Main Speaking Tracks | Creator Stage Talks
Main Speaking Tracks
Friday
Friday 10:00
-
Track 1
Welcome to DEF CON 33!
Jeff "The Dark Tangent" Moss
20 minutes
-
Track 2
Remote code execution via MIDI messages
Anna portasynthinca3 Antonenko
45 minutes
-
Track 3
BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets
Netanel Ben Simon, Alon "alon_leviev" Leviev
45 minutes
-
Track 4
Paywall Optional: Stream for Free with a New Technique, Recursive Request Exploits (RRE)
Farzan Karimi
20 minutes
-
Track 5
The One Bitcoin Heist: Making a custom Hashcat module to solve a decade-old puzzle challenge
Joseph "stoppingcart" Gabay
45 minutes
Friday 10:30
-
Track 1
Continued
-
Track 2
Continued
-
Track 3
Continued
-
Track 4
No VPN Needed? Cryptographic Attacks Against the OPC UA Protocol
Tom Tervoort
45 minutes
-
Track 5
Continued
Friday 11:00
-
Track 1
Continued
-
Track 2
Patching Critical Infrastructure: Announcing the Winners of DARPA's AI Cyber Challenge
Stephen Winchell, Andrew Carney, Jason Roos
45 minutes
-
Track 3
Virtualization-Based (In)security - Weaponizing VBS Enclaves
Ori David
45 minutes
-
Track 4
Continued
-
Track 5
Inside Look at a Chinese Operational Relay Network
Zane "earl" Hoffman, Michael "mtu" Torres
45 minutes
Friday 11:30
-
Track 1
Continued
-
Track 2
Continued
-
Track 3
Continued
-
Track 4
ChromeAlone: Transforming a Browser into a C2 Platform
Michael "bouncyhat" Weber
45 minutes
-
Track 5
Continued
Friday 12:00
-
Track 1
Continued
-
Track 2
Ghost Calls: Abusing Web Conferencing for Covert Command & Control
Adam "UNC1739" Crosser
45 minutes
-
Track 3
Safe Harbor or Hostile Waters: Unveiling the Hidden Perils of the TorchScript Engine in PyTorch
Lishuo "ret2ddme" Song, Ji'an "azraelxuemo" Zhou
45 minutes
-
Track 4
Continued
-
Track 5
The Ultimate Hack: Applying Lessons Learned from the loss of TITAN to Maritime Cybersecurity
Rear Admiral John Mauger, USCG (Ret.)
20 minutes
Friday 12:30
-
Track 1
Ghosts in the Machine Check - Conjuring Hardware Failures for Cross-ring Privilege Escalation
Christopher "xoreaxeaxeax" Domas
45 minutes
-
Track 2
Continued
-
Track 3
Continued
-
Track 4
Cash, Drugs, and Guns: Why Your Safes Aren't Safe
James Rowley, Mark Omo
45 minutes
-
Track 5
Edge of Tomorrow: Foiling Large Supply Chain Attacks By Taking 5k Abandoned S3 Buckets from Malware and Benign Software
Maksim Shudrak
45 minutes
Friday 13:00
-
Track 1
Continued
-
Track 2
What is Dead May Never Die: The Ghost of Internet Explorer in Windows: MapUrlToZone
George Hughey, Rohit Mothe
45 minutes
-
Track 3
Advanced Active Directory to Entra ID lateral movement techniques
Dirk-jan Mollema
45 minutes
-
Track 4
Continued
-
Track 5
Continued
Friday 13:30
-
Track 1
Recording PCAPs from Stingrays With a $20 Hotspot
Cooper "CyberTiger" Quintin, oopsbagel
45 minutes
-
Track 2
Continued
-
Track 3
Continued
-
Track 4
Dead Made Alive Again: Bypassing Intent Destination Checks and Reintroducing LaunchAnyWhere Privilege Escalation
Qidan "flanker_hqd" He
45 minutes
-
Track 5
Weaponizing Trust: Investigating a Threat Actor Targeting Security Researchers and Academics
Matt Muir, Christophe Tafani-Dereeper
45 minutes
Friday 14:00
-
Track 1
Continued
-
Track 2
DisguiseDelimit: Exploiting Synology NAS with Delimiters and Novel Tricks
Ryan Emmons
45 minutes
-
Track 3
You snooze you lose: RPC-Racer winning RPC endpoints against services
Ron Ben Yizhak
45 minutes
-
Track 4
Continued
-
Track 5
Continued
Friday 14:30
-
Track 1
Fireside Chat with DT and General Paul M. Nakasone
Jeff "The Dark Tangent" Moss, Paul M. Nakasone
45 minutes
-
Track 2
Continued
-
Track 3
Continued
-
Track 4
Siri-ously Leaky: Exploring Overlooked Attack Surfaces Across Apple's Ecosystem
Richard "richeeta" Hyunho Im
45 minutes
-
Track 5
Firewalls Under Fire: China's 5+ year campaign to penetrate perimeter network defenses
Andrew "Spike" Brandt
45 minutes
Friday 15:00
-
Track 1
Continued
-
Track 2
Gateways to Chaos - How We Proved Modems Are a Ticking Time Bomb That Hackers Can Access Everywhere
Chiao-Lin "Steven Meow" Yu
45 minutes
-
Track 3
From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion
Shu-Hao, Tung 123ojp
45 minutes
-
Track 4
Continued
-
Track 5
Continued
Friday 15:30
-
Track 1
Mastering Apple's Endpoint Security for Advanced macOS Malware Detection
Patrick Wardle
