Hack all the things at IoT Village!

IoT Village advocates for advancing security in the Internet of Things (IoT) industry through bringing researchers and industry together. IoT Village hosts talks by expert security researchers, interactive hacking labs, live bug hunting in the latest IoT tech, and competitive IoT hacking contests. Over the years IoT Village has served as a platform to showcase and uncover hundreds of new vulnerabilities, giving attendees the opportunity to learn about the most innovative techniques to both hack and secure IoT. IoT Village is organized by security consulting and research firm, Independent Security Evaluators (ISE), and the non-profit organization, Village Idiot Labs (VIL).

IoT Village's contests are brought to you by SOHOpelessly Broken™, the first-ever router hacking contest at DEF CON. The ISE research that inspired the SOHOpelessly Broken™ contests delivered 56 CVEs to the infosec community. Over the years at DEF CON, IoT Village has served as the platform to showcase and uncover hundreds of new vulnerabilities in connected devices.

Follow both ISE (@ISEsecurity) and IoT Village (@IoTvillage) on Twitter for updates on talks, contests, and giveaways.

Want to help, get updates, or just show your interest?

Get Involved


IoT Village attended DEF CON Safe Mode, the first ever virtual DEF CON. From August 7-9, we hosted hands-on labs, contests, and presentations that you would find at the physical IoT Village, and with similar access to discussions and networking opportunities. Check out our schedule for links to our DEF CON presentations.

Follow both IoT Village (@IoTvillage) and Village ID/IOT Labs (@VillageIDIOTLab) on Twitter for future updates on talks, contests, and giveaways.

Watch Past Events on YouTube

Follow us on Twitch


Join our !discord :]


Join our Newsletter


Our Capture the Flag


Our Free Hacking Labs







Upcoming Event Schedule

Event Activities Date
IoT Village at Null Con Virtual March 8, 2021
BSides San Francisco Virtual March 6-9, 2021
Naham Con Virtual March 14, 2021
IoT Village Virtual April 23-24, 2021
RSAC Virtual May 19-20, 2021
RSA 365 Virtual July (TBD), 2021
Hactivity Con TBD August (TBD), 2021
DEF CON TBD August (TBD), 2021
IoT Village Virtual September (TBD), 2021
Null Con (TBD), India September (TBD), 2021
GrayHat TBD October (TBD), 2021
BSides DC DC October 15-17, 2021
IoT Device Security Con Virtual November (TBD), 2021
Hackfest Virtual November (TBD), 2021
IoT Village Virtual December (TBD), 2021
CIA Con Virtual December (TBD), 2021

Partner Schedule

Event Partner Date
Hackfest Village Idiot Labs November 20-21, 2020
BSides Vancouver Village Idiot Labs POSTPONED
AtlSecCon Village Idiot Labs POSTPONED
BSides Edmonton Village Idiot Labs POSTPONED
BSides Ottawa Village Idiot Labs POSTPONED


Past Events

Event Partner Date
BSidesSF San Francisco, CA Labs February 23-24, 2020
RSAC San Francisco, CA IoT Sandbox February 26-27, 2020
DEF CON 28 Las Vegas, NV Village Talks + Labs + Contests August 7-9, 2020
ExploitCon Spokane Virtual Village Labs + Discord September 9, 2020
ExploitCon Portland Portland (Virtual) Village Labs + Discord September 23, 2020
Grayhat Virtual Presentations + Village CTF + Labs October 29-31, 2020 10-8PM EDT
ArcticCon ArcticCon Virtual Conference Platform Village CTF + Labs October 29, 2020
HITB+ CyberWeek Virtual Labs, CTF and Presentations November 18-19, 2020 (9am-1pm EDT)
CIA CON (Virtual) India Labs and Pre-Recorded Presentation (Time TBD) December 6, 2020
Cyphercon 4.0 Milwaukee, WI Village CTF POSTPONED
BSidesCharm Maryland Village CTF + Labs POSTPONED
BSidesDC DC Village CTF + Labs POSTPONED







IOT [VIRTUAL] VILLAGE DEF CON 28 SCHEDULE!

= Presentations, Labs, Contests =


= Presentation | = Lab | = Contest

Friday - Sunday

Time (PDT/GMT-7) Topic Presenter
Friday & Saturday 10am - 5pm,
Sunday 10am - 2pm
IoT (soho) CTF IoT Village
Friday & Saturday 10am - 5pm,
Sunday 10am - 2pm
IoT Hands-on labs Village Idiot Labs

Friday, August 7th, 2020

Time (PDT/GMT-7) Topic Presenter
9:15 am - 9:45 am How to get rights for hackers Chloé Messdaghi @ChloeMessdaghi
10:00 am - 10:30 am IoT Hacking Stories in Real Life Besim Altinok @AltnokBesim and Anil Celik @ccelikanil
Join live! 10:45 am - 11:45 am Getting Started – Building an IoT Hardware Hacking Lab Deral Heiland @Percent_X
12:15 pm - 1:00 pm Exploring vulnerabilities in Smart Sex Toys, the exciting side of IoT research Denise Giusto Bilic @dgbilic and Cecilia Pastorino
1:15 pm - 2:00 pm IoT Under the Microscope: Vulnerability Trends in the Supply Chain Parker Wiksell @pwiksell
2:15 pm - 3:00 pm Hella Booters: Why IoT Botnets Aren't Going Anywhere Netspooky @netspooky
Join live! 3:15 pm - 4:15 pm NAND Flash – Recovering File Systems from Extracted Data Deral Heiland @Percent_X
4:45 pm - 5:30 pm Assembling VULNtron: 4 CVEs that Turn a Teleconference Robot into a Spy Mark Bereza @ROPsicle
5:45 pm - 6:15 pm Pandemic In Plaintext Troy Brown @waveguyd
6:30 pm - 7:15 pm The Joy of Coordinating Vulnerability Disclosure Panel

