internal/External Network, Wireless, Application, Physical Security, Social Engineering, and more.

Tim has spoken and conducted training at numerous security and hacker conferences, including ISSA International, DEF CON, DerbyCon, NolaCon, various B-Sides, CircleCityCon, Techno Security Con, SaintCon, Appalachian Institute of Digital Evidence at Marshall University, Who’s Your Hacker, was keynote for the S&H Law – FBI/Hacker Panel, and more. By continuing to share these experiences, he hopes to further contribute to the InfoSec community and security awareness as a whole.

LinkedIn
Website

Boarding the VSAT: Real-World Exploits, Testbed Validation, and Policy Gaps in Maritime Connectivity

Saturday 12:30 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Juwon Cho Yonsei University

Organized by Maritime Hacking Village

Despite their widespread use in maritime and remote communication environments, VSAT systems have not received sufficient attention regarding their security vulnerabilities. Recent incidents, such as the Lab Dookhtegan hacker group's attack on Iranian ship networks and the demonstration of firmware reverse engineering and remote root exploitation targeting VSAT modems (e.g., Newtec MDM2200) at DEFCON, highlight the critical security challenges associated with VSAT systems. Against this backdrop, our research team presents a detailed overview of our ongoing research since 2023, encompassing the collection and re-hosting of VSAT firmware, as well as systematic vulnerability analysis through the ACU web interface. Specifically, we provide an in-depth analysis and demonstration of recently discovered VSAT ACU web vulnerabilities (CVE-2023-44852 ~ CVE-2023-44857). Additionally, we describe the application of experimental testbed environments based on the methodology proposed in the paper "Securing Maritime Autonomous Surface Ships: Cyber Threat Scenarios and Testbed Validation." This research aims to thoroughly analyze the security vulnerabilities and attack potentials inherent in VSAT systems, emphasizing the importance of strengthening maritime cyber security and fostering international collaboration, while providing practical recommendations for policy and technological enhancements.

Juwon Cho

Juwon Cho is currently pursuing a Master’s degree in Information Security at Yonsei University, where his research focuses on AI security, particularly jailbreak attacks on large language models. He is actively exploring methods to evaluate and strengthen the robustness of generative AI through adversarial prompting and system-level analysis. He was selected as one of the Top 30 participants in the 12th Best of Best program at KITRI, completing intensive training in security strategy and product development. He also received the Excellent Award at the Chungcheong Cybersecurity Conference in September 2023 for his team’s work on scenario-based analysis of cyber threats in critical infrastructure.

seclab.yonsei.ac.kr/people

Here and Now: Exploiting the Human Layer at the Right Moment

Saturday 12:30 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Daniel Isler Awareness & Social Engineering Consultant - Team Leader - Dreamlab Technologies

Organized by Adversary Village

Gaining access isn’t always about having the perfect pretext. Sometimes, it’s about recognizing subtle shifts in the environment, reading behavioral cues, and adapting on the fly. The best social engineers, like master photographers, don’t just plan—they wait for the decisive moment and take action when the time is right.

This session unpacks a real-world infiltration where success wasn’t about meticulous scripting, but about understanding when and how to pivot in real time. By integrating principles from photography, literature, theater, and deception, we explore how presence, timing, and perception shape the art of infiltration.

Daniel Isler

Bachelor in Arts of Representation. With certifications in Social Engineering, Red Team & OSINT. Team Leader of Fr1endly RATs, the Social Engineering unit at Dreamlab Technologies Chile. Specializing and developing techniques and methodologies for simulations of Phishing attacks, Vishing, Pretexting, Physical Intrusions and Red Team.

DEF CON Groups (DCGs): Keeping the Signal Alive All Year Long

Saturday 13:00 for 60 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Adam915 DCG Dept

Jayson E. Street Chief Adversarial Officer at Secure Yeti

Alethe Denis DCG Dept Red Team at Bishop Fox

Organized by DEF CON Groups (DCG)

Explores how DCGs extend the DEF CON ethos year-round. Shares practical stories of how local group POCs foster community. Encourages attendees to connect with their local group or form their own group in the absence of a DCG.

Links:
defcongroups.org

Adam915

DEF CON Groups Global Coordinator

Jayson E. Street

Jayson E. Street referred to in the past as: a "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series, and described as a "paunchy hacker" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.

He is the Chief Adversarial Officer at Secure Yeti and the author of the "Dissecting the hack: Series" (which is currently required reading at 5 colleges in 3 countries that he knows of). Jayson is also the DEF CON Groups Global Ambassador. He's spoken at DEF CON, DEF CON China, GRRCon, SAINTCON & at several other CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.

He loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once, all others he was supposed to)!

He is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far, but if they are please note he was proud to be chosen as one of Time's persons of the year for 2006.

LinkedIn
Mastodon (@Jayson@defcon.social)

Alethe Denis

DEF CON Groups Dept 2nd Lead

LinkedIn
Website

Deploying Deception in Depth for ICS

Saturday 13:00 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Brent Muir Google

Organized by ICS Village

This session will introduce the strategy of designing and deploying deception strategies across ICS environments, by leveraging and operationalizing the Mitre Engage adversarial framework. This presentation will discuss the complexities related to deploying deception within ICS environments, and how to design a deception strategy geared towards the adversaries targeting your environment. A real-world case study, focusing on APT44, will demonstrate how to implement a deception strategy for Critical Infrastructure organisations.

Brent Muir

Brent has over 18 years experience working in the cybersecurity industry. He spent 12 years working in the Australian government sector, including Law Enforcement agencies, leading national cyber teams. Following his government work, Brent led the global digital forensics and incident response team for a Fortune 500 bank. His expertise has led him to working directly with C-Suite and Crisis Management teams, handling large-scale cyber incidents, including APT-linked cyber espionage campaigns. In addition to government and financial sectors, Brent has extensive experience working in Operational Technology industries, including telecommunications and energy providers.

Breaking the Chain: Advanced Offensive Strategies in the Software Supply Chain

Saturday 13:00 for 60 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Roni "lupin" Carta Lupin & Homes

Adnan Khan AWS

Organized by Bug Bounty Village

Malicious packages have grown 156% YoY for supply chain security and supply chain attacks cost organizations $41 billion in 2023 (projected to reach $81 billion by 2026). This session underscores the urgent need to re-examine our defensive postures for software supply chain security by taking an offensive security perspective.

Our talk explains the offensive security methods in the software supply chain, exploring how attackers can compromise entire organizations by targeting each layer of the supply chain.

We define the attack surface, which spans the source, build, and distribution phases, and then showcase advanced techniques used to exploit these components. Drawing on our in-depth research, we demonstrate real-world exploits including supply chain hacks that backdoor hidden dependency links resulting in financial gain for attackers and harm to millions of companies.

Attendees will learn not only how these vulnerabilities are discovered and exploited but also how to apply offensive insights to reinforce their security practices.

Roni "lupin" Carta

Roni Carta, known as Lupin and co-founder of Lupin & Holmes, is an ethical hacker specializing in offensive cybersecurity, with a strong background in bug bounty hunting, including a $50,000 reward for hacking Google AI, red teaming at ManoMano, and significant research into software supply chain vulnerabilities, notably presenting at DEF CON 32 and recently reporting a hack of Google's AI Gemini; his diverse technical skills range from ATO and RCE exploits to supply chain security, earning him recognition in various cybersecurity competitions.

Adnan Khan

Deepfake Image and Video Detection

Saturday 13:00 for 60 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Mike Raggo Security Researcher at SilentSignals

Organized by Packet Hacking Village

Performing analysis of fake images and videos can be challenging considering the plethora of techniques that can be used to create a deepfake. In this session, we'll explore methods for identifying fake images and videos whether created by AI, photoshopped, or GAN-generated media. We'll then use this for the basis of a live demonstration walking through methods of exposing signs of alteration or AI generation using more than a dozen techniques to expose these forgeries. We'll also highlight a free GPT tool for performing your own analysis. Finally, we'll provide additional resources and thoughts for the future of deepfake detection.

Mike Raggo

Michael T. Raggo has over 30 years of security research experience. During this time, he has uncovered and ethically disclosed vulnerabilities in products including Samsung, Checkpoint, and Netgear. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” for Syngress Book. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, SANS. He was also awarded the Pentagon’s Certificate of Appreciation.

Passive and Active Attacks on TPMS Systems

Saturday 13:00 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Yago Lizarribar

Organized by Car Hacking Village

In this talk we want to dive deep into the world of direct TPMS. These systems are used by a great portion of the cars today, and typically send information about a car’s tires wirelessly without any encryption or authentication. We show that it is feasible to capture these signals with very low cost hardware to build a tracking infrastructure. We present as well a tool that allows us to create custom TPMS messages and spoof the ECU of different cars.

Yago Lizarribar

What Game Hackers teach us about Offensive Security and Red Teaming

Saturday 13:00 for 45 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Joe "Juno" Aurelio Security Researcher

Organized by GameHacking.GG

Game cheats and malware share the same stealthy DNA - this talk breaks down how. We’ll explore cheat loaders and draw parallels between anti-cheat countermeasures and enterprise EDR techniques.

Joe "Juno" Aurelio

Joe Aurelio is a distinguished security researcher with over a decade of hands-on experience in vulnerability research, reverse engineering, and mobile security. He currently leads teams of researchers in the private sector securing large-scale technology platforms. His expertise spans both the private and defense sectors, with a track record of uncovering critical security vulnerabilities in mobile applications and complex infrastructure affecting millions of users. In addition to his work in traditional security domains, he channels his passion for cybersecurity education with a unique interest in exploring game hacking techniques. He is a lead of the Game Hacking Village, where he teaches security by turning game hacks into ethical and engaging educational tools. Joe has a broad background in security, underscored by the highly respected OSCP certification and a Master’s degree in computer science.

Examining Access Control Vulnerabilities in GraphQL - A Feeld Case Study

Saturday 13:30 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Bogdan Tiron Co-founder and Senior Pentester at FORTBRIDGE

Organized by Mobile Hacking Community

This talk explores the importance of implementing robust access controls in GraphQL and REST APIs and the severe consequences when these controls are not properly enforced. GraphQL, a flexible data query language, allows clients to request exactly the data they need, but without proper access control mechanisms, sensitive data can be easily exposed. Using the Feeld dating app as a case study, we will dive into a critical security review of how the lack of access controls in GraphQL and REST endpoints led to the exposure of users' personal data, including sensitive photos, videos and private messages. This session will highlight common access control vulnerabilities in GraphQL and REST implementations , real-world examples of security lapses, their impact and remediation.

        We dive into a critical security review of the Feeld dating app.

        Feeld, known for its unique features that cater to a wide range of preferences and relationships, unfortunately had serious security vulnerabilities that exposed users' private data, including sensitive photos and personal information.

        Here's what we uncovered:
        1- Profile information was accessible to non-premium users.
        2- Other people's messages could be read without proper authentication.
        3- Photos and videos from chats were exposed unauthenticated.
        4- The ability to delete, recover, and edit other people's messages.
        5- Profile information could be updated by anyone.
        6- Unauthorized likes from any profile.
        7- Messages could be sent in other users' chats.
        8- Viewing others' matches without permission.

Bogdan Tiron

Bogdan Tiron is a seasoned security consultant with over 10 years of experience specializing in application security. He has a proven track record of enhancing security measures for leading organizations, including bet365, JPMorgan Bank, GFK, HSBC, Lloyds Bank, and WorldRemit. Throughout his career, Bogdan has held various roles, including application security consultant, pentester, security architect, and DevSecOps specialist. Four years ago, recognizing a gap in quality within the pentesting industry, he co-founded FORTBRIDGE, a cybersecurity consulting company that offers pentesting, phishing, and red-teaming services to clients seeking to enhance their security posture. Passionate about staying ahead of emerging threats, Bogdan is dedicated to fostering a culture of security within organizations and empowering teams to integrate security practices seamlessly into their workflows.

Reconfigurable HSMs: Future-Proofing Hardware Security Against Evolving Threats

Saturday 13:30 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Pablo Trujillo Founder at ControlPaths Eng.

Organized by Crypto Privacy Village

As cryptographic algorithms evolve and new vulnerabilities emerge, traditional Hardware Security Modules (HSMs) face a critical limitation: their rigidity. This talk introduces a novel approach to hardware-based security using reconfigurable HSMs built on FPGA technology. Unlike fixed-function HSMs, reconfigurable HSMs can be updated post-deployment, allowing organizations to adapt to cryptographic breakthroughs or deprecations without replacing hardware.

Pablo Trujillo

Pablo has been an FPGA designer for over 10 years, specializing in digital signal processing and control algorithms, with a strong focus on their implementation in FPGA-based systems. He is the founder of ControlPaths Eng., a consultancy dedicated to electronic design and FPGA development. In addition to his professional work, Pablo authors the blog controlpaths.com, where he regularly publishes articles on FPGAs, SoCs, and hardware acceleration.