45 minutes
-
Track 2
Continued
-
Track 3
Continued
-
Track 4
Unmasking the Snitch Puck: the creepy IoT surveillance tech in the school bathroom
nyx, Reynaldo "buh0"
45 minutes
-
Track 5
So Long, and Thanks for All the Phish
Erlend Leiknes, Harrison Sand
45 minutes
Friday 16:00
-
Track 1
Continued
-
Track 2
The (Un)Rightful Heir: My dMSA Is Your New Domain Admin
Yuval Gordon
45 minutes
-
Track 3
Infecting the Boot to Own the Kernel: Bootkits and Rootkits Development
Maria "drkrysSrng" San Jose, Alejandro "TheMalwareGuardian" Vazquez
45 minutes
-
Track 4
Continued
-
Track 5
Continued
Friday 16:30
-
Track 1
HTTP/1.1 Must Die! The Desync Endgame
James "albinowax" Kettle
45 minutes
-
Track 2
Continued
-
Track 3
Continued
-
Track 4
Escaping the Privacy Sandbox with Client-Side Deanonymization Attacks
Eugene "spaceraccoon" Lim
45 minutes
-
Track 5
Killing Killnet
Alex Holden
20 minutes
Friday 17:00
-
Track 1
Continued
-
Track 2
Orion - fuzzing workflow automation
Marius Fleischer, Max Bazalii
45 minutes
-
Track 3
Emulating Embedded Linux Devices at Scale with Light-Touch Firmware Rehosting
Sigusr Polke
45 minutes
-
Track 4
Continued
-
Track 5
Building a Malware Museum
Mikko Hypponen
45 minutes
Friday 17:30
-
Track 1
Rusty pearls: Postgres RCE on cloud databases
Tal "TLP" Peleg, Coby Abrams
20 minutes
-
Track 2
Continued
-
Track 3
Continued
-
Track 4
Silent Leaks: Harvesting Secrets from Shared Linux Environments
Cernica Ionut Cosmin
20 minutes
-
Track 5
Continued
Saturday
Saturday 10:00
-
Track 1
Continued
-
Track 2
AppleStorm - Unmasking the Privacy Risks of Apple Intelligence
Yoav Magid
45 minutes
-
Track 3
Turning Camera Surveillance on its Axis
Noam Moshe
20 minutes
-
Track 4
Binary Facades: Reversing approaches to extract embedded scripts in compiled macOS malware
Patrick Wardle
20 minutes
-
Track 5
Where's My Crypto, Dude? The Ultimate Guide to Crypto Money Laundering (and How to Track It)
Thomas "fr0gger_" Roccia
45 minutes
Saturday 10:30
-
Track 1
Continued
-
Track 2
Continued
-
Track 3
One Modem to Brick Them All: Exploiting Vulnerabilities in the EV Charging Communication
Sebastian Köhler, Marcell Szakály, Jan "SP3ZN45" Berens
45 minutes
-
Track 4
Kill Chain Reloaded: Abusing legacy paths for stealth persistence
Alejandro "0xedh" Hernando, Borja "borjmz" Martinez
45 minutes
-
Track 5
Continued
Saturday 11:00
-
Track 1
How to secure unique ecosystem shipping 1 billion+ cores?
Adam "pi3" Zabrocki, Marko Mitic
45 minutes
-
Track 2
The DOMino Effect: Automated Detection and Exploitation of DOM Clobbering Vulnerability at Scale
Jianjia Yu, Zhengyu Liu
45 minutes
-
Track 3
Continued
-
Track 4
Continued
-
Track 5
Man-in-the-Malware: Intercepting Adversarial Communications
Ben "polygonben" Folland
45 minutes
Saturday 11:30
-
Track 1
Continued
-
Track 2
Continued
-
Track 3
Breakin 'Em All – Overcoming Pokemon Go's Anti-Cheat Mechanism
Tal Skverer
45 minutes
-
Track 4
Original Sin of SSO: macOS PRT Cookie Theft & Entra ID Persistence via Device Forgery
Tung-Lin "Echo Lee" Lee, Shang-De "HackerPeanutJohn" Jiang, Dong-Yi "Kazma Ye" Ye
45 minutes
-
Track 5
Continued
Saturday 12:00
-
Track 1
Client or Server? The Hidden Sword of Damocles in Kafka
Ying Zhu, Ji'an "azraelxuemo" Zhou, ZiYang "lz2y" Li
45 minutes
-
Track 2
Help! Linux in my Webcam! (•_•)
Jesse Michael, Mickey Shkatov
45 minutes
-
Track 3
Continued
-
Track 4
Continued
-
Track 5
Not Just a Pipeline Leak: Reconstructing the Real Attack Behind tj-actions
Aviad Hahami
45 minutes
Saturday 12:30
-
Track 1
Continued
-
Track 2
Continued
-
Track 3
Claude--Climbing a CTF Scoreboard Near You
Keane Lucas
45 minutes
-
Track 4
Diamonds Are For Hackers - Building the first fully open source and hackable Quantum Sensor
Victoria "V__Wave" Kumaran, Mark "LargeCardinal" Carney
45 minutes
-
Track 5
Continued
Saturday 13:00
-
Track 1
Hackers Dropping Mid-Heist Selfies: LLM Identifies Information Stealer Infection Vector and Extracts IoCs
Olivier Bilodeau, Estelle Ruellan
45 minutes
-
Track 2
Thinking Like a Hacker in the Age of AI
Richard "neuralcowboy" Thieme
45 minutes
-
Track 3
Continued
-
Track 4
Continued
-
Track 5
Stories from a Tor dev
Roger "arma" Dingledine
45 minutes
Saturday 13:30
-
Track 1
Continued
-
Track 2
Continued
-
Track 3
One Key, Two Key, I Just Stole Your goTenna Key