Saturday, August 8th, 2020

Time (PDT/GMT-7) Topic Presenter
9:00 am - 9:45 am Hacking smart-devices for fun and profit: From exploiting my smart-home into controlling thousands of smart-devices around the world Barak Sternberg @livingbeef, SentinelOne
10:00 am - 10:45 am Your connected world isn't yours anymore! - Remote IoT attacks and data exfiltration. Dewank Pant @secyourity and Shruti Lohani @Shruti__Lohani
Join live! 11:00 am - 12:00 pm Introduction to U-Boot Interaction and Hacking Garrett Enochs
12:30 pm - 1:15 pm Kicking Devices and Taking CVEs : The Zoomer’s Guide to Hacking Shit Sanjana Sarda
1:45 pm - 2:15 pm In Search of the Perfect UPnP Tool t1v0 @_t1v0_
2:30 pm - 3:20 pm The future of IoT Security “Baselines,” Standards, and Regulatory Domain Dr. Amit Elazari Bar On and Anahit Tarkhanyan
Join live! 3:30 pm - 4:30 pm Learning to Use Logic Analyzers Jonathan Stines
5:00 pm - 5:45 pm IoT Honeypots and Taming Rogue Appliances Kat Fitzgerald @rnbwkat
6:00 pm - 6:45 pm Stepped on a Nail Matthew Byrdwell @TheRealNerdwell

Village Partner


  

IoT Village CFP

We want you to join us at the IoT Village Virtual Event April 23-24, 2021, so submit a talk now!

All talks related to IoT security issues are welcome, with special emphasis on any of the following topics:

  • Internet of Things - Show us how secure (or insecure) IP-enabled embedded systems are. Routers, network storage systems, cameras, HVAC systems, refrigerators, medical devices, smart cars, smart home technology, and TVs. If it is IP enabled, we're interested.

  • Vulnerabilities and Remediation - Show us the what 0-days, exploits, or vulnerabilities you’ve found in an IoT device and then how the security flaw can be fixed. It great to pull off a hack, but how do we fix it going forward.

  • Demonstrable Research - Present attacks that result in mechanical operation of the device's physical functionality. Can you make the device move, smoke, light up, emit sound, manipulate a screen readout, or any other visibly evident manifestation of the exploit?

  • Healthcare & IoT - Demonstrate or discuss how IoT devices are impacting the realm of healthcare, including but not limited to patient health and hospital security. Travel, Hospitality, and IoT - Analyze how IoT is impacting the travel & hospitality industry, guest safety, and the connected hotel room.

  • IoT Device Management – Discuss best practices for deploying and building security into IoT devices.

We encourage coordinated disclosure.

Submit Here


DEADLINE April 2, 2021

Motivation

The so-called Internet of Things (IoT) is undergoing massive adoption. From locks and thermostats to televisions and refrigerators, many devices that have traditionally delivered analog functionality are rapidly gaining Wi-Fi connectivity and connecting to cloud-based, command-and-control centers for remote control and monitoring functionality. Some of these devices are built with security in mind, while others are simply analog devices with communication capabilities slapped on. The security and privacy implications introduced by any security vulnerabilities in these connected devices are tremendous.

To be at the forefront of addressing and minimizing these issues, we organized the first-ever IoT hacking village at DEF CON 23. That was a follow-up to the massively popular SOHOpelessly Broken™ router hacking contest, which debuted at DEF CON 22 and contributed 15 new 0-day discoveries to the research community, we hope to educate participants and the community about security vulnerabilities in these widely deployed devices and, in turn, shift toward better security in the IoT category.

Responsive image

Contests

= CTF Track =

In this 3 time DEF CON Black Badge CTF, players compete against one another by exploiting off-the-shelf IoT devices. These 20+ devices all have known vulnerabilities, but to successfully exploit these devices requires lateral thinking, knowledge of networking, and competency in exploit development. Exploit as many as you can during the con and the top three teams will be rewarded.

CTF Prizes

Prizes generously provided by eLearnSecurity


1st – 1 Full Pentesting Training Path includes 1 Pen Testing Student (PTS) Elite Edition, 1 Pen Testing Professional (PTP) Elite Edition and 1 Pen Testing eXtreme (PTX) Elite Edition (Value = $4100)

2nd Place – 1 Pentesting Training Package to include 1 Pen Testing Student (PTS) Elite Edition and 1 Pen Testing Professional (PTP) Elite Edition (Value = $2100)

3rd Place – 1 Pen Testing Student (PTS) Elite Edition (Value = $500)

DETAILS





Get Connected





[email protected]

Sponsors






We put on multiple events throughout the year, and you can be part of them! We have thousands of attendees and always make a big splash. Focusing on brand exposure, community engagement, press, parties, and thought-leadership, we seek to provide a VIP-sponsorship experience for our partners. Email us at [email protected] to request a sponsorship pack and see how you can get involved.

= Organizer =