Pablo es diseñador de FPGA con más de 10 años de experiencia. Está especializado en procesado digital de señal e implementación de algoritmos de control sobre FPGA. Además de su trabajo, escribe regularmente en el blog controlpaths.com, donde investiga y publica artículos sobre procesado digital de señal en FPGA, y aceleración HW. Ha sido ponente en algunas charlas en España y Europa como AsturconTech (Asturias), Vicon (Vigo) o Embedded World (Nuremberg).

LinkedIn
Website

The Things know What You Did Last Session

Saturday 13:45 for 30 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Will Bagget Operation Safe Escape

Organized by IOT Village

I will cover the tools available in the corporate network, the limitations of remote investigations, and the signatures of threat actors. All examples are cases I have actively worked in the past two years. This will range from the individual threat- timecard fraud identified thru network logs which led to the geolocation of an automated fingerprint device hidden in a facility to large numbers of contractors working in denied areas to ultimately the identification and mitigation of North Korean IT worker fraud within the network. 1. Speaker intro and brief background 1. On-site contractor must be on site daily between 9-5 but there was little work. They connected an older generation iPhone to the visitor network and hid it within a box in a cubicle away from foot traffic. 1. The device had the timecard app for $company which required a manual fingerprint touch/swipe geolocated to the customer site daily. 2. The contractor automated a device to have a synthetic flesh covering over a robotic finger which would press log in at 0900 and logout at 5pm monday-friday 3. The device was discovered by janitors and assumed to be an explosive device at first 4. Picture analysis revealed the make/model of the iPhone 5. I gained access to the visitor Wifi logs, found the MAC address of the iPhone/device name (named $contractor name) and the traffic going to the contractor timesheet website Other devices were also found with similar configurations for the user and his manager  2.How I was introduced to the IoT village thru chip off extraction of Chinese voting machine in 2022 by the IOT experts Description of voting machine prototype from china 4g connectivity, bluetooth, wifi but no true data ports for analysis Chip off extraction by IoT village (videos) end result of the analysis and where the images went for national security 3. North Korean IT Fraudulent worker hunting 1. Micro level- piKVM switch hunting on individual network detection level, now turned to an email alert via date ubea 2. Hints and clues via digital forensics- devices added to the workstation that are not related to the users 1. Kim’s iPhones connecting to George’s virtual machine 2. Multiple user devices (verified thru MAC address) connecting to the same workstation 3. Timecards being updated in HR systems in beijing/NK time zone on emulators 1. Can see it’s a linux device android phone whereas most legitimate users are either android or iPhone. Connecting to Wifi VPN router for all connections and forgetting 2fa is tied to the local infrastructure   4. User was being terminated from company A as a fraudulent worker and company B/C screens were in the background. With the screen shot time provided by our partner, I executed a windows event code search in splunk for devices locked within the window of the termination from company A. We ultimately found a full stack dev fitting the description of NKIT suspects with an Astrill VPN. While hunting for this user, we identified one working out of China and spoofing their location. The humint interview, while far from the iOt arena, revealed the user’s deception as they would not open the windows locally to prove they are in the same geographic time zone

Will Bagget

Will Baggett is a Lead Investigator for Digital Forensics and Insider Threat at a Fiscal Infrastructure organization. He is also Director of Digital Forensics at Operation Safe Escape (volunteer role), a non-profit organization providing assistance to victims of domestic abuse.

Surviving the Dataclysm: Resistance through Resilience

Saturday 14:00 for 30 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Rebecah Miller

Organized by Hackers.town Community

We all know that Business Continuity and Disaster Recovery are vitally important to every organization - but what about individuals? Explore how to protect yourself and your loved ones through ever-growing data mining, PII breaches, and socio-political upheaval with best practice BCDR techniques.

Rebecah Miller

Rebecah is a Business Continuity & Disaster Recovery consultant, creating and testing continuity and resilience plans across all organizational sectors. After working through a disaster at a company that was not prepared, she changed careers to focus on security and risk management in an effort to improve the resiliency of others.

OT Network Segmentation Planning, Implementation, and Validation

Saturday 14:00 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Tony Turner Frenos

Organized by ICS Village

This presentation will provide ICS security practitioners with a comprehensive introduction to Operational Technology (OT) network segmentation. As industrial control systems face increasing cyber threats, proper network segmentation has become a critical security control to limit attack surfaces and protect critical infrastructure.

Attendees will learn practical approaches to planning segmentation architectures, implementing controls across OT environments, and validating the effectiveness of their segmentation strategy.

The session blends theoretical concepts with practical implementation guidance suitable for security practitioners with introductory to intermediate knowledge of industrial control systems.

Key topics include: OT Network Segmentation Fundamentals (objectives, benefits, IT/OT differences, reference architectures); Planning Strategies (asset inventory, flow analysis, zone design, risk-based requirements, legacy systems); Implementation Approaches (physical vs. logical separation, DMZs, deep packet inspection, data diodes, appropriate tools); Validation Methods (verification techniques, safe penetration testing, monitoring, measuring success); and Real-World Case Studies with lessons learned and common challenges.

This session is designed for industrial cybersecurity professionals, control system engineers, IT/OT security architects, and other stakeholders responsible for securing operational technology environments. Attendees should have basic familiarity with industrial control systems and networking concepts.

Tony Turner

Tony is a seasoned security architect with over 25 years of experience spanning both IT and OT cybersecurity domains. As VP of Product at Frenos, he leads an AI-driven platform that automates security assessments for operational technology environments.

His diverse background includes critical infrastructure protection at a major US airport, incident command for state government public health systems, engineering disaster recovery operations for hurricane response, and security implementations for global semiconductor and integrated circuit manufacturing facilities.

Tony has developed specialized expertise in vulnerability management, security hardening, application security, secure network infrastructure, supply chain risk management, and Cyber Informed Engineering (CIE). He authored "Software Transparency" and developed the SANS SEC547 course "Defending Product Supply Chains."

As OWASP Orlando chapter lead and Chief Editor for cyberinformedengineering.com, Tony actively promotes security best practices within the industrial community. He also leads defendics.org, a nonprofit focused on advancing Cybersecurity Performance Goals (CPG) and foundational OT security practices for resource-constrained asset owners.

The Missing Link: Draytek’s New RCEs Complete the Chain

Saturday 14:00 for 60 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Octavio Gianatiempo Security Researcher at Faraday and a Computer Science student at the University of Buenos Aires

Gaston Aznarez Security Researcher at Faraday, focused on vulnerability research on IoT and embedded devices.

Organized by Hardware Hacking and Soldering Skills Village (HHV-SSV)

Draytek routers are widely deployed edge devices trusted by thousands of organizations, and therefore remain a high-value target for attackers. Building on our prior DEFCON32 HHV presentation (https://www.youtube.com/watch?v=BiBMsw0N_mQ) on backdooring these devices, where we also exposed six vulnerabilities and released Draytek Arsenal (https://github.com/infobyte/draytek-arsenal), a toolkit to analyze Draytek firmware. We return with two new unauthenticated RCEs: CVE-2024-51138, a buffer overflow in STUN CGI handling, and CVE-2024-51139, an integer overflow in CGI parsing. When chained with our prior persistence techniques, these bugs enable a full device takeover and backdoor from the internet.

This talk provides an in-depth analysis of the new vulnerabilities and their exploitation strategies with demos and the full end-to-end exploitation chain. We’ll also explore their potential link to the mass Draytek reboot incidents of March 2025, suggesting that real-world exploitation of some of these vulnerabilities may already be underway. Attendees will gain insight into edge device exploitation, persistent compromise, and the importance of transparency and tooling in embedded security research.

Octavio Gianatiempo

Gaston Aznarez

Blurred Lines of Cyber Threat Attribution: The Evolving Tactics of North Korean Cyber Threat Actors

Saturday 14:00 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Seongsu Park APT Research team, Staff Threat Researcher at Zscaler

Organized by Adversary Village

Attributing cyber threats to a specific nation-state remains one of the most complex challenges in cybersecurity. Cyber attribution relies on analyzing digital artifacts, infrastructure patterns, and adversary tactics, none of which provide definitive proof on their own. Threat actors continuously evolve, adopting new methodologies and obfuscation techniques that make attribution increasingly difficult. Over the past decade, North Korea’s cyber operations have transformed from rudimentary attacks into highly sophisticated campaigns that rival the capabilities of established cyber powers. Initially, DPRK’s cyber program consisted of loosely organized groups with limited technical capacity, but today, these actors operate under a structured, state-controlled framework with clear strategic objectives. This research presents an in-depth analysis of how DPRK threat actors have adapted, restructured, and collaborated, shedding light on the complexities of nation-state attribution.

Seongsu Park

Seongsu Park(@unpacker) is a passionate researcher on malware research, threat intelligence, and incident response with over a decade of experience in cybersecurity. He has extensive experience in malware researching, evolving attack vectors researching, and threat intelligence with a heavy focus on response to high-skilled North Korea threat actors.

Now he is working in the Zscaler APT Research team as a Staff Threat Researcher and focuses on analyzing and tracking security threats in the APAC region.

Red Teaming Space: Hacking the Final Frontier

Saturday 14:00 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Tim Fowler ETHSO Labs

Organized by Aerospace Village

The new space race is here and as space systems become more interconnected and commercially accessible, their attack surface expands, making them prime targets for cyber threats. Yet, most organizations developing and operating satellites rely on traditional security models, if at all, that do not account for the unique risks of space-based assets. This talk explores the emerging discipline of space red teaming, where offensive security techniques are applied to test and validate the security of satellites, ground stations, and their supporting infrastructure.

In this talk we explore the following:

Understanding the space attack surface:

A breakdown of key vulnerabilities in spacecraft, radio links, and ground control.
Tactics, Techniques, and Procedures (TTPs): How attackers might compromise a space asset, disrupt communications, or manipulate telemetry.
Defensive takeaways: How space operators can leverage red teaming to harden their architectures against real-world threats.

This presentation is ideal for penetration testers, security researchers, space engineers, and policy makers who want to understand the offensive side of space security. Whether you’re an experienced red teamer or just a space junky, this talk will provide practical insights into securing the next frontier.

Tim Fowler

Assessing the Capabilities Gap Between Foundation Models and Cybersecurity Experts: Benchmarks, Safeguards, and Policy

Saturday 14:15 for 45 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Justin W. Lin

Organized by AI Village

Rapid advancements in AI raise important concerns about cybersecurity risks. While existing work shows AI still falls short of human expertise in cybersecurity, we aim to identify indicators of emerging capabilities and risks by studying the gap between AI and expert human performance. We compare top hackers—selected for their proven track record in security research and competitions—with AI systems attempting to exploit real and synthetic targets. This comparison helps us pinpoint where current frontier model evaluations fall short, what tacit knowledge is needed to exploit vulnerabilities effectively, and how these gaps might be addressed. By distilling the expertise, intuition, and problem-solving approaches that make human experts more effective than current foundation models, we highlight the unique skills that continue to differentiate human practitioners. Conversely, we seek to identify areas where AI’s latent capabilities may offer distinct advantages, helping experts better leverage these tools in their work. Our work aims to improve AI cybersecurity evaluations, address critical gaps in evidence-based policymaking, and better equip practitioners to adapt to shifts in the offense/defense landscape.

Justin W. Lin

#ReclaimTech - A community movement

Saturday 14:30 for 30 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Janet Vertesi Reclaim Tech

Andy Hull Reclaim Tech (https://www.reclaimcontrol.tech/)

Organized by Hackers.town Community

What would it take to start a movement away from the major platforms, for people to #reclaimtech for themselves from the clutches of multi-billion dollar companies and VC backed unicorns, retrieving our data, our autonomy, and our sovereignty? We are a collection of conscientious objectors to the Big Tech ecosystems building community around peer-to-peer support and connection as we exit from these extractive ecosystems. Opting out of toxic systems, we believe, is not about digital minimalism but about opting in to stronger connections, more ethical systems, and a better future. In this talk, the Founders of Tech Reclaimers introduce our approach to bringing tech sovereignty to the masses: meeting people where they are, joining them on their journey, building confidence step by step, and fostering community in the process.

Janet Vertesi

Janet Vertesi (she/hers) is associate professor of sociology at Princeton University, where she is well known for her ìopt out experimentsî to evade tracking by data companies and embrace alternative tech systems, as well as for her in-depth studies of NASAís teams. An expert in the nexus between technology and society, she is a mobile Linux evangelist, teaches courses in critical technical practice and design, and sits on the advisory boards of the Data & Society Institute and the Electronic Privacy Information Center. Ask her how to make sure the Internet doesnít know that youíre pregnant.

Website

Andy Hull

Andy Hull (he/him) has been abusing computers since they came with cassettes and not enough RAM. He dabbles with recreational hacking, enjoys a spot of light homelabbing, and still dreams of being a Demoscener next year. Andy believes that computers should be tools that set us free and enshrine our rights as humans, not abusive platforms that imprison and enrage us.