Woody, Erwin "Dollarhyde" Karincic
45 minutes
-
Track 4
CTRAPS: CTAP Impersonation and API Confusion Attacks on FIDO2
Marco Casagrande, Daniele Antonioli
45 minutes
-
Track 5
Continued
Saturday 14:00
-
Track 1
RATs & Socks abusing Google Services
Valerio "MrSaighnal" Alessandroni
20 minutes
-
Track 2
Rebadged, Relabeled, and Rooted: Pwnage via the Solar Supply Chain
Anthony "Coin" Rose, Jake "Hubble" Krasnov
45 minutes
-
Track 3
Continued
-
Track 4
Continued
-
Track 5
TSPU: Russia's Firewall and Defending Against the Future of Digital Repression
Benjamin "bmixonbaca" Mixon-Baca
45 minutes
Saturday 14:30
-
Track 1
HaKCing OBD-II Emissions Testing
Archwisp
20 minutes
-
Track 2
Continued
-
Track 3
ReVault! Compromised by your Secure SoC
Philippe "phLaul" Laulheret
45 minutes
-
Track 4
Ask EFF
Cooper "CyberTiger" Quintin, Lisa Femia, Thorin Klosowski, Alexis Hancock, Hannah Zhao
105 minutes
-
Track 5
Continued
Saturday 15:00
-
Track 1
Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen
Marek Tóth
45 minutes
-
Track 2
Shaking Out Shells with SSHamble
HD Moore
20 minutes
-
Track 3
Continued
-
Track 4
Continued
-
Track 5
Ghosts of REvil: An Inside Look with the Hacker Behind the Kaseya Ransomware Attack
John Fokker, Jon DiMaggio
45 minutes
Saturday 15:30
-
Track 1
Continued
-
Track 2
Metal-as-a-Disservice: Exploiting Legacy Flaws in Cutting-Edge Clouds
Bill Demirkapi
45 minutes
-
Track 3
Zero Trust, Total Bust - Breaking into thousands of cloud-based VPNs with one bug
Rich "Buffaloverflow" Warren, David "johnnyspandex" Cash
45 minutes
-
Track 4
Continued
-
Track 5
Continued
Saturday 16:00
-
Track 1
Turning Microsoft's Login Page into our Phishing Infrastructure
Keanu "RedByte" Nys
45 minutes
-
Track 2
Continued
-
Track 3
Continued
-
Track 4
Continued
-
Track 5
"We are currently clean on OPSEC": The Signalgate Saga
Micah "micahflee" Lee
45 minutes
Saturday 16:30
-
Track 1
Continued
-
Track 2
Direct Memory, Access Everywhere
Grace "Baelfire" Parrish, Joe "securelyfitz" FitzPatrick
45 minutes
-
Track 3
De-Virtualizing the Dragon: Automated Unpacking and Deobfuscation of Nested VM-Based Protectors using Symbolic Execution and Taint Tracking
Agostino "Van1sh" Panico
45 minutes
-
Track 4
7 Vulns in 7 Days: Breaking Bloatware Faster Than It's Built
Leon "leonjza" Jacobs
45 minutes
-
Track 5
Continued
Saturday 17:00
-
Track 1
Blind Trailer Shouting
Ben Gardiner
45 minutes
-
Track 2
Continued
-
Track 3
Continued
-
Track 4
Continued
-
Track 5
Amber64: Mining Hacker History from Over Half a Million Commodore 64 Disks
Wesley McGrew
45 minutes
Saturday 17:30
-
Track 1
Continued
-
Track 2
Hacking Hotspots: Pre-Auth Remote Code Execution, Arbitrary SMS & Adjacent Attacks on 5G and 4G/LTE Routers
Edward "Actuator" Warren
20 minutes
-
Track 3
Voice Cloning Air Traffic Control: Vulnerabilities at Runway Crossings
Andrew "Helicopters of DC" Logan
20 minutes
-
Track 4
OverLAPS: Overriding LAPS Logic
Antoine Goichot
20 minutes
-
Track 5
Continued
Sunday
Sunday 10:00
-
Track 1
Invitation Is All You Need! Invoking Gemini for Workspace Agents with a Simple Google Calendar Invite
Ben Nassi, Or "oryair1999" Yair, Stav Cohen
45 minutes
-
Track 2
SSH-nanigans: Busting Open the Mainframes Iron Fortress through Unix
Philip "Soldier of FORTRAN" Young
45 minutes
-
Track 3
From Shanghai to the Shore: The Silent Threat in Global Shipping
Kenneth Miltenberger, Nicholas Fredericksen
20 minutes
-
Track 4
Mind the Data Voids: Hijacking Copilot Trust to Deliver C2 Instructions with Microsoft Authority
Tobias "ItsSixtyNein" Diehl
20 minutes
-
Track 5
Cyber Volunteering and Community Defense - DEF CON Franklin and the Cyber Resilience Corps 1 Year In
Adrien Ogee, Jake Braun, Sarah Powazek
45 minutes
Sunday 10:30
-
Track 1
Continued
-
Track 2
Continued
-
Track 3
Can't Stop the ROP: Automating Universal ASLR Bypasses for Windows
Bramwell Brizendine
45 minutes
-
Track 4
Jailbreaking the Hivemind: Finding and Exploiting Kernel Vulnerabilities in the eBPF Subsystem
Agostino "Van1sh" Panico
45 minutes
-
Track 5
Continued
Sunday 11:00
-
Track 1
Playing Dirty Without Cheating - Getting Banned for Fun and No Profit
Tom Chothia, Marius Muench, Sam Collins
45 minutes
-
Track 2
Journey to the center of the PSTN: How I became a phone company, and why you should too.
