DEF CON China Party

The DEF CON Interview: Steve Wozniak

Steve Wozniak with The Dark Tangent

Time TBA

Steve Wozniak is a legendary hacker, philanthropist and entrepreneur. While Woz is best known for being the engineering mind behind Apple Inc, his story includes major contributions in education, telecommunications and many other fields. He even found time to help found the Electronic Frontier Foundation, create the US Festival and co-found Silicon Valley Comic-Con.

For the DEF CON China Party, Woz will sit for an interview with DEF CON founder Jeff Moss to talk about the journey from the Homebrew Computer Club to the personal computer revolution and all the ways thinking like a hacker has helped him solve challenges and occasionally change the world.

A Silicon Valley icon, technology entrepreneur and philanthropist for more than forty years, Steve Wozniak has helped shape the computing industry with his design of Apple’s first line of products the Apple I and II. He also influenced the popular Macintosh. In 1976, Wozniak and Steve Jobs founded Apple Computer Inc. with Wozniak’s Apple I personal computer. The following year, he introduced his Apple II personal computer, featuring a central processing unit, a keyboard, color graphics, and a floppy disk drive. The Apple II was integral in launching the personal computer industry. He is listed as the sole inventor on four Apple patents.

Through the years, Wozniak has been involved in various business and philanthropic ventures, focusing primarily on computer capabilities in schools and stressing hands-on, experiential learning that encouraged creativity and innovation by students. Making significant investments of both his time and resources in education, he adopted the Los Gatos School District, providing students and teachers with hands-on teaching and donations of state-of-the-art technology equipment.

Wozniak continues to pursue his entrepreneurial and philanthropic interests to this day. In October 2017, Steve co-founded Woz U — a postsecondary education and training platform focused on software engineering and technology development. He has also recently co-founded Efforce — which leverages disparate applications of blockchain technology.

When Woz and his wife, Janet, are not traveling the world trying to inspire the next generation or building sustainable businesses, they live a happy life in Los Gatos, California with their four Bichon Friese dogs Ziggy, Zelda, Jewel and Wozzie.

Wall of Sheep: Hilarious fails and the sheep behind them.

Riverside

Time TBA

Let’s be honest, sometimes hilarious fails happen. We all make mistakes and as long as you learn from them and don’t make the same mistake twice, you’re doing great! This talk openly shares some of our favorite stories about the sheep we caught and the fails they made…

Riverside, lead shepherd at the Wall of Sheep and Packet Hacking Village. Creator of Capture The Packet, Packet Detective, and numerous other products and projects. Gold & Black badge holder. Hacking 36 out of 24 hours a day, 8 days a week. Ask me about my tamper skills, not my CISSP.

IoT Fails: Learning From ***** Toys How Not To Suck (Or Blow)

Renderman

Time TBA

IoT is everywhere and generally assumed to have terrible security and privacy. The Internet of Dongs project looks at the privacy and security around connected adult devices, an often overlooked branch of IoT where consumers expect and hope for strong security and privacy. By looking at the types of vulnerabilities, their root causes, the effects, and the impact from these types of devices, the rest of the IoT industry can see how common practices that may not be of concern in many products day to day, can have severe impacts when applied elsewhere.

Fuga sapiente is a Canadian born and raised longtime member of the "Hacker Family". A frequent attendee and speaker at many hacker conferences around the world, he pays the bills as a penetration tester by day, but spends his off hours finding vulnerabilities in common, everyday devices and businesses, like ***** toys, major governments and airports.

Detecting Fake 4G Base Stations in Real Time

Cooper Quintin

Time TBA

4G based IMSI catchers such as the Hailstorm are becoming more popular with governments and law enforcement around the world, as well as spies, and even criminals. Until now IMSI catcher detection has focused on 2G IMSI catchers such as the Stingray which are quickly falling out of favor.

In this talk we will tell you how 4G IMSI Catchers might work to the best of our knowledge, and what they can and can't do. We demonstrate a brand new software project to detect fake 4G base stations, with open source software and relatively cheap hardware. And finally we will present a comprehensive plan to dramatically limit the capabilities of IMSI catchers (with the long term goal of making them useless once and for all).

Cooper Quintin is a security researcher and Senior Staff Technologist with the EFF threat lab. He has worked on projects such as Privacy Badger and Canary Watch. With his colleagues at threat lab he has helped discover state sponsored malware and nation state actors such as Dark Caracal and Operation Manul. He has also performed security trainings for activists, non profit workers and ordinary folks around the world. He also was a co-founder of the Hackbloc hacktivist collective and published several issues of the DIY hacker zine "Hack This Zine." In his spare time he enjoys playing music and playing with his kid and imagining a better future.