Reclaim Tech

Reverse Engineering Marine Engines: How to make powerboats do your bidding

Saturday 14:30 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Alex Lorman

Organized by Maritime Hacking Village

As the autonomous boat market has grown from nascent to ~$17 billion dollars, much of the infrastructure has gotten more and more accessible. Small flight controllers/autopilots are now only a click and configuration away. Servos, speed controllers and actuators have all seen wide adoption and open interfaces and standards. ArduPilot supports more control protocols in every release.

Marine engines and outboard motors have remained stubbornly hard to control, and what control systems do exist are closed-source black boxes. Few if any vendors are ever given the full ICD for engine control and the vendors are frequently litigious with 3rd party accessory shops. While the safety concerns about running large gasoline or diesel engines autonomously are well-founded, the manufacturer’s could be substantially more open and encourage collaborative work with partners and hackers.

This talk examines the current state of marine propulsion (outboard, inboard, steering, proprietary controls etc…), where marine propulsion is going (metaphorically!) and how to hack it! The reverse engineering can be as simple as read-the-manual and as complicated as having to buy a full engine setup. We will walk through a few specific examples from several vendors for several classes of vehicles from jet-skis to modern outboards. This talk showcases work that is currently in progress and would hugely benefit from the types of collaboration that occur at DefCon.

Alex Lorman

Alex was born and raised in Washington, D.C.

Eventually he attended the Catholic University of American and graduated with a B.S. in Architecture.

He has worked on complex oil and gas projects in addition to his work in salvage, providing him the insight that the maritime world needed robotics, badly.

In 2014 he co-founded Sea Machines and moved to the Boston area to spearhead the effort.

He enjoys playing with cars, ships, bicycles and anything with a mechanical or electrical heart.

LinkedIn
www.alexlorman.com/

Veilid la revoluçion : Your data is yours to own

Saturday 14:30 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Paul Miller

Katelyn Bowden

Organized by Crypto Privacy Village

We Ain't came to lose!

At DEFCon 31 Veilid was revealed to the world as a part of the Bovine Resurrection, we generated press coverage worldwide, and managed to drag the window over on how the press talked about digital privacy. Now we come to the Crypto and Privacy Village to spread the good word of the future restored, how we can seize the means of computation, and HOW YOU CAN HELP. We'll talk about the whys and hows of the Veilid Framework, and what this new combined technology stack means for restoring the future we were promised.

We'll be covering the fundamentals of Veilid, as well as talking about progress made and the apps that have been released on our framework.

Paul Miller

Paul Miller is the founder/leader/community organizer of hackers.town, Projekt:ONI (Optimistic Nihilists Inc.) organizer and founder, Hacker, Infosec professional, and is a passionate privacy advocate. Paul has worked to show the ways a centralized internet has harmed our culture and the future. He believes you should always be N00bin', and that collectively we can restore the promise of the future the internet once offered us.

Katelyn Bowden

Katelyn Bowden is a hacker, activist, and CULT OF THE DEAD COW member, who embraces the human side of hacking and tech. Katelyn has dedicated her life to changing the world for the positive- between her work fighting Non-consensual pornography, and her dedication to educating users on security, she is dedicated to making the internet a safer place for everyone. Her alignment is chaotic good, with a hard emphasis on the chaos. She also creates strange furby art and has over 60 dead things on display in her house.

Veilid

The Power(Point) Glove

Saturday 14:30 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Parsia "CryptoGangsta" Hakimian Offensive Security Engineer at Microsoft

Organized by Hardware Hacking and Soldering Skills Village (HHV-SSV)

Inspired by the cult following of the Nintendo Power Glove, this talk explores an unconventional use as a presentation remote. Using a generic ESP32 dev board and basic C code, it becomes a Bluetooth keyboard controlling presentations with ease. In fact, I will deliver this talk using the same Power Glove.

In this beginner-friendly talk, I'll share my experience ""hacking"" the Nintendo Entertainment System (NES) accessory. I'll cover:

Choosing the right dev board: Arduino vs ESP32
NES controller protocol crash course
Translating button presses to PowerPoint shortcuts with ESP32

Attendees will learn how to replicate this project and add pizzazz to their presentations. I'll release the code, so you can spice up your own talks. Maybe you'll even use the Power Glove to pop a shell on a remote machine in your next Proof of Concept.

Note: This is a personal project developed independently and is not affiliated with or endorsed by Microsoft, Nintendo, or any other employer.

Parsia "CryptoGangsta" Hakimian

Parsia is an offensive security "engineer" at Microsoft. While not a full-time hunter, he has learned a great deal from hunts and the bug bounty community. He spends most of his time reading code and experimenting with static and dynamic analysis -- but wishing he was gaming.

Parsia has previously presented at DEF CON's main venue and the AppSec Village. When not breaking (or fixing) things, he plays videogames, D&D, spends time with family outside - and, as his wife jokes, "subjects himself to the tax and immigration systems of US and Canada".

LinkedIn
Website

Hard Hat Brigade Organizer Panel

Saturday 15:00 for 45 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

MrBill Founder at Hard Hat Brigade

M0nkeyDrag0n Organizer at Hard Hat Brigade

Hydrox Organizer at Hard Hat Brigade

CoD_Segfault Organizer at Hard Hat Brigade

Organized by Hard Hat Brigade

Origins of Hard Hat Brigade (why), the who / what / how

MrBill

M0nkeyDrag0n

Come wardrive with the Hard Hat Brigade!

Hydrox

CoD_Segfault

Let AI Auto-Generate Neural-ASR Rules for OT-specific Attacks via NLP Approach

Saturday 15:00 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Mars Cheng Head of Cyber Threat & Product Defense Center at TXOne Networks Inc.

Jr-Wei Huang Senior Threat Researcher of Cyber Threat & Product Defense Center at TXOne Networks Inc

Organized by ICS Village

For those ambitious threat actors targeting on OT/ICS field, their actions invariably are highly intensity planed to produce successful hacking. By abusing multiple misconfigurations and benign OT-specific nature infrastructure to evade multiple layers of protection, they can stealthily control the factory’s essential assets from IT to OT fields. For example, according to Mandiant’s report, the Russian hacker group, Sandworm, abused OT-level LoTL (Living Off the Land) to disrupt power in Ukraine. The key to success is abusing those OT-specific protocols, techniques, and LOLBins which are difficult to detect as malicious by modern AV/EDR.

In this research, instead of detecting MALICIOUS, we propose a novel multimodal AI detection, Suspicious2Vec, which archives contextual comprehension on process integrity and suspicious behaviors of OT/ICS benign operation. We use the AI model on large-scale real-world factories, to create a baseline of universal nature OT-specific operating into numerical vectors and success filter in-the-wild anonymous abuse for attacks into malicious.

From July 2023 to July 2024, our experiment whole year to received 2,000,000 data which were detected as unique suspicious techniques by 562+ human-written expert rules. We use the AI model to project those suspicious actions into numerical vectors by well-known word embedding methods, and also model all the suspicious behaviors from the OT + IT malware family from VirusTotal to generate a set of malware templates as neural ASR (Attack Surface Reduction) rules for detection, and success capture 12+ variant OT malware from 52,438 factory program files.

Mars Cheng

Mars Cheng is the Head of Cyber Threat & Product Defense Center at TXOne Networks Inc., responsible for leading three subgroups within the center: PSIRT, Advanced Threat Research Group, and Threat Operation Group. Additionally, he serves as the Executive Director of the Association of Hackers in Taiwan (HIT/HITCON) and General Coordinator of HITCON CISO Summit 2025; he plays a pivotal role in fostering collaboration between enterprises and government entities to strengthen cybersecurity. His expertise encompasses ICS/SCADA systems, malware analysis, threat intelligence and hunting, blue team, and enterprise security. A seasoned speaker, Mars has delivered over 60 presentations at international cybersecurity conferences, including Black Hat USA, Europe, and MEA, RSA Conference, DEF CON, CODE BLUE, FIRST, HITB, HITCON, Troopers, NOHAT, SecTor, S4, SINCON, and ROOTCON, among others. He has successfully organized several notable HITCON events, including the HITCON CISO Summit in 2023 and 2024, HITCON PEACE 2022, and HITCON 2021 and 2020.

Jr-Wei Huang

Jr-Wei Huang is a Senior Threat Researcher of Cyber Threat & Product Defense Center at TXOne Networks Inc., specializing in threat hunting, detection engineering, and malware analysis. He has 3 years hands-on experience in developing EDR product features and designing effective detection strategies. Jr-Wei Huang has spoken at conferences such as HITCON, JASEC, and CYBERSEC Taiwan, covering topics including Windows and macOS security, blue team operations, and detection engineering. He has also delivered lectures and training sessions for universities and private companies across Taiwan.

Referral Beware, Your Rewards Are Mine

Saturday 15:00 for 30 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Whit "un1tycyb3r" Taylor Rhino Security Labs

Organized by Bug Bounty Village

Referral Rewards Programs. Functionality that most probably view as boring and not worth the time looking at while hunting for bugs on a program. After a deep dive into the implementation of this functionality across dozens of programs, I found them to be hiding some very interesting bugs. My research uncovered various types of business logic flaws, race conditions, and even how the implementations created various client-side gadgets such as cookie-injection and client-side path traversal which could then be used as a part of a client-side chain. This research uncovered vulnerabilities in multiple large bug bounty programs.

Whit "un1tycyb3r" Taylor

As a penetration tester for Rhino Security Labs, I bring over a decade of experience to the security industry. For the past two years, I have specialized in bug bounty hunting and penetration testing, focusing on web applications and recently expanding into Android application security. My work has resulted in vulnerability submissions to major companies, including Epic Games and PayPal.

Beyond my primary roles, I actively conduct security research on open-source projects and emerging web technologies. This research has led to the discovery of several CVEs, including a critical Unauthenticated Remote Command Execution (RCE) vulnerability in Appsmith Enterprise Edition.

How AI + Hardware can Transforming Point-of-Care Workflows

Saturday 15:00 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

PamirAI

Organized by Biohacking Village

The Bio / medical industry creates huge amounts of data—vital-sign streams, imaging, clinician notes— Knowledge base requirements are very heavy, so a little help from a specialized llm can boost the productivity alot. Our new layered technology, accomplishes just this

Hardware layer: A customized CM5 board, an RP2040 co-processor, and a sunlight-readable E-ink display strike the sweet spot LLM entirely on-device + many other transcription models + TTS models.

Software layer – Our “MCP Hub” turns plain-language requests like “track heart rate every five minutes” into a reliable data log, even when Wi-Fi is down. With the help of AI coding, any sensor can start to work within 5min.

PamirAI

Kevin & Tianqi are veteran engineers from Microsoft Surface devices and Qualcomm’s efficient-AI—that is miniaturizing enterprise-grade inference into badge-sized hardware, they designed the hardware + software of distiller, and enclosure to squeeze 3-billion-parameter language models into a 10-Watt, pocket-safe form factor, giving clinicians instant, private access to AI reasoning right at the bedside.

Countering Forensics Software by Baiting Them

Saturday 15:00 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Weihan Goh Associate Professor at the Singapore Institute of Technology (SIT)

Joseph Lim Final-year Information Security Student, Singapore Institute of Technology

Isaac Soon Final-year Information Security Student, Singapore Institute of Technology

Organized by Adversary Village

There's been remarkably little discussion about how mobile forensic tools fare against adversarially modified environments, particularly in terms of forensic reliability. Tools (and investigators) often assume that target devices function as expected, with minimal scrutiny of whether that assumption holds. Our research demonstrates otherwise - sophisticated anti-forensic techniques placed within Android devices can silently compromise evidence, placing longstanding investigative and extraction methodologies at risk.

Our research addresses a blind spot in Android logical extraction workflows - namely, an assumption that once mobile forensic software overcome the hurdle of device access, the extraction is assumed to follow correctly. While forensics software excel at getting a foot in the door, from our actual tests they offer little against stealthy, second-layer countermeasures that can silently manipulate or destroy data post-access.

Weihan Goh

Dr Weihan Goh is an Associate Professor at the Singapore Institute of Technology (SIT). His research interests include digital forensics, anti-forensics, security testing, as well as technologies for cybersecurity education such as cyber ranges, CTF / CDX, remote proctoring, and anti-fraud / anti-cheat systems. Beyond teaching and research, Dr Goh participates in capture-the-flag exercises, going by the CTF handler 'icebear'.

Joseph Lim

Joseph Lim is an Information Security undergraduate at the Singapore Institute of Technology, with a diploma in Infocomm Security Management from Singapore Polytechnic. With a strong foundation in cybersecurity, he is particularly interested in mobile security and digital forensics. Joseph has also previously presented research on mobile malware at the 14th ACM Conference on Data and Application Security and Privacy (2024).

Isaac Soon

Soon Leung Isaac is currently pursuing a degree in Information and Communication Technology, specializing in Information Security, at the Singapore Institute of Technology. Previously, he served as a SOC analyst in the Singapore Armed Forces for two years, where he was responsible for safeguarding Singapore's military network. His main areas of research include offensive security and mobile security.