Enzo Damato
45 minutes
-
Track 3
Continued
-
Track 4
Continued
-
Track 5
Kill List: Hacking an Assassination Site on the Dark Web
Carl Miller, Chris Monteiro
45 minutes
Sunday 11:30
-
Track 1
Continued
-
Track 2
Continued
-
Track 3
Passkeys Pwned: Turning WebAuthn Against Itself
Jonny Lin, Daniel Seetoh, Shourya Pratap Singh
45 minutes
-
Track 4
Breaking Wi-Fi Easy Connect: A Security Analysis of DPP
George "sophron" Chatzisofroniou
45 minutes
-
Track 5
Continued
Sunday 12:00
-
Track 1
40 Years Of Phrack: Hacking, Zines & Digital Dissent
Netspooky, richinseattle, Chompie
45 minutes
-
Track 2
Turning your Active Directory into the attacker's C2: modern Group Policy Objects enumeration and exploitation
Wilfried "tiyeuse" Bécard, Quentin "croco_byte" Roland
45 minutes
-
Track 3
Continued
-
Track 4
Continued
-
Track 5
Carding, Sabotage & Survival: A Darknet Market Veteran's Story
Godman666
45 minutes
Sunday 12:30
-
Track 1
Continued
-
Track 2
Continued
-
Track 3
Win-DoS Epidemic: A crash course in abusing RPC for Win-DoS & Win-DDoS
Or "oryair1999" Yair, Shahak Morag
45 minutes
-
Track 4
Silent Signals: Exploiting Security and Privacy Side-Channels in End-to-End Encrypted Messengers
Maximilian Günther, Gabriel Gegenhuber
45 minutes
-
Track 4
Continued
Sunday 13:00
-
Track 1
Continued
-
Track 2
Continued
-
Track 3
Continued
-
Track 4
Continued
-
Track 5
Unexpected Connections: How a vulnerability in obscure dealer software could have unlocked your car from anywhere
Roshan Piyush, Eaton Zveare
45 minutes
Sunday 13:30
-
Track 1
Continued
-
Track 3
Continued
-
Track 3
Planting C4: Cross-Compatible External C2 for All Your Implants
Scott "ScottCTaylor12" Taylor
20 minutes
-
Track 4
SCCM: The tree that always bears bad fruits
Mehdi "kalimer0x00" Elyassa
45 minutes
-
Track 5
Continued
Sunday 14:00
-
Track 1
Continued
-
Track 2
Continued
-
Track 3
Loading Models, Launching Shells: Abusing AI File Formats for Code Execution
Cyrus Parzian
20 minutes
-
Track 4
Continued
-
Track 5
How to Fake a Badge like a Pro: 11 Tips to Counterfeiting Event Credentials
Russell Phillips
20 minutes
Creator Stage Talks
Friday
Friday 10:00
-
W229 (Creator Stage 5)
Secret Life of an Automationist: Engineering the Hunt
Gunnar "g0lden" Andrews
30 minutes
-
W231 (Creator Stage 3)
Prompt. Scan. Exploit: AI's Journey Through Zero-Days and a Thousand Bugs
Joel "niemand_sec" Noguera, Diego "djurado" Jurado
60 minutes
-
W232 (Creator Stage 2)
Safeguarding the Industrial Frontier: OT SOC & Incident Response
Adam Robbie
30 minutes
-
W233 (Creator Stage 1)
Fear vs. Physics: Diagnosing Grid Chaos
Emma Stewart
30 minutes
Friday 10:15
-
EHW4 - C105 (Community Stage)
Silent Sabotage: How Nation-State Hackers Turn Human Error into Catastrophic Failures
Nathan Case, Jon McCoy
45 minutes
Friday 10:30
-
W229 (Creator Stage 5)
Hull Integrity: Applying MOSAICS to Naval Mission Systems
Michael Frank
30 minutes
-
W232 (Creator Stage 2)
How AI + Hardware can Transforming Point-of-Care Workflows
PamirAI
30 minutes
-
W233 (Creator Stage 1)
10 Years of IoT Village: Insights in the World of IoT
Stephen Bono, Rachael Tubbs
30 minutes
Friday 11:00
-
EHW4 - C105 (Community Stage)
Cryptocurrency Opening Keynote
Param D Pithadia, Michael "MSvB" Schloh von Bennewitz, Chad Calease
60 minutes
-
W228 (Creator Stage 4)
Carding is Dead, Long Live Carding: How MaaS is fueling NFC relay attacks
Federico Valentini, Alessandro Strino
60 minutes
-
W231 (Creator Stage 3)
State of Open Source in the Federal Government
Jordan Kasper
45 minutes
-
W232 (Creator Stage 2)