DEF CON culture, and the hacker culture from which it emerged

Dead Addict

Time TBA

In this highly structured rant, Dead Addict will discuss the history of DEF CON culture, and the hacker culture from which it emerged. While some people associate DEF CON with ‘infosec’, when DEF CON began there wasn’t an infosec industry. There were hackers, phreakers, misfits, civil libertarians, crypto-anarchists, and pirates gathered together to make friends and enemies, create and solve problems, and party until dawn. This is our story, or at least one version of it.

Dead Addict helped start DEF CON 29 years ago, and helped staff the con for over 20 years before he attempted to retire and ended up photographing the event with his project “Portraits of DEF CON”. He spent over 30 years in the software industry working for companies you’ve heard of and others you have not. He convinced multiple hacker conferences to let him speak: some of which you have heard of, others that you have not. He holds no certifications or degrees, and doesn’t have the drive to forge any.

Whispers Among the Stars - 6 Months On

James Pavur

Time TBA

Space is changing. More than 15,000 satellites are expected in orbit by 2030, the majority for internet communications. This updated briefing from DEF CON 28 shows how an attacker, using $300 of widely available home television equipment, can intercept deeply sensitive data transmitted by satellite services belonging to some of the world's largest organizations.

In this talk, we will touch on a series of case studies looking at intercepted satellite internet traffic from three domains: air, land, and sea. From oil tankers to wind farms, we'll see how satellite eavesdropping attacks can threaten the privacy and security of critical systems and how, under certain conditions, attackers can ***** their eavesdropping position to even hijack and alter traffic.

The talk concludes by presenting open-source tools we have developed to help researchers interested in working on these problems: including a proof-of-concept exploit which has been made publicly available in the months following DEF CON 28. We'll also touch on the work we've done to help mitigate these vulnerabilities, namely an open-source secure satellite communications research testbed and proxy. Finally, we will talk about new research directions that may be of interest to others looking to make contributions on satellite communications security.

While this talk includes technical components, it assumes no prior background in satellite communications or cryptography.

James Pavur is a Rhodes Scholar at Oxford University working on a DPhil in Cyber Security. His academic research is primarily on the threats to satellite systems with a focus on satellite communications and trustworthy spaceflight operations. Prior to Oxford, he majored in Science, Technology and International Affairs (STIA) at Georgetown University where he graduated with the School of Foreign Service Dean’s Medal (highest cumulative GPA) in 2017.

He has held numerous internships and professional positions related to information security. This included acting as Director of Information Security for Students of Georgetown Inc. (The Corp), a student run non-profit with more than 300 employees. He has also assisted with computer crimes investigations as an intern with the United States Postal Service Office of the Inspector General, worked on embedded systems reverse-engineering as an intern at Booz Allen Hamilton, and even pentested air-conditioners for the Public Buildings Services while working for Telos Corporation.

Outside of computers, James enjoys flying kites and collecting rare and interesting teas.

MALWARE INCLUDED: JavaScript as an Attack Vector

Michael Schrenk

Time TBA

Michael Schrenk conducts a Competitive Intelligence Consultancy in Las Vegas USA and is the author of “Webbots, Spiders, and Screen Sc*****rs” (San Francisco: No Starch Press, 2012). Schrenk consults on data collection, analytics, and information security everywhere from Moscow to Silicon Valley. Along the way, he’s been interviewed by BBC World Service, The Christian Science Monitor, National Public Radio, and many others. Additionally, he has lectured at data journalism conferences in Belgium, The Netherlands, and created several weekend workshops for The Centre for Investigative Journalism at City College, London.

Introduction to RFID Hacking

Deviant Ollam

Time TBA

Hackers have seen Deviant discuss mechanical locks hundreds of times over the past decades.  But our world has been steadily seeing an increase in the use of electronic locks and RFID access control systems.  How many of you would like to understand these technologies better?  There are many tools available for experimenting with and hacking on RFID credentials, but there is also much confusion surrounding them.  Deviant is something of a novice himself, and he will openly admit that others on his team -- like Babak and Iceman -- know much more than he does.  But in this talk Deviant will speak to you -- noob to noob -- about where to get started with attacking and exploring RFID technologies.

Deviant Ollam While paying the bills as a physical penetration specialist with The CORE Group and the Director of Education for Red Team Alliance, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. His books Practical Lock Picking and Keys to the Kingdom are among Syngress Publishing's best-selling pen testing titles.  In addition to being a lockpicker, Deviant is also a SAVTA certified safe technician and GSA certified safe and vault inspector.  At multiple annual security conferences Deviant started Lockpick Village workshop areas, and he has conducted physical security training sessions for Black Hat, the SANS Institute, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point.  In his limited spare time, Deviant enjoys loud moments with lead acceleration and quiet times with podcasts. He arrives at airports too early and shows up at parties too late, but will promptly appear right on time for tacos or whiskey.