Pirates of the North Sea

Saturday 15:00 for 30 minutes, at LVCC - L2 - W233 (Creator Stage 1)

John Andre Bjørkhaug Netsecurity

Organized by Maritime Hacking Village

In this talk you get an insight into real-world Red Team operations conducted onboard ships and against maritime companies. Drawing from first-hand experience, the presentation walks through how Red Teamers boarded cruise ships undercover as regular passengers and proceeded to gain deep access to both IT systems and critical operational areas. The talk reveals how testers were able to physically enter restricted zones such as communication rooms and engine control rooms, all while blending in with guests and crew. It will also showcase how vulnerabilities in shipboard infrastructure allowed the team to manipulate or disable key systems, including navigation and onboard communications, on both passenger and cargo vessels. Whether you’re in cybersecurity, maritime operations, or just curious about how to hack a ship, this is a talk you don’t want to miss.

Links:
maritimehackingvillage.com/dc33/talks

John Andre Bjørkhaug

John-André Bjørkhaug has worked as a penetration tester for over 16 years. He has a degree in electrical engineering but prefer to break things instead of building things. This led him to become a hacker/penetration tester. John's main focus is penetration testing of internal infrastructure and physical security system together with social engineering and full scale Red Team tests.

Contextualizing alerts & logs at scale without queries or LLMs (opensource)

Saturday 15:30 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Ezz Tahoun

Organized by IOT Village

IoT environments generate massive, noisy streams of logs and alerts—most of which lack the context needed for meaningful detection or response. This talk introduces a novel, LLM-free approach to large-scale alert contextualization that doesn't rely on writing complex queries or integrating heavy ML models. We’ll demonstrate how lightweight, modular correlation logic can automatically enrich logs, infer context, and group related events across sensors, devices, and cloud services. By leveraging time, topology, and behavioral attributes, this method builds causality sequences that explain what happened, where, and why—without human-crafted rules or expensive AI inference. Attendees will walk away with practical techniques and open-source tools for deploying contextualization pipelines in resource-constrained IoT environments. Whether you're defending smart homes, industrial OT networks, or edge devices, you'll learn how to extract insight from noise—fast.

Ezz Tahoun

Ezz Tahoun is an award-winning cybersecurity data scientist recognized globally for his innovations in applying AI to security operations. He has presented at multiple DEFCON villages, including Blue Team, Cloud, Industrial Control Systems (ICS), Adversary, Wall of Sheep, Packet Hacking, Telecom, and Creator Stage, as well as BlackHat Sector, MEA, EU, and GISEC. His groundbreaking work earned him accolades from Yale, Princeton, Northwestern, NATO, Microsoft, and Canada's Communications Security Establishment. At 19, Ezz began his PhD in Computer Science at the University of Waterloo, quickly gaining recognition through 20 influential papers and 15 open-source cybersecurity tools. His professional experience includes leading advanced AI-driven projects for Orange CyberDefense, Forescout, RBC, and Huawei Technologies US. Holding certifications such as aCCISO, CISM, CRISC, GCIH, GSEC, CEH, and GCP-Cloud Architect, Ezz previously served as an adjunct professor in cyber defense and warfare.

Operational Twilight: APTs, OT, and the geopolitics of a dying climate

Saturday 15:30 for 30 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Cybelle Oliveira Cyber Threat Intelligence Researcher at Malwarelandia

Organized by Adversary Village

We’re trying to debug the end of the world through trial and error — mostly error. In the middle of a worsening climate crisis, outdated OT protocols like Modbus are being exploited by state-sponsored actors in ways that turn environmental infrastructure into geopolitical weapons. From hijacked dams running Windows 95-era code to smart thermostats recruited into botnets fighting over Arctic oil, the climate-tech battlefield is already here.

This session dives into how APTs are quietly compromising the systems designed to save the planet. We’ll examine real-world campaigns where threat actors have targeted energy grids, carbon capture labs, and EV infrastructure — and how climate action is being derailed by 1970s-era code and modern apathy.

This is Cyber Threat Intelligence meets Climate Fiction (Cli-Fi). It’s weird, terrifying, and very real.

Cybelle Oliveira

Cybelle Oliveira is a Cyber Threat Intelligence researcher and a Master’s student in Cyber Intelligence. She teaches in a postgraduate CTI specialization program in Brazil and is the co-founder of La Villa Hacker — the first DEF CON village dedicated to the Portuguese and Spanish-speaking community.

Cybelle has spoken at some of the world’s leading security conferences, including DEF CON, BSides Las Vegas/São Paulo/Rio de Janeiro, 8.8 Chile, Cryptorave, Radical Networks, Mozilla Festival, and many others. Her work often explores the intersection of cyber threats, geopolitics, and underreported regions, with a particular interest in the strange, obscure, and catastrophically messy corners of cybersecurity.

Cybelle Oliveira es Consultora de Ciberseguridad, postgraduada en Cyber Threat Intelligence y estudiante de Máster en Ciberinteligencia en el Campus Internacional de Ciberseguridad de la Universidad de Murcia, España. Ha estado involucrada en activismo de privacidad y seguridad durante más de 10 años y ha presentado charlas en eventos por todo el mundo, como BSides LV, BSides SP, Girls Hack Village (DefCon), 8.8 Chile, Internet Freedom Festival, Radical Networks, Mozilla Festival, Roadsec, Cryptorave, entre otros. Cybelle forma parte de la comunidad Mozilla y es directora de la organización Casa Hacker.

Take all my money – penetrating ATMs

Saturday 15:30 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Fredrik Sandström Head of Cyber Security at Basalt

Organized by Payment Village

In this presentation we will discuss real-world examples of cybersecurity issues with ATMs. Ever wondered what it takes to make an ATM spew out cash? You’ll hear some war stories from Fredriks career when penetration testing ATMs, which includes the technical aspects of ATM hacking like tools but also troubles that can arise when trying to set up an ATM test.

Fredrik Sandström

Fredrik Sandström, M.Sc. is Head of Cyber Security at Basalt, based in Stockholm, Sweden. He has nearly a decade of experience in penetration testing, alongside a background in software development and embedded systems engineering. His early work includes software development for organizations such as the Swedish Defence Research Agency (FOI).

Since 2015, Fredrik has focused on delivering advanced security assessments—including penetration testing, red teaming, and threat emulation—for clients in diverse sectors such as banking, insurance, automotive, energy, communications, and IT services. He holds multiple industry-recognized certifications, including GXPN (GIAC Exploit Researcher and Advanced Penetration Tester), GCPN (GIAC Cloud Penetration Tester), GRTP (GIAC Red Team Professional), and HTB Certified Bug Bounty Hunter (CBBH).

Fredrik is also an active contributor to the security community. He has presented at major conferences such as SEC-T—Sweden’s leading offensive security conference—and DevCon in Bucharest, Romania, a key event for developers and IT professionals in Eastern Europe.

Website

Creating a Virtual Ship Environment Optimized for Cybersecurity Use

Saturday 15:30 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Jeff Greer University of North Carolina-Wilmington

Laavanya Rachakonda Dr. at University of North Carolina-Wilmington

Organized by Maritime Hacking Village

Current ship simulators are designed to help masters and mates pass their STCW exams. They were never designed for cybersecurity use. So, here is the interesting question that will be considered during the presentation. What is the ideal architecture of a virtual ship environment for cybersecurity education, assessment, and research use? Recent work at UNCW suggests there is a need for a hybrid virtual environment comprised of a full mission (above and below the waterline) ship simulator coupled with sub-system device emulators and specialized software applications. Examples of required device emulators include communication devices, bridge instruments, and industrial controllers. Coupling can be accomplished through logical or physical means. Examples of specialized software applications include network traffic generation, strategically located test access points for staging exploits, cyber data analytics, and trainer control over directed simulations. Cybersecurity use cases are being used to help shape derivative functional requirements. Rather than develop a novel virtual environment from scratch, UNCW has been looking into the feasibility of augmenting an existing, commercially available ship simulator with new functionality such that it is fit for cybersecurity use. Unitest’s, Winterthur X92 marine engine simulator is an ideal candidate that will be briefly demonstrated during the presentation.

Jeff Greer

Jeff Greer is an Assistant Professor of Practice in Cybersecurity at the University of North Carolina Wilmington. When not teaching he is reading, writing, and coding. The focus of his applied R&D work is the application of system-of-systems engineering practices to resolve maritime cybersecurity problems. Prior to retiring from corporate life, Jeff was an integral part of an executive team that built a mobile broadband business delivering internet services to ships at sea around the world. Jeff is a member of the USCG Sector 5 Area Maritime Security Council and the FBI Infragard program. Jeff holds an MS Degree in Cybersecurity Technology from the University of Maryland Global Campus.

LinkedIn
scholars.uncw.edu/display/greerj

Laavanya Rachakonda

Dr. Laavanya Rachakonda is an Assistant Professor in the Department of Computer Science at the University of North Carolina Wilmington, serving in this role since August 2021. She earned her Ph.D. and M.S. in Computer Science and Engineering under Dr. Saraju P. Mohanty at the University of North Texas, Denton, in 2021, and holds a B.Tech. in Electronics and Communication Engineering from VMTW, JNTUH, India.

As the Founder and Director of the Smart and Intelligent Physical Systems Laboratory (SIPS) at UNCW, Dr. Rachakonda leads a multi-disciplinary team researching cutting-edge applications of Machine Learning, Artificial Intelligence, IoT, and IoMT. Her lab’s focus spans Smart Healthcare, Agriculture, Transportation, and Smart Living, aiming to create sustainable, intelligent systems with robust security and privacy integration. SIPS is dedicated to developing low-power, fully automated systems processed at the edge, supporting stress-free and sustainable living.

Cloned Vishing: A case study

Saturday 15:30 for 30 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Katherine Rackliffe Brigham Young University

Organized by Social Engineering Community Village

We ran a research study at Brigham Young University where we tested a novel phishing technique where AI voice cloning is used to imitate specific people. This talk will discuss the results of the study and potential safeguards to prevent these phishing scams.

Katherine Rackliffe

Katherine recently graduated in the cybersecurity program at Brigham Young University, and an incoming PhD student for the University of Wisconsin-Madison.

LinkedIn
Mastodon (@katheredcliff@mastodon.social)
katherinerackliffe.org/

Badgelife Panel: Lessons from Years of Do’s, Don’ts, and Last-Minute Saves

Saturday 15:45 for 60 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Abhinav Pandagale Founder at Hackerware.io

MakeItHackin Badge Maker

Bradán Lane Bradán Lane Studios

Organized by Badgelife Community

Behind every blinking LED and clever CTF is a mountain of caffeine, chaos, and carefully disguised panic. In this panel, veteran badge creators share their hard-earned lessons from years in the trenches of Badgelife - what worked, what absolutely didn’t, and what miraculously came together 12 hours before con opened. From catastrophic PCB errors and customs nightmares to soldering in hotel bathtubs, and shipping hacks that would make a logistics manager cry - we’ll break down the real behind-the-scenes stories that never make it to the badge booth. Whether you’re a first-time builder or a seasoned badge nerd, this is your survival guide (and therapy session) in one.

Links:
hackerware.io/badgelife-lessons

Abhinav Pandagale

Abhinav's artistry comes from the times he used to sneakily paint drawings made by his sister. His hacking career began as a toddler, disassembling his toys but never put them back together. His entrepreneurial roots come from selling snacks at a school fair and making a loss of . Having learned how not to make money, he launched Hackerware.io - a boutique badgelife lab with in-house manufacturing - which has grown over the past nine years into a global presence across 19 countries. He’s often spotted at conferences around the world - hosting hardware villages or pulling off the kind of random shenanigans that earned him the Sin CON Person of the Year 2025 award.

LinkedIn
Website

MakeItHackin

MakeItHackin graduated with a physics degree and served in the Army before diving into electronics in 2016, the same year as his first DEF CON! He joined the badge-making scene at DEF CON 29, fueling a passion for reverse-engineering. With a love for tearing apart tech, he tinkers as a hobbyist, and has previously spoken at Physical Security Village, HOPE Conference, and Hackaday Supercon.

Mastodon (@makeithackin@infosec.exchange)
Website

Bradán Lane

Bradán graduated third grade with a degree in crayon. This, combined with his unwavering belief in “how difficult could it be”, has made him eminently qualified to wash dishes. His background in UX Designer & User Research and as a purveyor of personas demonstrates his profound talent for making stuff up with confidence. Bradán pre-dates the internet and ARPANET.

Website

China's Health Sector Ambitions and Information Needs: Implications for U.S. Health Care Cyber Defense

Saturday 16:00 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Amelia Shapiro

Organized by Policy @ DEF CON

Amelia Shapiro

Amelia is an intelligence analyst at Margin Research where she specializing in combining science and technology and regional expertise. Before working at Margin, Amelia worked at a DC-based research shop. Amelia graduated from Brown University with the Albert A. Bennett Prize for Exceptional Accomplishment in the Mathematics Concentration as well as honors in the security studies concentration.