From adversarial to aligned, redefining purple teaming for maximum impact
Nikhil, Sydney Marrone, Adam Pennington, Lauren Proehl
45 minutes
-
W233 (Creator Stage 1)
Go Malware Meets IoT: Challenges, Blind Spots, and Botnets
Asher Davila
60 minutes
Friday 11:45
-
W231 (Creator Stage 3)
Dark Capabilities: When Tech Companies Become Threat Actors
Greg Conti, Tom Cross
45 minutes
-
W232 (Creator Stage 2)
Never enough about cameras - The firmware encryption keys hidden under the rug
Alexandru Lazar
45 minutes
Friday 12:00
-
EHW4 - C105 (Community Stage)
Tunnelpocalypse
Rich Compton
60 minutes
-
W228 (Creator Stage 4)
Behind The Dashboard - (Lack Of) Automotive Privacy
Jacob Avidar, Lior ZL
60 minutes
-
W229 (Creator Stage 5)
Voices from the Frontlines: Managing Bug Bounties at Scale
Gabriel Nitu, Goshak
, Ryan Nolette, Tyson Laa Deng, Jay Dancer 60 minutes
-
W233 (Creator Stage 1)
Flipping Locks - Remote Badge Cloning with the Flipper Zero and More
Dan Goga, Langston Clements
60 minutes
Friday 12:30
-
W231 (Creator Stage 3)
How API flaws led to admin access to over 1,000 USA dealers and control over your car
Eaton Zveare
30 minutes
-
W232 (Creator Stage 2)
Back to Basics: Building Resilient Cyber Defenses
Yael Grauer
30 minutes
Friday 13:00
-
EHW4 - C105 (Community Stage)
Rebuild The World: Access to secure software dependency management everywhere with Nix
Farid Zakaria, Daniel Baker, Tom Berek
60 minutes
-
W228 (Creator Stage 4)
A Tale of Weeds and Roses: Propagating the Right Data Protection Agreements with Vendors
Irene Mo, Alyssa Coley
60 minutes
-
W231 (Creator Stage 3)
Takes All Kinds: Building Onramps for Emergency Web Archiving in Ukraine and Beyond
Quinn Dombrowski
45 minutes
-
W232 (Creator Stage 2)
What is Dead May Never Die: The Immortality of SDK Bugs
Richard "HeadlessZeke" Lawshae, Kai-Ching "Keniver" Wang, Chiao-Lin "Steven Meow" Yu
45 minutes
-
W233 (Creator Stage 1)
Teaching Your Reverse Proxy to Think: Fingerprint-Based Bot Blocking & Dynamic Deception
Adel Karimi
60 minutes
Friday 13:15
-
W229 (Creator Stage 5)
Hard Hat Brigade Creations Q&A
Hydrox, MrBill, M0nkeyDrag0n, CoD_Segfault
45 minutes
Friday 13:45
-
W231 (Creator Stage 3)
Third-Party Access Granted: A Postmortem on Student Privacy and the Exploit That's Still in Production
Sharlene Toney
45 minutes
-
W232 (Creator Stage 2)
Digital Casualties: Documenting Cyber-Induced Patient Harm in Modern Healthcare
Scott Shackleford, Joseph Davis, Jorge Acevedo Canabal
45 minutes
Friday 14:00
-
EHW4 - C105 (Community Stage)
Off-Grid Datarunning in Oppresive Regimes: Sneakernet and Pirate Box
Robert "LambdaCalculus" Menes
30 minutes
-
W228 (Creator Stage 4)
Securing Intelligence: How hackers are breaking modern AI systems … and how bug bounty programs can keep up
Shlomie Liberow, Dane Sherrets
60 minutes
-
W229 (Creator Stage 5)
Hacking Hotel Locks; The Saflok Vulnerabilities Expanded
Josh Stiebel, Noah Holland
60 minutes
-
W233 (Creator Stage 1)
Game Hacking 101
Julian "Julez" Dunning
45 minutes
Friday 14:30
-
W231 (Creator Stage 3)
Modern Odometer Manipulation
oblivion, collin
30 minutes
-
W232 (Creator Stage 2)
QRAMM: The Cryptographic Migration to a Post-Quantum World
Abdel Sy Fane, Emily Fane
30 minutes
Friday 14:45
-
EHW4 - C105 (Community Stage)
Introduction of Loong Community & Financial Identity crime (deepfake) regulation of diferetn jurisdictions
Noel Wong, KC Wong
45 minutes
Friday 15:00
-
W228 (Creator Stage 4)
Contextualizing alerts & logs at scale without queries or LLMs (opensource)
Ezz Tahoun
60 minutes
-
W229 (Creator Stage 5)
VDP in Aviation - How it shouldn't be done!
