DEF CON 27 is almost here, and once again there is a lot in store for us. Filled with a seemingly endless supply of presentations, panels, and speakers, it’s nearly (and sadly) impossible to attend them all. But, we here at Bugcrowd are here to make things a tad bit easier by providing a detailed list of the top, must see talks of the conference. Visit these, in order to truly experience all that DEF CON has to offer!
Here are a few talks that have us excited…
Those who CAN, do
Time: Thursday, August 8th | 12:30pm
Place: Bugcrowd Suite
Who doesn’t want to learn about car hacking? Visit this panel to hear about all things car hacking. In this talk, car hackers@_specters_, @cybergibbons and @mintynet , will discuss the ins and outs of car hacking. They will provide tips and tricks that will aid in your own car hacking endeavors, as well as discussing their own journey as car hackers. Do not miss out on this vital opportunity to gain insight into the world of car hacking.
This panel will give important and helpful tips regarding car hacking. You will want to visit this panel to do well at the Car Hacking Village, the conference’s top, must-see interactive event!
A Day in The Life of a Pen Tester
Time: Thursday, August 8th | 1:30pm
Place: Bugcrowd Planet Hollywood Suite
Interested in pen testing? In this panel expert pen tester, and Bugcrowd Ambassador, Phillip Wylie and his guest panel of pen testers will give us an inside look at the pen testing strategies, best practices, and new trends
Let’s get technical, and hunt harder! (AppSec Village)
Place: AppSec Village
This talk will cover the secret techniques and tools that experienced security testers use to research security. In this talk, you will hear from security research specialists, Jesse Kinser, Sam Curry, and Darrell, regarding successful tools and techniques used, what they tend to focus on, and why. These experts will also discuss advents in tooling, approaches to different types of applications, reconnaissance, vulnerability trends in bounty, and more. Leave this talk with an educated understanding regarding recommended hacking strategies, tools, and insane tips! Learn about specific vulnerabilities that are common in certain types of edge cases that have been present and heavily tested sites. Finally, you will learn about the future of bug bounty as it relates to hacking, by analyzing changes in the web attack landscape, and better ways to find bugs. Visit this panel to learn everything you need to know regarding bug hunting.
DEF CON 101 Panel
Time: Thursday, August 8th | 3:00PM
Place: Paris Theatre
Once again, DEF CON is hosting its annual DEF CON 27 panel! Visit the panel to learn all about DEF CON from trained experts. Learn from a group of veteran DEF CONians about the adventure that is the conference, and about their experiences! Expand your horizons at the conference. Not only will the panel explain more about all things DEF CON, but the panel will end with the time honored tradition of “Name the n00b” where lucky attendees will be brought up on stage to introduce themselves to you and earn the coveted 101 n00b handle. There is no need to worry if you are not called on stage, after the sought out panel there will be a “n00b party” where you can receive your handel! Don’t miss this panel to learn more about what DEF CON is and share and hear from others about their experiences!
Hacking Congress: The Enemy Of My Enemy Is My Friend
Time: Friday, August 9th |10:00am
Place: Track 2
Following the 2017 NotPetya attack, more and more organizations, citizens, and governmental sectors have been affected by cyber crime than ever before. In this talk you will hear from a variety of experts, including: Former representative, Jane Harman, Representative James Langevin, Director of Public Affairs, Jen Ellis, and more! These speakers will provide and in-depth overview as to the necessity of government officials and hackers alike, to work in tandem with one another, to decrease the cyber crime. The talk will give details as to what levers of power Congress yields, and how to address specific policy gaps in the future, to form a lean mean cybersecurity machine. Visit this talk if you are interested in learning about the future of cybersecurity!
Let’s get technical, and hunt harder!
Time: Friday, August 9th|1:20pm
Place: Recon Village
Are you interested in security research, bug bounties, and more? Visit this talk to learn the secret techniques and tools that experienced security testers use. In this talk, you will hear from security research specialists, Jesse Kinser, Sam Curry, and Darrell, regarding successful tools and techniques used, what they tend to focus on, and why. The panel will focus on the current and future of bounty hunting and web hacks that bug hunters or penetration testers can be knowledgeable of what the various environment trends. They will review the changes to the web attack landscape and how web hackers, can better find bugs in the web applications that are currently being developed while focusing on recon. If you want to understand the state of bug bounty today, this is the talk for you!
Weaponizing Hypervisors to Fight and Beat Car and Medical Devices Attacks
Time: Saturday, August 10th |10:00am
Place: Track 1
As we have moved into the digital age of rapid technological advancement, hypervisors have become more and more prominent. Traditionally used for utilization of resources, space, and money, this tool has now expanded to medical devices as well as cars. In this talk, the CEO of Numen Inc,. Ali Islam will walk us through the steps needed to set up a framework using Xilinx ZCU102 board that is able to monitor ARM-based devices as well as kill identified threats. If you are interested in learning about the future of cybersecurity in cars and medical devices you should definitely check out this talk!
Information Security in the Public Interest
Time: Saturday, August 10th | 10:00 am
Place: Track 3
Today, nearly everyone is on social media; as more and more people upload their information onto various platforms computer security has become a public policy. The problem is, most policy makers do not have the background to understand the technology behind such infrastructures. In this talk, Security Technologist, Bruce Schneier, will discuss the current state of public-interest technology, and possible future goals for the field. Technologists must be involved in technological policy! Visit this talk to learn about the possible future of the security technology field!
Zero bugs found? Hold my Beer AFL! How To Improve Coverage-Guided Fuzzing and Find New 0days in Tough Targets
Time: Saturday, August 10th | 2:00pm
Place: Track 3
Fuzzing stands to be among the most widely used ways to detect bugs. However, in some cases some bugs remain undetected.his talk will focus on the need and ways in which we must adapt and change our fuzzing techniques, in order to find new 0days. In this talk Maksim Shudrak will focus on analyzing the American Fuzzy Lop, as the basis to branch new fuzzing techniques. If you are interested about learning new bug detecting techniques, this is the talk for you!
Help Me, Vulnerabilities. You’re My Only Hope
Time: Sunday, August 11th | 12:00PM
Place: Track 4
MikroTik routers keep getting owned Unfortunately, administrators have very limited access to their files, and for this reason they have little to know indication whether or not they have been compromised. In this talk, Research Engineer, Jacob Baines, will present three vulnerabilities that can help MikroTik administrators break out of this darkness and determine whether or not they have been compromised.
DEF CON 27 is filled with countless talks and presentations, that are all worthwhile. If you are interested in the future of cybersecurity, bug detection, and more, visit these listed talks!