SSH Honeypots and Walkthrough Workshops: A History

Saturday 16:00 for 60 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Ryan Mitchell Principal Software Engineer at Gerson Lehrman Group

Organized by Packet Hacking Village

At DEF CON 24, an SSH honeypot on the open network held a puzzle that would go on to inspire the first Walkthrough Workshop. Although the Walkthrough Workshops at the Packet Hacking Village no longer feature Cowrie, its echoes live on at DEF CON. Out of the box, Cowrie is a medium-interaction SSH honeypot, but this level of interaction can be raised with a little elbow grease. From custom commands and adventure games to file systems laid out as spatial cubes, this talk explores several years of Cowrie-based challenges that will bash your expectations of terminal interaction.

Ryan Mitchell

Ryan Mitchell is a staff member at the Packet Hacking Village and the author of Unlocking Python (Wiley), Web Scraping with Python (O’Reilly), and multiple courses on LinkedIn Learning including Python Essential Training. She holds a master’s degree in software engineering from Harvard University Extension School and has worked as principal software engineer and data scientist on the search and artificial intelligence teams at the Gerson Lehrman Group for the last six years.

Your Passkey is Weak: Phishing the Unphishable

Saturday 16:00 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Chad Spensky, Ph.D. Allthenticate

Organized by Physical Security Village

While passkeys are being touted as the end of phishing, they might be putting your organization at even more risk. In this talk I will demonstrate a relatively straightforward phishing attack against “phishing-resistant” synced passkeys and provide guidance and advice for responsible passkey usage.

Links:
www.yourpasskeyisweak.com

Chad Spensky, Ph.D.

Chad is a teenage hacker turned cybersecurity expert who studied under the best in his field at UNC-CH, UCSB’s SecLab, IBM Research, and was a lead researcher at MIT LL where he played a pivotal role in various high-impact projects for the US DoD. He has broken every authentication system under the sun and has committed his career to doing better for our society.

LinkedIn
Website

State of the Pops: Mapping the Digital Waters

Saturday 16:00 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Vlatko Kosturjak Marlink Cyber

MJ Casado

Organized by Maritime Hacking Village

The maritime industry is rapidly digitizing, but how well is it securing its foundational digital infrastructure? In this talk, we present the results of a large-scale passive reconnaissance effort targeting the top 50 global maritime organizations—leveraging only open source intelligence (OSINT) and LLM-assisted analysis. By focusing on core security controls such as DNS, email authentication protocols, and other foundational internet services, we uncover a troubling landscape. All data was collected non-intrusively and ethically, relying exclusively on public data. Results will be presented in an anonymized and aggregated fashion, with a strong emphasis on reproducibility. In true hacker village spirit, we will release all scripts and tools used—empowering attendees to replicate the analysis, audit other industries, or expand upon our methodology. This session will not only highlight the maritime sector’s digital weaknesses but also demonstrate how anyone with OSINT skills and curiosity can surface meaningful insights about critical industries—with zero packets sent to the targets.

Links:
maritimehackingvillage.com/dc33/talks

Vlatko Kosturjak

Vlatko Kosturjak serves as the VP of research at Marlink Cyber, boasting over two decades of dedicated experience in the realms of information security and cybersecurity. His diverse roles over the years have not only equipped him with a comprehensive understanding of security governance but also delved into the deep technical side of security. He have successful M&A experience in different fields of cyber security including application security.

Vlatko finds joy in both breaking and building security controls. Beyond his commitment to security, he harbors a deep passion for open and free software. This passion has manifested in the creation of numerous popular open-source offensive tools and contributions to various renowned free security software projects.

Throughout his extensive career and in his continuous pursuit of knowledge in the dynamic field of cybersecurity, Vlatko has acquired a long array of certifications, including CISSP, OSCP, CISM, and many more.

LinkedIn
Mastodon (@kost@mastodon.social)
Website

MJ Casado

Fingerprinting Maritime NMEA2000 Networks

Saturday 16:00 for 30 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Constantine Macris (TheDini) University of Rhode Island

Anissa Elias University of Rhode Island

Organized by Maritime Hacking Village

Maritime vessel controls and operational technology (OT) systems are getting more complex and interconnected. With industry trends aiming to reduce crew, automate tasks, and improve efficiency, these networks are expanding in scale, intricacy, and criticality for vessel operation and maintenance. The standard controller area network (CAN) bus for maritime vessel networks, developed by the National Marine Electronics Association (NMEA), known as NMEA2000. NMEA2000 is an application layer network protocol built on the ISO11783 standard and compatible with automotive SAEJ1939, it uses unique message identifiers known as Parameter Group Number, to define the data within each communication frame. Despite its widespread use, NMEA2000 remains a relatively unexplored domain, particularly in understanding normal versus abnormal network behavior, due to the unavailability of open-source datasets. To address this gap, we constructed a NMEA2000 system consisting of five nodes: GPS/Radar, Wind Speed/Direction sensor, and Multifunction Display. Using this setup, we collected datasets to analyze system behavior and developed deterministic fingerprints for each sensor, establishing a baseline of the normal operating system. We subject the system to controlled attacks to evaluate the accuracy and effectiveness of the fingerprints. This work represents a foundational step towards enhancing security and reliability in maritime OT systems.

Links:
maritimehackingvillage.com/dc33/talks

Constantine Macris (TheDini)

Constantine Macris is a Connecticut native and pursuing a PhD at the URI. Constantine is a reserve CDR in the Navy, industry expert in OT and network security and CISO at Dispel.

Anissa Elias

Resilient and Reconfigurable Maritime Comms.

Saturday 16:30 for 30 minutes, at LVCC - L2 - W228 (Creator Stage 4)

AviNash Srinivasan US Naval Academy

Organized by Maritime Hacking Village

With the maritime industry handling a large portion of global trade, efficient, secure information transfer is essential. Technologies like unmanned aerial vehicles (UAVs), autonomous underwater vehicles (AUVs), and the Internet of Ships (IoS) are enhancing communication and operational efficiency, but they also pose security and network management challenges. Compromised IT systems can lead to easy access to operational technology (OT) networks, increasing the risk of zero-day attacks. This talk presents the current state of maritime comms and explore the feasibility of an SDN-SDR driven cross-layer framework using SATCOM infrastructure for a resilient and reconfigurable maritime comms in dynamic, resource-constrained environments.

Links:
maritimehackingvillage.com/dc33/talks

AviNash Srinivasan

Dr. Avinash Srinivasan is an Associate Professor in the Cyber Science department at the United States Naval Academy. He holds a Ph.D. and a Master's in Computer Science, and a Bachelor’s in Industrial Engineering. His research interests span the broad areas of cybersecurity and forensics. In particular, his research focuses on network security and forensics, security and forensics in cyber physical systems, and critical infrastructure, steganography and information hiding, cloud computing forensics challenges, and privacy and anonymity. Dr. Srinivasan has administered several grants from agencies including DoD/Navy, NSF, DoJ, DHS, and DoEd. He has published 55 papers in prestigious refereed conferences and journals including IEEE Transactions on Information Forensics and Security, INFOCOM, ICDCS, and ACM SAC. Dr. Srinivasan also holds a patent (Patent number: 11210396). He currently serves on the editorial board for IEEE Transactions on Cognitive Communications and Networking as an Associate Editor. Dr. Srinivasan is a Certified Ethical Hacker (CEH) and Computer Hacking Forensics Investigator (CHFI). He has trained civilians as well as local and state law enforcement personnel in the areas of Macintosh Forensics and Network Forensics.

Navigating the Invisible

Saturday 16:30 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Mehmet Önder Key Self

Furkan Aydogan UNCW

Samet Can Tasci BurkutSec

Organized by Maritime Hacking Village

The maritime domain's vastness often masks hidden threats. This talk explores leveraging Open-Source Intelligence (OSINT) to enhance maritime security. We'll demonstrate practical, low-cost methods to gather and analyze publicly available data – including vessel tracking, port data, and social media – for identifying anomalous behaviors and predicting potential cyber-physical risks. Attendees will learn actionable techniques to build a proactive threat intelligence picture without specialized tools, providing crucial insights for defenders in this critical sector

Links:
maritimehackingvillage.com/dc33/talks

Mehmet Önder Key

Furkan Aydogan

Dr. Aydogan is an Assistant Professor of Computer Science at UNCW and a researcher in cybersecurity, digital forensics, and brainwave-based encryption systems. His Ph.D. focused on using EEG signals to secure IoT devices—blending neuroscience with cryptography. He’s a two-time award winner for research in VANET security and cognitive encryption.

Samet Can Tasci

Samet Can Tasci is a Red Hat Certified Linux System Administrator with over six years of experience in securing and automating enterprise infrastructure. He specializes in system hardening, containerization, and secrets management with HashiCorp Vault, and has a strong focus on DevOps workflows using Ansible and GitLab CI.

Post-Quantum Panic: When Will the Cracking Begin, and Can We Detect it?

Saturday 16:30 for 45 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Konstantinos Karagiannis Director of Quantum Computing Services at Protiviti

Organized by Quantum Village

Quantum computers will crack RSA and ECC and weaken symmetric encryption, but when? NIST is betting it won't happen before 2035, setting that deadline for companies to migrate to post-quantum cryptography (PQC). However, recent developments make it clear that we might not have 10 years; we might have only 5! Join Konstantinos Karagiannis (KonstantHacker) as he breaks down the latest algorithmic estimates, including Oded Regev's game-changing tweak to Shor's algorithm, which promises faster factoring with fewer qubits. He also discusses IonQ and IBM's aggressive roadmaps, pushing us closer to cryptographically relevant quantum computers (CRQCs). Think 1000+ qubits by 2026 and fault-tolerant systems by 2030. And when Q-Day does arrive, will we be able to catch or prevent bad actors from running these algorithms on cloud quantum platforms? Learn what's possible when monitoring quantum circuit patterns and suspicious API calls.

Konstantinos Karagiannis

Forged in the InfoSec trenches of the 90s and a pioneer in the quantum computing space since 2012, Konstantinos Karagiannis (KonstantHacker) lives at the intersection of cryptography and physics. As Protiviti's Director of Quantum Computing Services, he translates the existential threat—and promise—of quantum for the world's top organizations. When he's not behind the mic on The Post-Quantum World podcast, you can find him on stage at RSA, Black Hat, and right here at DEF CON, where he reigns as a Venerable Village Elder of the Quantum Village.

Breaking In: Real Paths Into Cybersecurity from Hackers, Humans, and Hiring Pros

Saturday 17:00 for 60 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Rosie "Lady Cyber Rosie" Anderson Head of Strategic Solutions at th4ts3cur1ty.company Director at BSides Leeds CoFounder at BSides Lancashire Organiser at Manchester2600

Tib3rius Cybersecurity Content Creator

Jayson E. Street Chief Adversarial Officer at Secure Yeti

Organized by Noob Community

Trying to break into cybersecurity? Forget the hype. This panel cuts through the noise to show you what actually works: what roles are out there, what skills and certs are worth your time, how to build a real resume, and how to find your people in the community. We’ll talk job hunting, self-study, mentorship, influencers (the good and the grifty), and how to avoid wasting time and money. Ends with an open Q&A. No gatekeeping. No fluff.

Rosie "Lady Cyber Rosie" Anderson

Rosie Anderson is Head of Strategic Solutions for th4ts3cur1ty.company AKA Magical Genie Person. Having previously spent two decades talking to businesses to solve their hiring challenges, and helping people to break into cyber security as a recruiter, Rosie now uses those skills to help businesses solve their cybersecurity challenges. Rosie also founded BSides Lancashire, is a Director of BSides Leeds and restarted the Manchester 2600 Hacker Community, the only 2600 to be run by two women in its 40 year history. She was awarded Most Inspiring Woman in Cyber Security for 2024 and Cyber Newcomer for 2025.

Rosie has been a mentor for Capslock a cyber training programme for over two years, and is also part of the Ethical Council for Hacking Games. Giving back is important to her, and she loves the pay-it-forward mentality.

LinkedIn
Website

Tib3rius

Tib3rius is a professional penetration tester who specializes in web application hacking, though his background also includes network penetration testing. He is OSCP certified, and likes developing new tools for penetration testing, mostly in Python. He helps run an OSCP prep discord server, and enjoys passing on his knowledge to students who have a passion for information security.

LinkedIn
Mastodon (@tib3rius@infosec.exchange)
Website

Jayson E. Street

LinkedIn
Mastodon (@Jayson@defcon.social)

Anatomy of a Crypto Scam

Saturday 17:00 for 60 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Nick "c7five" Percoco CSO at Kraken

Kitboga Kraken

Organized by Cryptocurrency Community

Nick and Kit team up to explain a story of fraud and scam as often reported in the news. A method of deceit with a unique financial angle is introduced, starting with a video to illustrate the problem. History of the actors involved in the analysis and security research reveals their complementary partnership, where they observe the scam to develop defense methods. A breakdown of the scam workflow follows its progress and funds are tracked as they move from the victim's possession. Finally, advice is given how to protect from becoming a victim of similar fraud.