Matt Gaffney
30 minutes
-
W231 (Creator Stage 3)
Threat Dynamics on the Seas
RADM John Mauger, USCG (ret.), Michael Sulmeyer, Adam Segal
45 minutes
-
W232 (Creator Stage 2)
What Europeans are doing right about cyber security
Espen Torseth, Muhammad Mudassar Yamin
45 minutes
-
W233 (Creator Stage 1)
Adversaries at War: Tactics, technologies, and lessons from modern battlefields
John Andre Bjørkhaug, John Johnson, Dr, Bret Fowler, MSGT (Ret), Barb Hirz, Gregory Carpenter, DrPH, Michael Tassey
45 minutes
Friday 15:30
-
EHW4 - C105 (Community Stage)
Defending Reddit at Scale
Spencer Koch, Pratik Lotia
30 minutes
-
W229 (Creator Stage 5)
Locked Down, Not Locked Out: How I Escaped Your Secure Operator Workstation
Aaron Boyd
30 minutes
Friday 15:45
-
EHW4 - C105 (Community Stage)
Badgelife: Lessons from Years of Do's, Don'ts, and Last-Minute Saves
Bradan Lane, Abhinav Pandagale, MakeItHackin
60 minutes
-
W231 (Creator Stage 3)
Fighting the Digital Blockade: A View from Taiwan
Deputy Minister Herming Chiueh, Jason Vogt
45 minutes
-
W232 (Creator Stage 2)
Secure Code Is Critical Infrastructure: Hacking Policy for the Public Good
Tanya "SheHacksPurple" Janca
45 minutes
-
W233 (Creator Stage 1)
Adversarial mindset, thinking like an attacker is no longer optional
Keenan Skelly, Abhijith "Abx" B R
45 minutes
Friday 16:00
-
EHW4 - C105 (Community Stage)
Cybersecurity in Latin America: The Untold Stories of Resilience & Innovation
Giovanni Cruz Forero
30 minutes
-
W228 (Creator Stage 4)
Hacking a head unit with malicious PNG
Danilo Erazo
30 minutes
-
W229 (Creator Stage 5)
Bio-Cryptography is the Game-Genie in a post quantum dystopia
James Utley, PhD
30 minutes
Friday 16:30
-
EHW4 - C105 (Community Stage)
Quiet Confidence: An Introvert's Journey to Technical Public Speaking
Emma Fang
30 minutes
-
W228 (Creator Stage 4)
Burning, trashing, spacecraft crashing: a collection of vulnerabilities that will end your space mission
Andrzej Olchawa, Ayman Boulaich, Ricardo Fradique, Milenko Starcik
30 minutes
-
W229 (Creator Stage 5)
Access Control Done Right the First Time
Tim Clevenger
30 minutes
-
W231 (Creator Stage 3)
Context Aware Anomaly Detection in Automotive CAN Without Decoding
Ravi Rajput
30 minutes
-
W232 (Creator Stage 2)
Smart Bus Smart Hacking: From Free WiFi to Total Control
Chiao-Lin "Steven Meow" Yu, Kai-Ching "Keniver" Wang
30 minutes
-
W233 (Creator Stage 1)
The depths that marketers will plummet to
4dw@r3
30 minutes
Friday 17:00
-
W228 (Creator Stage 4)
Moonlight Defender - Purple Teaming in Space!
Ben Hawkins
30 minutes
-
W229 (Creator Stage 5)
They deployed Health AI on us. We're bringing the rights & red teams.
Andrea Downing
30 minutes
-
W231 (Creator Stage 3)
All your keyboards are belong to us!
Federico Lucifredi
60 minutes
-
W232 (Creator Stage 2)
Of Stochastic Parrots and Deterministic Predators: Decision-Making in Adversarial Automation
Bobby Kuzma, Michael Odell
30 minutes
-
W233 (Creator Stage 1)
Satellite Networks Under Siege: Cybersecurity Challenges of Targeted DDoS Attacks
Roee Idan
30 minutes
Friday 17:30
-
W228 (Creator Stage 4)
Vibe School: Making dumb devices smart with AI
Katie "InsiderPhD" Paxton-Fear
30 minutes
-
W229 (Creator Stage 5)
Hacking the Nautical Rules of the Road: Turn Left for Global Pwnage
Data, Amp
30 minutes
-
W232 (Creator Stage 2)
Quantum-Resistant Healthcare
Katarina Amrichova
30 minutes
-
W233 (Creator Stage 1)
Crossing the Line: Advanced Techniques to Breach the OT DMZ
Christopher Nourrie
30 minutes
Saturday
Saturday 10:00
-
W228 (Creator Stage 4)
How Not to IoT: Lessons in Security Failures
Zoltan "zh4ck" Balazs
60 minutes
-
W229 (Creator Stage 5)
Anotomy of Telecom Malware
Akib Sayyed
45 minutes
-
W231 (Creator Stage 3)
Critically Neglected: Cybersecurity for buildings
Thomas Pope
30 minutes
-
W232 (Creator Stage 2)
Nuclei: Beyond The Basic Templates
Ben "nahamsec" Sadeghipour
60 minutes
Saturday 10:15
-
EHW4 - C105 (Community Stage)
Private, Private, Private: Access Everywhere
Meghan Jacquot
45 minutes
Saturday 10:30
-
W231 (Creator Stage 3)
Navigating the Invisible
Mehmet Önder Key, Furkan Aydogan
30 minutes
Saturday 11:00
-
EHW4 - C105 (Community Stage)
Cryptocurrency Weekend Keynote
Nick "c7five" Percoco, Elaine Shi, Chelsea Button
60 minutes
-
W228 (Creator Stage 4)
Malware in the gist: How malicious packages on npm bypass existing security tools
Paul McCarty
30 minutes
-
W229 (Creator Stage 5)
Illuminating the Dark Corners of AI: Extracting Private Data from AI Models and Vector Embeddings
Patrick Walsh
60 minutes
-
W231 (Creator Stage 3)
GenAI red teaming for Payment Fraud
Karthik Tadinada, Martyn Higson
60 minutes
-
W232 (Creator Stage 2)
No Brain No Gain
Dr. Ahmet Furkan Aydogan, Mehmet Önder Key, Temel Demir
60 minutes
Saturday 11:30
-
W228 (Creator Stage 4)
State of the Pops: Mapping the Digital Waters
MJ Casado, Vlatko Kosturjak
30 minutes
Saturday 12:00
-
EHW4 - C105 (Community Stage)
DDoS: The Next Generation
Andrew Cockburn
60 minutes
-
W228 (Creator Stage 4)
What's Really in the Box? The Case for Hardware Provenance and HBOMs
Allan Friedman
30 minutes
-
W229 (Creator Stage 5)
Cracking Chaos: Making, Using, and Breaking PRNGs
1nfocalypse
60 minutes
-
W231 (Creator Stage 3)
Sometimes you find bugs, sometimes bugs find you
Jasmin "JR0ch17" Landry
30 minutes
-
W232 (Creator Stage 2)
From Pwn to Plan: Turning Physical Exploits Into Upgrades
Shawn
60 minutes
-
W233 (Creator Stage 1)
How NOT to Perform Covert Entry Assessments by WeHackPeople.com
Tim Roberts, Brent White
60 minutes
Saturday 13:00
-
EHW4 - C105 (Community Stage)
DEF CON Groups (DCGs): Keeping the Signal Alive All Year Long
Alethe Denis, Jayson E Street, Adam915
60 minutes
-
W228 (Creator Stage 4)
Deploying Deception in Depth for ICS
Brent Muir
30 minutes
-
W229 (Creator Stage 5)
Breaking the Chain: Advanced Offensive Strategies in the Software Supply Chain
Adnan Khan, Roni "lupin" Carta
60 minutes
-
W231 (Creator Stage 3)
Deepfake Image and Video Detection
Mike Raggo
60 minutes
-
W232 (Creator Stage 2)
Passive and Active Attacks on TPMS Systems
Yago Lizarribar
30 minutes
-
W233 (Creator Stage 1)
What Game Hackers teach us about Offensive Security and Red Teaming
Joe "Juno" Aurelio
45 minutes
Saturday 13:45
-
W233 (Creator Stage 1)
The Things know What You Did Last Session
Will Baggett
30 minutes
Saturday 14:00
-
EHW4 - C105 (Community Stage)
Surviving the Dataclysm: Resistance through Resilience
Rebecah Miller
30 minutes
-
W228 (Creator Stage 4)
OT Network Segmentation Planning, Implementation, and Validation
Tony Turner
30 minutes
-
W229 (Creator Stage 5)
The Missing Link: Draytek's New RCEs Complete the Chain
Octavio Gianatiempo, Gaston Aznarez
60 minutes
-
W231 (Creator Stage 3)
Blurred Lines of Cyber Threat Attribution: The Evolving Tactics of North Korean Cyber Threat Actors
Seongsu Park
30 minutes
-
W232 (Creator Stage 2)
Red Teaming Space: Hacking the Final Frontier
Tim Fowler
30 minutes
Saturday 14:15
-
W233 (Creator Stage 1)
Assessing the Capabilities Gap Between Foundation Models and Cybersecurity Experts: Benchmarks, Safeguards, and Policy
Justin W. Lin
45 minutes
Saturday 14:30
-
EHW4 - C105 (Community Stage)
#ReclaimTech - A community movement
Andy Hull, Janet Vertesi
30 minutes
Saturday 15:00
-
EHW4 - C105 (Community Stage)
Hard Hat Brigade Organizer Panel
M0nkeyDrag0n, Hydrox, MrBill, CoD_Segfault
45 minutes
-
W228 (Creator Stage 4)
There and Back Again: Discovering OT devices across protocol gateways
Rob King
30 minutes
-
W229 (Creator Stage 5)
Referral Beware, Your Rewards Are Mine
Whit "un1tycyb3r" Taylor
30 minutes
-
W231 (Creator Stage 3)
Digital First Responders: Fixing Patient Safety Gaps with Smart Tech & AI
Jennifer Schieferle Uhlenbrock
30 minutes
-
W232 (Creator Stage 2)
Countering Forensics Software by Baiting Them
Isaac Soon, Weihan Goh, Joseph Lim
30 minutes
-
W233 (Creator Stage 1)
Pirates of the North Sea
John Andre Bjørkhaug
30 minutes
Saturday 15:30
-
W229 (Creator Stage 5)
Operational Twilight: APTs, OT, and the geopolitics of a dying climate
Cybelle Oliveira
30 minutes
Saturday 16:00
-
W228 (Creator Stage 4)
China's Health Sector Ambitions and Information Needs: Implications for U.S. Health Care Cyber Defense
Amelia Shapiro
30 minutes
-
W229 (Creator Stage 5)
SSH Honeypots and Walkthrough Workshops: A History
Ryan Mitchell
60 minutes
-
W231 (Creator Stage 3)
Your Passkey is Weak: Phishing the Unphishable
Chad Spensky, Ph.D.
30 minutes
-
W232 (Creator Stage 2)
Dead Reckoning: Hijacking Marine Autopilots
Carson Green, Rik Chatterjee
30 minutes
-
W233 (Creator Stage 1)
Fingerprinting Maritime NMEA2000 Networks
Anissa Elias, Constantine Macris (TheDini)
30 minutes
Saturday 16:30
-
W228 (Creator Stage 4)
Resilient and Reconfigurable Maritime Comms.