Nick "c7five" Percoco

Nick Percoco is the Chief Security Officer at Kraken, where he spearheads the frameworks and protocols that ensure a secure and seamless trading experience for clients. A recognized leader in the security and hacker community, Nick brings nearly 30 years of expertise in cybersecurity and technology, shaping the industry's approach to threat defense and risk mitigation. A dedicated contributor to the security community, he founded THOTCON, Chicago’s premier non-profit hacking conference, and has been a contributor to secure infrastructure and network design at DEFCON, the world’s largest hacking conference, since 2017. An accomplished speaker and researcher, Nick has presented groundbreaking work on cryptocurrency security, targeted malware, mobile security (iOS & Android), and IoT vulnerabilities at leading global forums, including Black Hat, RSA Conference, DEFCON, CfC St. Moritz, and SXSW.

Kitboga

With more than 3M subscribers on YouTube and beyond, Kit pioneered scambaiting. “Everyday there are scammers taking advantage of people. I call them to waste their time, walk people through their "script" and lies, report info when I can, and otherwise make light of a dark situation.”

kitboga.com/

One Modem to Brick Them All: Exploiting Vulnerabilities in the EV Charging Communication

Saturday 17:00 for 60 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Marcell Szakály

Sebastian Köhler

Jan "SP3ZN45" Berens

Organized by Car Hacking Village

In this talk we present a collection of attacks against the most widely used EV charging protocol, by exploiting flaws in the underlying power-line communication technologies affecting almost all EVs and chargers.

Specifically, we target the QCA 7000 Homeplug modem series, used by the two most popular EV charging systems, CCS and NACS.

We demonstrate multiple new vulnerabilities in the modems, enabling persistent denial of service.

To better understand the scope of these issues, we conduct a study of EV chargers and vehicles, and show widespread insecurities in existing deployments.

We show a variety of practical real-world scenarios where the HomePlug link can be used to hijack EV charging communications, even at a distance.

Finally, we present results from reverse engineering the firmware and how we can gain code execution.

Marcell Szakály

Marcell Szakály is a PhD student in the Systems Security Lab at the University of Oxford. His research focuses on the security of the EV charging infrastructure. He received his masters degree in Physics, and worked on superconducting magnet design. His work now involves RF hardware, SDRs, and digital electronics.

Sebastian Köhler

Previous speaker at CarHackingVillage 2023, Redeploying the Same Vulnerabilities: Exploiting Wireless Side-Channels in Electric Vehicle Charging Protocols

Profile

Jan "SP3ZN45" Berens

Jan Berens aka SP3ZN45 has been a goon in the QM department for several years now and is working full time as a redteamer at alpitronic SLR the leading manufacturer for DC chargers in Europe. His background is security consulting and penetration testing for critical infrastructures and industrial installations in Europe. Doing mostly non publicly disclosed security research and mentoring of beginners in the security domain.

Hacking Context for Auto Root Cause and Attack Flow Discovery

Saturday 17:00 for 60 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Ezz Tahoun

Organized by Packet Hacking Village

Modern SOCs are flooded with alerts yet blind to what matters. This talk shows how to auto-discover attack flows and root causes by hacking context across telemetry, logs, and threat signals. Using open-source tools and correlation logic, we’ll walk through real-world detection pipelines that stitch together events across cloud, endpoint, and network environments. You'll learn lightweight, vendor-agnostic approaches to enrich data, group alerts by incident, and make sense of security chaos — fast.

Ezz Tahoun

So you want to make a badge? Badge Creation 101, from SAO to full #badgelife

Saturday 17:15 for 45 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Jeff "BigTaro" Geisperger

Organized by Badgelife Community

Jeff "BigTaro" Geisperger

Jeff Geisperger is a security engineer with 15 years of experience specializing in hardware and device security. His work ranges from low-level firmware and embedded systems to the cloud services that power modern devices, with a focus on end-to-end security across the stack. Outside of his professional role, Jeff is active in the hardware hacking and badgelife communities. What began as a hobby collecting badges has grown into designing both indie and large-scale conference badges for thousands of attendees.

bigtaro.net

Blind Trailer Shouting (Car Hacker's Version)

Sunday 10:00 for 60 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Ben Gardiner

Organized by Car Hacking Village

You all know that PLC4TRUCKS is unintentionally accessible wirelessly (CVEs 2020-14514 and 2022-26131). In this talk we will dig into the details of the new CVE-2024-12054 and some other results on the ECU investigated. This talk is tailored to those with an automotive cybersecurity background. We found ECUs running the KWP2000 diagnostic protocol on PLC4TRUCKS, supposedly secured with their fancy seed-key exchange. But guess what? Those seeds are way more predictable than they should be. A bit of timing trickery, a classic reset attack, and boom – we're in, no peeking at the ECU's responses needed. Blind, non-contact attacks on PLC4TRUCKS? Yep, we found a way. Turns out wireless unauthorized diagnostics access isn't just limited to older equipment. These newer trailer brake controllers' diagnostic functions can be abused too. This situation highlights the need for future tractors to deploy mitigations that protect the trailer from wireless attacks because they are all reachable and even the new ones are vulnerable.

Ben Gardiner

Ben is a Senior Cybersecurity Research Engineer at the National Motor Freight Traffic Association, Inc. (NMFTA)™ specializing in hardware and low-level software security. He has held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations.

Ben has conducted workshops and presentations at numerous cybersecurity events globally, including the CyberTruck Challenge, GENIVI security sessions, Hack in Paris, HackFest, escar USA and DEF CON.

Ben holds a M.Sc. Eng. in Applied Math & Stats from Queen’s University. In addition to speaking on the main stage at DEF CON, Ben is a volunteer at the DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV). He is GIAC GPEN and GICSP certified, chair of the SAE TEVEES18A1 Cybersecurity Assurance Testing TF (published J3322), a contributor to several American Trucking Associations (ATA) Technology & Maintenance Council (TMC) task forces, ISO WG11 committees, and a voting member of the SAE Vehicle Electronic Systems Security Committee.

Behind the Badge: How We Used and Abused Hardware (again) to Create the AV Badge for DC33

Sunday 10:00 for 60 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Adam Batori Rare Circuits

Robert Pafford Rare Circuits

Organized by Aerospace Village

After DC32, we had one question for ourselves: How could we possibly build upon the work done with last year’s ADS-B badge? Building upon the work we talked about at 38C3, the badge became a mixture of ideas. We wanted new functions extend the badge, but also be accessible for everyone. That set our direction for this year: a radio SAO that would have multiple levels of connectivity. Join us for a behind-the-scenes look as we walk through how we were able to (ab)use hardware to receive out of band signals, creating a custom signal processing chain, and create an SAO that can be integrated into your own badge. Now that you’ve got your hands on this year’s Aerospace Village badge, join Adam and Robert as they discuss the challenges and successes the team faced while building this year’s village badge.

Adam Batori

Robert Pafford

Intro to Physical Security Bypass

Sunday 10:00 for 60 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Karen Ng Physical Security Village

Matthew Cancilla Physical Security Village

Organized by Physical Security Village

Physical security is an important consideration when designing a comprehensive security solution. There are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn how these attacks work as well as how to defend against these attacks in this talk!

Links:
www.physsec.org

Karen Ng

Karen is a Risk Analyst at GGR Security, and is one of GGR's entry team for physical penetration tests. She has a strong interest in physical security, delivering trainings on physical security vulnerabilities to a wide range of audiences. Karen comes from a background in engineering and has extensive experience in major event logistics. She is one of the Village Leads at the Physical Security Village, and works with the rest of the PSV team to teach how to recognize and fix security exploits to the community. Graphic design is her passion.

Matthew Cancilla

Escaping the Privacy Sandbox with Client-Side Deanonymization Attacks

Sunday 10:00 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Eugene "spaceraccoon" Lim

Organized by Crypto Privacy Village

Google's Privacy Sandbox initiative aims to provide privacy-preserving alternatives to third-party cookies by introducing new web APIs. This talk will examine potential client-side deanonymization attacks that can compromise user privacy by exploiting vulnerabilities and misconfigurations within these APIs.

I will explore the Attribution Reporting API, detailing how debugging reports can bypass privacy mechanisms like Referrer-Policy, potentially exposing sensitive user information. I will also explain how destination hijacking, in conjunction with a side-channel attack using storage limit oracles, can be used to reconstruct browsing history, demonstrating a more complex deanonymization technique.

Additionally, I will cover vulnerabilities in the Shared Storage API, illustrating how insecure cross-site worklet code can leak data stored within Shared Storage, despite the API being deliberately designed to prevent direct data access. Real-world examples and potential attack scenarios will be discussed to highlight the practical implications of these vulnerabilities.

The presentation will conclude by emphasizing the critical need for rigorous security and privacy research to ensure that Privacy Sandbox APIs effectively protect user data and achieve their intended privacy goals, given the complexity and potential for unintended consequences in their design and implementation.

Eugene "spaceraccoon" Lim

Eugene Lim is a security researcher and white hat hacker. From Amazon to Zoom, he has helped secure applications from a range of vulnerabilities. His work has been featured at top conferences such as Black Hat, DEF CON, and industry publications like WIRED and The Register.

Website

Elevators 101

Sunday 10:00 for 60 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Bobby Graydon Physical Security Village

Ege Feyzioglu Physical Security Village

Organized by Physical Security Village

Elevator floor lockouts are often used as an additional, or the only, layer of security. This talk will focus on how to correctly incorporate elevators into your security design, and how badly set up elevators could be used to access restricted areas– including using special operating modes, tricking the controller into taking you there, and hoistway entry.

Links:
www.physsec.org

Bobby Graydon

Bobby is involved in the planning of Physical Security Village. He enjoys anything mechanical and is currently serving as VP R&D at GGR Security Consultants. I like trains and milk.

Ege Feyzioglu

Ege is a security researcher specialising in access control systems and electronics. She is currently pursuing a degree in Electrical Engineering and work part-time for GGR Security as a Security Risk Assessor

Silent Sabotage: How Nation-State Hackers Turn Human Error into Catastrophic Failures

Sunday 10:15 for 45 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Nathan Case CSO at Clarity

Jon McCoy Security Architect at OWASP

Organized by OWASP Community

Nation-state hackers pose a formidable threat to critical infrastructure, compromising national security, intellectual property, and public safety. This presentation will delve into the tactics, techniques, and procedures (TTPs) employed by nation-state actors, providing a core understanding essential for developing effective defense strategies. Through an in-depth analysis of three real-world case studies, we will expose the implications of nation-state attacks on laboratory, critical infrastructure, and industrial systems. We will examine how these attacks exploit human vulnerabilities, such as social engineering and insider threats, as well as system weaknesses, including misconfiguration and software vulnerabilities. Drawing from recent breaches in research laboratories and industrial manufacturing facilities, we will identify the root causes of these incidents, including human error, malicious insider actions, and inadequate security controls. This presentation aims to provide attendees with a comprehensive understanding of nation-state attack patterns, enabling them to strengthen their organization’s defenses against these sophisticated threats.

Nathan Case

Nathan Case is a cybersecurity engineer and strategist with over two decades of experience defending critical infrastructure, building secure cloud systems, and leading incident response at the highest levels. His career spans roles at Amazon Web Services, McKesson, and defense-focused startups, where he has architected platforms for healthcare, government, and national security missions. Known for his ability to bridge technical depth with real-world impact, Nathan has led global security teams, supported cyber operations across multiple countries, and advised both enterprise executives and government leaders on risk, resilience, and transformation.

Jon McCoy

Software security architect, Jon McCoy brings over 20 years of experience in software development and cybersecurity to the forefront. With a strong foundation in .NET development, Jon transitioned into security, driven by a passion for proactive defense strategies and secure coding practices.

A dedicated contributor to the OWASP community, Jon has shared his expertise at numerous industry events, including OWASP Global AppSec. His recent presentation on "Lessons Learned from Past Security Breaches" highlighted critical takeaways for strengthening AppSec efforts before and after incidents.

Don’t Cry Wolf: Evidence-based assessments of ICS Threats

Sunday 10:30 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Jimmy Wylie Dragos

Sam Hanson Dragos

Organized by ICS Village

ICS Malware is rare. Yet, ICS Malware like FrostyGoop and TRISIS, and related discoveries like COSMICENERGY, were all found on VirusTotal, so analysts still hunt for novel ICS Malware in public malware repositories. In the process, they discover all kinds of tools: research, CTFs, obfuscated nonsense code with no effects, and sometimes, malware targeting ICS/OT sites. But how do they find and filter out the benign from malicious? Or the ICS and ICS-related malware from regular IT malware?

In this talk, we will use recently discovered samples to walk through the process of hunting and analyzing potential ICS threats. We’ll show the simple queries we use to cast a net, our typical analysis process, and relevant follow-on actions like victim notification. Lastly, we’ll discuss how we decide whether a sample is ICS malware using Dragos’s ICS malware definition.