AviNash Srinivasan
30 minutes
-
W231 (Creator Stage 3)
How Computers Kill People: Marine Systems
Michael DeVolld, Austin Reid
30 minutes
-
W232 (Creator Stage 2)
Impact of Frontier AI on the Landscape of Cybersecurity
Dawn Song
45 minutes
-
W233 (Creator Stage 1)
Post-Quantum Panic: When Will the Cracking Begin, and Can We Detect it?
Konstantinos Karagiannis
45 minutes
Saturday 17:00
-
EHW4 - C105 (Community Stage)
Breaking In: Real Paths Into Cybersecurity from Hackers, Humans, and Hiring Pros
Eva Benn, Tib3rius, Rosie "Lady Cyber Rosie" Anderson
60 minutes
-
W229 (Creator Stage 5)
One Modem to Brick Them All: Exploiting Vulnerabilities in the EV Charging Communication
Sebastian Köhler, Jan "SP3ZN45" Berens, Marcell Szakály
60 minutes
-
W231 (Creator Stage 3)
Hacking Context for Auto Root Cause and Attack Flow Discovery
Ezz Tahoun
60 minutes
Sunday
Sunday 10:00
-
W228 (Creator Stage 4)
Blind Trailer Shouting (Car Hacker's Version)
Ben Gardiner
60 minutes
-
W229 (Creator Stage 5)
Behind the Badge: How We Used and Abused Hardware (again) to Create the AV Badge for DC33
Adam Batori, Robert Pafford
60 minutes
-
W231 (Creator Stage 3)
Intro to Physical Security Bypass
Karen Ng, Matthew Cancilla
60 minutes
-
W232 (Creator Stage 2)
Escaping the Privacy Sandbox with Client-Side Deanonymization Attacks
Eugene "spaceraccoon" Lim
30 minutes
-
W233 (Creator Stage 1)
Elevators 101
Bobby Graydon, Ege Feyzioglu
60 minutes
Sunday 10:30
-
W232 (Creator Stage 2)
Don't Cry Wolf: Evidence-based assessments of ICS Threats
Sam Hanson, Jimmy Wylie
30 minutes
Sunday 11:00
-
EHW4 - C105 (Community Stage)
Creating Integrated Threat Surveillance: AI + OSINT + Security Onion
Desiree Wilson
45 minutes
-
W228 (Creator Stage 4)
Hacker vs. Triage: Inside the Bug Bounty Battleground
Richard "richeeta" Hyunho Im, Denis Smajlović
60 minutes
-
W229 (Creator Stage 5)
Hacking Space to Defend It: Generating IoBs with SPARTA
Brandon Bailey
30 minutes
-
W231 (Creator Stage 3)
Red Russians: How Russian APT groups closely follow offensive security research
Will Thomas
30 minutes
-
W232 (Creator Stage 2)
Hacking at Scale with AI Agents: Building an Autonomous Bug Bounty Hunter
Vanshal Gaur
30 minutes
Sunday 11:30
-
W229 (Creator Stage 5)
Unveiling IoT Vulnerabilities: From Backdoors to Bureaucracy
Kai-Ching "Keniver" Wang
30 minutes
-
W231 (Creator Stage 3)
Bare Metal Reverse Engineering
SolaSec
30 minutes
-
W232 (Creator Stage 2)
Intro to Common Industrial Protocol Exploitation
Trevor Flynn
30 minutes
-
W233 (Creator Stage 1)
Introducing CIPHER: The Open-Source Platform Revealing Patient Harms from Healthcare Cyberattacks
Isabel Straw, MD, PhD
30 minutes
Sunday 12:00
-
EHW4 - C105 (Community Stage)
Passing the Torch: Mentoring and Protecting Our Students in Education Spaces
Sam Comini, Navaar Johnson
60 minutes
-
W228 (Creator Stage 4)
Airport Security! - S01 E008 - Breaking into your baggage
Hector Cuevas Cruz
60 minutes
-
W229 (Creator Stage 5)
TotalTest 2.Oh!: Unleashing a Testing Program to Break Smarter, Measure Better, and Fund Your Fixes
Nebu Varghese
30 minutes
-
W231 (Creator Stage 3)
Smart Devices, Dumb Resets? Testing Firmware Persistence in Commercial IoT
Matei Josephs
30 minutes
-
W232 (Creator Stage 2)
Firmware Decryption: For, and By, the Cryptographically Illiterate
Craig Heffner
30 minutes
-
W233 (Creator Stage 1)
Letthemin: Facilitating High-Value Purple Teams Using an Assumed Compromise Approach
Sarah Hume
30 minutes
Sunday 12:30
-
W229 (Creator Stage 5)
Red Alerts and Blue Oceans: Incident Response from a Sysadmin's War Room in Maritime Ops
Steve Winston, Capt. Kit Louttit
30 minutes
-
W231 (Creator Stage 3)
Here and Now: Exploiting the Human Layer at the Right Moment
Daniel Isler
30 minutes
-
W231 (Creator Stage 3)
The Worst ICS/OT Love Story Ever Told
Mike Holcomb
30 minutes
-
W232 (Creator Stage 2)
Legalizing Ethical Hacking: A Global Safe Harbor for Security Research
Miracle OWOLABI
30 minutes
Sunday 14:30
-
W232 (Creator Stage 2)
The Power(Point) Glove
Parsia "CryptoGangsta" Hakimian
30 minutes