Jimmy Wylie

Jimmy Wylie is a malware analyst at Dragos, Inc., who searches for and analyzes threats to critical infrastructure. He was the lead analyst on PIPEDREAM, the first ICS attack ""utility belt"", and TRISIS, the first malware to target a safety instrumented system. Formerly a DoD Contractor and malware analysis instructor, he has over 14 years of experience with reverse engineering and malware analysis. In his off-time, Jimmy enjoys playing board games, solving crossword puzzles, and testing the limits of his library card. He can be found on BlueSky: @mayahustle.bsky.social

Mastodon (@mayahustle@infosec.exchange)

Sam Hanson

Sam is currently an Associate Principal Vulnerability Analyst at Dragos where he researches vulnerabilities and malware impacting OT/ICS systems. Specifically, Sam discovers 0-day vulnerabilities in industrial software and threat hunts for ICS-related malware in public data sources. Sam has analyzed notable ICS-related malware, including components of PIPEDREAM and Fuxnet. Sam has presented at several cybersecurity conferences, including Dragos’ DISC (’22 and ’23), DISC:EU ‘24, and BSides:Zurich.

OSINT Enabled Ghost Mode: Counter-Surveillance for Everyday People Like Us

Sunday 11:00 for 45 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Desiree Wilson

Organized by BBWIC Foundation

Desiree Wilson

With over 15 years of global experience across all domains of information security, she is a trusted leader in cybersecurity architecture, cloud adoption, DFIR, and threat intelligence. Her work emphasizes proactive defense—prioritizing prevention, early detection, and rapid response across hybrid environments. As a Principal Consultant with Quantum Mergers, she has guided highly regulated organizations through cloud deployments, DFIR engagements, and the design of advanced cybersecurity frameworks that integrate offensive and defensive strategies. Her expertise spans securing APIs, blockchain platforms, and AI/ML systems, aligning innovation with risk-based security. A member of the Forbes Business Council, she contributes strategic insights that help global enterprises build trust, scale securely, and outpace threats through intelligence-driven security. She serves as a board advisor to several organizations and is a philanthropic supporter of nonprofit initiatives focused on women’s rights and global education. A passionate advocate for equity and opportunity, she balances her professional pursuits with family time, a love for live music, the arts, her three pets, and a nomadic lifestyle that reflects her identity as a global citizen.

Hacker vs. Triage: Inside the Bug Bounty Battleground

Sunday 11:00 for 60 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Richard "richeeta" Hyunho Im

Denis Smajlović Nova Information Security

Organized by Bug Bounty Village

Bug bounty programs often resemble battlegrounds, where security researchers (""hackers"") and vulnerability triagers collide over validity, severity, and bounty rewards. Although this friction can strain relationships, it also represents a powerful opportunity for collaboration and community-building. In this session, experienced bug bounty hacker Richard Hyunho Im (@richeeta) and seasoned triage expert Denis Smajlović (@deni) team up to dissect these challenging interactions, share real-world stories from high-stakes bounty scenarios, and propose practical solutions for improved hacker-triager relationships.

Drawing directly from their experiences on both the researcher and company sides, Richard and Denis cover common scenarios including severity debates (e.g., Gmail aliasing vulnerabilities), unclear bug submissions, controversial gray-area issues (such as Apple's BAC vulnerability rejection), and respectful escalation of bounty disputes (e.g., CVE-2025-24198). Attendees will gain insights into how effective communication, clear business impact framing, and mutual respect can bridge the divide between researchers and triagers.

Beyond monetary rewards, this presentation emphasizes how researchers can strategically leverage bug bounty work to enhance personal branding, build professional networks, and advance career opportunities. With empathy, humor, and candor, Richard and Denis demonstrate that the ""bounty battleground"" doesn't need to be hostile; it can instead become a place for growth, trust, and professional success.

Key takeaways include actionable strategies for clearer reporting, effectively communicating severity, navigating gray-area cases, and respectfully challenging triage decisions. Ultimately, this talk equips attendees with tools and mindsets to positively shape the bug bounty ecosystem and foster genuine collaboration within the community.

Richard "richeeta" Hyunho Im

Richard Hyunho Im (@richeeta) is a senior security engineer and independent vulnerability researcher at Route Zero Security. Currently ranked among the top 25 researchers in OpenAI's bug bounty program, Richard has also received security acknowledgements from Apple (CVE-2025-24198, CVE-2025-24225, CVE-2025-30468, and CVE-2024-44235), Microsoft, Google, and the BBC. His research highlights overlooked attack surfaces, focusing on practical exploitation that challenges assumptions about everyday software security.

Denis Smajlović

Denis Smajlović (@deni) is an OSCP-certified security engineer and Principal Security Consultant at Nova Information Security. Denis brings extensive experience managing high-profile bug bounty programs and collaborating closely with Fortune 500 companies, global tech firms, and major financial institutions. His specialty lies in bridging gaps between external researchers and internal security teams, clearly translating vulnerabilities into tangible business impacts, and fostering constructive, trust-based relationships between hackers and corporate triagers.

Hacking Space to Defend It: Generating IoBs with SPARTA

Sunday 11:00 for 30 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Brandon Bailey The Aerospace Corporation

Organized by Aerospace Village

As we know, spacecraft will become prime targets in the modern cyber threat landscape, as they perform critical functions like communication, navigation, and Earth observation. While the launch of the SPARTA framework in October 2022 gave the community insight into potential threats, it didn’t address how to detect them in practical scenarios. In 2025, our research took a different approach as we didn’t just theorize about threats, we actively exploited space systems using SPARTA techniques to figure out what Indicators of Behavior (IoBs) would look like in a real-world attack scenario.

By leveraging offensive cyber techniques from SPARTA, we identified the specific patterns and behaviors that adversaries might exhibit when targeting spacecraft. These insights allowed us to systematically develop IoBs tailored to the operational constraints and unique environments of space systems. As a result, we demonstrated how Intrusion Detection Systems (IDS) for spacecraft can be designed with realistic, data-driven threat profiles.

This presentation will walk through our methodology, from exploiting space systems to crafting practical IoBs, and how these insights can directly translate to building robust IDS solutions. We’ll show how a threat-informed, hands-on approach to cybersecurity can transform theoretical knowledge into practical defenses for space infrastructure.

Brandon Bailey

Red Russians: How Russian APT groups closely follow offensive security research

Sunday 11:00 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Will Thomas Senior Threat Intel Advisor at Team Cymru

Organized by Adversary Village

Offensive security is meant to improve defenses, but what happens when hostile nation-states start learning from us too? This talk explores how Russian intelligence services and advanced persistent threat (APT) groups have adopted and adapted techniques developed by Red Teamers, sometimes within weeks of public disclosure. These campaigns involve taking newly disclosed exploits, tools, and tricks to exploit modern enterprise systems, such as Microsoft 365 services, Windows features, software development systems, authentication systems, and cloud infrastructure. Throughout the talk, detection engineering and threat hunting tips shall be provided to offer attendees a technique for detecting and preventing these types of attacks.

For Red Teamers, this talks is a wake-up call: the same tools and tradecraft used to test enterprise security are increasingly turning up in real-world espionage campaigns, sometimes targeting the very governments and public services we rely on. For Blue Teamers, this talk is a reminder to pay close attention to the cutting edge of offensive tooling.

Will Thomas

Currently working as a Senior Threat Intel Advisor at Team Cymru. Previously I was a CTI Researcher and Threat Hunter at the Equinix Threat Analysis Center (ETAC). Prior to this, I worked for Cyjax, a UK-based CTI vendor. My other main commitment is as the co-author of the SANS FOR589: Cybercrime Intelligence course. I have also volunteered my spare time to being the co-founder and main organiser of the Curated Intelligence trust group and Bournemouth 2600.

LinkedIn
Website

There and Back Again: Discovering OT devices across protocol gateways

Sunday 11:00 for 30 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Rob King Runzero

Organized by ICS Village

Operational Technology (OT) describes devices and protocols used to control real-world operations: factories, assembly lines, medical equipment, and so on.

For decades, this technology was isolated (more or less) from the wider world, using custom protocols and communications media. However, over the past 15 - 20 years, these devices have started using commodity protocols and media more and more. This means that these devices are now using the standard TCP/IP protocol suite, a concept referred to as "OT/IT convergence."

This convergence has obvious benefits, making these devices cheaper and more manageable. However, it also makes them more accessible to attackers, and their security posture has often not kept up.

As part of this convergence process, many devices are connected via protocol gateways. These gateways speak TCP/IP, and then translate communications to proprietary OT protocols (or simply provide a NAT-style private network within an OT device rack).

This talk discusses techniques for detecting devices on the "other side" of these gateways. It begins with a brief introduction to the history of OT, moving on to the OT/IT convergence phenomenon. It then discusses the issue of protocol translation and provides two practical examples of discovering assets across gateways: CIP (Common Industrial Protocol) message forwarding and DNP3 (Distributed Network Protocol, version 3) address discovery.

These techniques are provided as examples to illustrate the issue of OT device discovery, and to encourage the audience to perform further research in how these sorts of devices may be discovered on networks and, ultimately, protected.

Rob King

Rob King is the Director of Security Research at runZero. Over his career Rob has served as a senior researcher with KoreLogic, the architect for TippingPoint DVLabs, and helped get several startups off the ground. Rob helped design SC Magazine's Data Leakage Prevention Product of the Year for 2010, and was awarded the 3Com Innovator of the Year Award in 2009. He has been invited to speak at BlackHat, DEF CON, Shmoocon, SANS Network Security, and USENIX.

Unveiling IoT Vulnerabilities: From Backdoors to Bureaucracy

Sunday 11:30 for 30 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Kai-Ching "Keniver" Wang Senior Security Researcher at CHT Security

Chiao-Lin "Steven Meow" Yu Senior Red Team Cyber Threat Researcher at Trend Micro Taiwan

Organized by IOT Village

IoT devices are ubiquitous, yet their security remains a critical concern. This talk explores over 50 real-world vulnerability cases in the IoT ecosystem, exposing systemic issues such as vendor-embedded backdoors, predictable credentials, and exploitable configuration consoles. We’ll dissect vulnerabilities like CVE-2024-48271 (CVSS 9.8) and CVE-2025-1143, favored by APT groups and scammers, that enable remote code execution and global device control. Drawing from our extensive research, we’ll reveal how even beginners can compromise critical infrastructure like ATMs and water treatment facilities by targeting poorly secured devices. Additionally, we’ll share the frustrating reality of reporting vulnerabilities to manufacturers, CNAs, and CERTs—stories of ignored reports, year-long delays, and denials despite severe risks. Attendees will gain actionable insights into vulnerability discovery, secure development practices, and responsible disclosure, empowering hackers, developers, and manufacturers to strengthen IoT security.

Kai-Ching "Keniver" Wang

Chiao-Lin "Steven Meow" Yu

Bare Metal Reverse Engineering

Sunday 11:30 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

SolaSec

Organized by Biohacking Village

This talk presents a practical methodology for reverse engineering real-time embedded firmware built on ARM Cortex platforms. Using Ghidra as the primary analysis environment to facilitate collaboration. We will demonstrate how to reconstruct the core layers of an embedded system to gain deep insight into its operation. The Board Support Package (BSP) is mapped using the SVD loader plugin to associate memory-mapped registers with hardware peripherals. The Hardware Abstraction Layer (HAL) is analyzed through custom type recovery and function pattern matching to identify initialization routines and peripheral control logic. At the RTOS level, we apply Ghidra’s BSim plugin to detect task creation, scheduler logic, and inter-process communication constructs used in FreeRTOS and similar kernels. The session equips attendees with a structured approach to reversing embedded C/C++ applications, even when symbols are stripped and source code is unavailable. The goal is to enable firmware analysts, security researchers, and engineers to confidently dissect the layered architecture of constrained, real-time embedded systems.

SolaSec

Caleb Davis is a founding member of SolaSec, a cybersecurity consulting firm specializing in advanced penetration testing for embedded and connected systems. Based in Dallas/Fort Worth, he holds a degree in Electrical Engineering from the University of Texas at Tyler and is a patent-holding expert with vast experience in hardware and firmware security. Caleb leads deep technical assessments across a range of high-impact industries, including medical devices, automotive, industrial control systems, ATMs and financial terminals, aerospace components, and consumer electronics. His work focuses on secure design, trusted boot processes, cryptographic implementations, and threat modeling, helping organizations integrate security throughout the development lifecycle and align with industry and regulatory standards.

Intro to Common Industrial Protocol Exploitation

Sunday 11:30 for 30 minutes, at LVCC - L2 - W232 (Creator Stage 2)

Trevor Flynn

Organized by ICS Village

Explore the basics of what CIP is, how it is used in industry, and how to get started hacking it.

Trevor Flynn

Industrial Controls Engineer and ICS security specialist

Hacking Reality: HoloConnect AI and the Rise of Offline Holograms in Medical Devices

Sunday 11:30 for 30 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Fernando De La Peña Llaca, Dr

Organized by Biohacking Village

Imagine a hologram that talks, thinks, and operates offline—no cloud, no internet, no mercy. Born on the ISS and battle-tested in zero-gravity, HoloConnect AI is now aiming at Earth’s most vulnerable systems: medical devices.

This talk reveals how we’re embedding vision- and voice-aware AI inside air-gapped holographic agents that run locally, assist in surgery, and diagnose without ever phoning home. We'll unpack how we cracked the interface between hardware, holography, and healthcare, and why offline is the new secure. Expect deep insights on sandboxed AI logic, secure embedded stacks, voice spoofing defense, and real-world risks when you give a glowing face to machine intelligence. Bonus: live demo of a medical-grade hologram running without Wi-Fi—because in space and in surgery, there is no Ctrl+Z.

Fernando De La Peña Llaca, Dr

Dr. Fernando De La Peña Llaca reverse-engineered the impossible: beaming a real-time hologram into orbit using consumer devices and custom AI. As CEO of Aexa Aerospace, he led the first off-planet holoportation and is now bringing that tech back to Earth to disrupt how we interact with machines. NASA award-winner, space technologist, and long-time builder, Dr. De La Peña fuses aerospace-grade security with street-smart AI. His current mission? Build a hologram smart enough to help—and locked down enough not to kill. DEF CON is the perfect place to stress-test that logic.

Passing the Torch: Mentoring and Protecting Our Students in Education Spaces

Sunday 12:00 for 60 minutes, at LVCC - L1 - Exhibit Hall West 4 - C105 (Community Stage)

Sam Comini

Navaar Johnson Senior Network Systems Technician at Bethlehem Central School District

Organized by .edu Community

Lots of us can look back on a time in our IT or cybersecurity careers and think about a select person or group of people that helped us immensely when we were younger to get on the right track. However, there are others that may not have had that opportunity to have a mentor or community instill a purpose in the world of tech. Making these communities or finding a good mentor can be a difficult task for many of us, so we wanted to host a discussion panel to discuss the various methods that we have been able to utilize.

Our major goal is to give back to the communities that helped us grow in our careers and personal lives. At our school district we’ve been very fortunate to build a culture of learning, security, and community. We’ve been able to successfully start and grow various clubs and opportunities for students to learn cool things with like minded people. In the panel we will talk about growing student helpdesk programs, eSports clubs, creating a tech savvy culture, and much more. Please come join us, bring questions, bring your experiences, and let’s help each other build up the next generation of hackers!

Sam Comini

Navaar Johnson

Airport Security! - S01 E008 - Breaking into your baggage

Sunday 12:00 for 60 minutes, at LVCC - L2 - W228 (Creator Stage 4)

Hector Cuevas Cruz Bishop Fox

Organized by Physical Security Village

When we travel with valuable baggage, we rely on the security of locks, especially those that are TSA-approved. But how secure are they really? In this talk, we’ll present our research on the vulnerabilities and bypasses of these locks and their embedding into the baggage, covering the most common models as well as the newer TSA008. We’ll discuss how lock picking techniques, master keys, and bypass methods can compromise the security of all TSA-approved models, potentially putting our belongings at risk.

Hector Cuevas Cruz

Héctor is a Senior Managing Security Consultant at Bishop Fox with over 13 years of experience in offensive security, digital forensics, threat hunting, and incident response. Hector has presented at international conferenses such as DEFCON, SummerCon, WWHF & Ekoparty. He also leads Pwntacles, a student-driven hackerspace focused on cybersecurity research and development.

LinkedIn
Website

TotalTest 2.Oh!: Unleashing a Testing Program to Break Smarter, Measure Better, and Fund Your Fixes

Sunday 12:00 for 30 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Nebu Varghese FTI Consulting LLP - Senior Director, EMEA Offensive Security Leader

Organized by Adversary Village

Production halted. SCADA alarms blaring. The CEO demands answers. Your theoretical cyberattack? It just became reality. Point-in-time penetration tests are fundamentally inadequate against today's advanced persistent threats. This talk outlines a framework to build an intelligence-led, integrated attack and crisis simulation program, not just a reactive security strategy.

Drawing from our extensive experience (including hundreds of red team engagements for some of the world's largest organizations, with anonymized real-world case studies), we will unveil TotalTest – a revolutionary, metrics-driven framework that transforms breach simulations from isolated exercises into a continuous, strategic program for unparalleled organizational resilience.

Nebu Varghese

Nebu Varghese is a Senior Director in FTI Consulting’s Cybersecurity practice and is based in London. Mr. Varghese has more than 13 years of multi-functional cybersecurity experience, blending deep technical expertise with strong academic credentials. He has led global teams and complex matters across 28 countries, in sectors including Financial Services, Private Equity, TMT, Manufacturing, and Critical National Infrastructure. Mr. Varghese specialises in executing and managing the delivery of offensive security testing (ethical hacking or penetration testing) engagements for organisations across the globe. He serves on the UK National Cyber Security Centre (NCSC) Security Testing Expert Group, collaborating with industry experts to draft practical and valuable best practice guidance that informs and guides both the NCSC and the wider ICS industry.

Smart Devices, Dumb Resets? Testing Firmware Persistence in Commercial IoT

Sunday 12:00 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Matei Josephs Senior Penetration Tester at Happening

Organized by IOT Village

The rapid proliferation of consumer IoT devices has introduced new attack vectors beyond traditional exploitation. One overlooked risk lies in firmware persistence in returned devices—an issue that could enable mass surveillance, botnet propagation, or backdoor persistence at scale. This research investigates whether major retailers properly reset IoT firmware before reselling returned products, exposing critical gaps in supply chain security.

In this experiment, commercial IoT devices are purchased, modified with custom firmware embedding a simple callback, and then returned to the store. The devices are later repurchased and analyzed to determine if retailers performed proper firmware resets or if malicious code remained intact. Findings from this research reveal inconsistencies in retailer sanitization policies, with some major retailers failing to properly wipe and reflash firmware before resale. This talk will demonstrate examples of persistent firmware modifications, discuss the potential for IoT-based supply chain attacks, and propose real-world mitigation strategies for manufacturers, retailers, and consumers.

Attendees will leave with a deeper understanding of how IoT firmware sanitization failures create a new class of attack vectors—and how threat actors could exploit this to build persistent IoT botnets, data-exfiltration implants, or unauthorized surveillance tools.

Matei Josephs

Matei Josephs breaks things for a living - especially if they beep, blink, or pretend to be "smart". Printers, kiosks, routers, and random IoT junk live in fear when he's nearby. He's a Senior Penetration Tester at Happening, he discovered 9 CVEs and loves hacking at scale. In this talk, "Smart Devices, Dumb Resets? Testing Firmware Persistence in Commercial IoT", Matei reveals how threat actors can implant persistent backdoors in smart devices, then return them for resale through legitimate retailers. Because factory reset processes often fail to wipe firmware-level compromises, attackers can exploit the trust users place in brand-name resellers—turning returned devices into credible, persistent attack vectors.

Letthemin: Facilitating High-Value Purple Teams Using an Assumed Compromise Approach

Sunday 12:00 for 30 minutes, at LVCC - L2 - W233 (Creator Stage 1)

Sarah Hume Purple Team Service Lead at Security Risk Advisors

Organized by Adversary Village

Purple Teaming has become a critical component of modern cybersecurity programs, but its definition and application vary widely across organizations. This presentation introduces a refined, regimented, and repeatable methodology for running Purple Team engagements, developed and battle-tested for over a decade. As the term 'Purple Team' means different things to different people— a methodology, a team of people, a program, an assessment, or even a state of mind—and as Purple Team engagements themselves come in all shapes and sizes, the speaker will begin by aligning recommended definitions and applications of common Purple Team terminology. The presentation will explain how to apply an Assumed Compromise approach to Purple Teams. Any organization can be vulnerable at any point in time. This style of Purple Team testing follows the adversary through the entire life cycle of an attack, from Initial Access to Impact, assuming vulnerabilities exist to instead focus on the visibility of security tools. This is a powerful method of identifying ways to improve detection and prevention capabilities at each layer of an organization’s defense in depth. The speaker will include real world examples and specific instructions. The presentation will conclude with broader applications of this style of Purple Team. This will include how to collect and analyze the engagement results and apply these results to drive improvement to an organization’s resilience to common threats. This talk is ideal for security professionals, both Red and Blue Team, who are looking to elevate the way they perform Purple Team engagements.

Sarah Hume

Sarah leads the Purple Team service at Security Risk Advisors (SRA). She has led hundreds of Threat Intelligence-based Purple Team exercises for organizations in the Fortune 500 and Global 1000 over the past 7 years. Her background is in offensive security, primarily internal network, OT/ICS, and physical security penetration testing. Sarah also has experience in external network penetration testing, web application assessments, OSINT, phishing/vishing campaigns, vulnerability management, and cloud assessments. Sarah graduated Summa Cum Laude from Penn State with a B.S. in Cybersecurity. She is a Certified Red Team Operator (CRTO), Certified Information Systems Security Professional (CISSP), Google Digital Cloud Leader, AWS Certified Cloud Practitioner, and Advanced Infrastructure Hacking Certified. She lives in Philadelphia with her dog, Paxton.

Dead Reckoning: Hijacking Marine Autopilots

Sunday 12:30 for 30 minutes, at LVCC - L2 - W229 (Creator Stage 5)

Carson Green Colorado State University

Rik Chatterjee Colorado State University

Organized by Maritime Hacking Village

We demonstrate a vulnerability in a commonly-used autopilot computer that allows unsigned firmware to be pushed through trusted update channels such as SD cards and NMEA 2000 networked chart plotters without authentication or cryptographic validation. We show how a malicious ‘.swup’ file can be crafted and accepted by the system to gain persistent code execution, enabling arbitrary CAN bus injection on marine control networks. The attack chain, reminiscent of removable media-style delivery in air-gapped systems, demonstrates how firmware-level control in marine environments can be leveraged to disrupt navigation subsystems. We will walk through firmware extraction, reverse engineering of firmware and CAN subroutines, firmware repackaging, and live effects on NMEA 2000 networks. No physical access to the autopilot is needed, the attack leverages trusted firmware delivery via the chart plotter over NMEA 2000.

Links:
maritimehackingvillage.com/dc33/talks

Carson Green

Carson Green is a graduate research assistant in systems engineering from Colorado State University, with a bachelor’s degree in electrical engineering. He enjoys designing and debugging PCB’s, researching vulnerabilities in cyber-physical systems, and can often be found playing the banjo.

LinkedIn
Website

Rik Chatterjee

Rik is a PhD student at Colorado State University exploring the tangled edge of embedded systems and cybersecurity. His research focuses into real-world vulnerabilities in automotive and industrial controllers, from reverse-engineering to network protocol level vulnerabilities. He’s previously shared his work at DEF CON and NDSS. When he’s not pulling apart PCBs, you’ll find him elbow-deep in his vegetable garden, proving that both firmware and tomatoes need rooting.

LinkedIn
Website

The Worst ICS/OT Love Story Ever Told

Sunday 12:30 for 30 minutes, at LVCC - L2 - W231 (Creator Stage 3)

Mike Holcomb Flour

Organized by ICS Village

The world of securing OT/ICS is changing FAST!

And we are not prepared.

Prior to the Colonial Pipeline incident in 2021, we focused on protecting against state adversaries.

Afterwards, we shifted to focusing on protecting against ransomware operators and hacktivists.

Now in 2025, we see more alignment between state adversaries, ransomware operators and hacktivists.

A significant shift in the landscape we are not ready for.

Advanced capabilities and tools in the hands of every day attackers with intermediate to no skill?

Are we prepared today for what's coming?

No.

But we can be.

And we'll talk about how.

Mike Holcomb

Mike Holcomb is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, one of the world’s largest engineering, procurement, and construction companies. His current role provides him with the opportunity to work in securing some of the world’s largest ICS/OT environments, from power plants and commuter rail to manufacturing facilities and refineries. As part of his community efforts, Michael founded the BSidesICS/OT and BSides Greenville conferences along with the UpstateSC ISSA Chapter. He has his Masters degree in ICS/OT cybersecurity from the SANS Technology Institute. Additionally, he maintains cyber security and ICS/OT certifications such as the GRID, CISSP, GICSP, ISA 62443, and more.

He posts regularly on LinkedIn and YouTube to help others learn more about securing ICS/OT and critical infrastructure.

Aug. 7-10, 2025

Las Vegas Convention Center
in Las Vegas, NV

Early Online Pre-Reg: $540 USD
by May 23

Regular Online Pre-Reg: $560 USD
May 24 - July 18

Late Online Pre-Reg: $580 USD
July 18 - Aug 1

Cash On-site: $500 USD

Book a Room!

Open Calls!

DC Universe

RSS feed

Forums

Discord

DC Social
(Mastodon)

DC Training

Official Merch

DC Groups

DC Music

DC NOC

DC NFO

Media Server

Infocon