DEF CON 31

August 10-13, 2023

Caesars Forum
Las Vegas, Nevada

CTF

In this four-time black badge CTF, participants compete against one another as teams (or alone!) by exploiting a network of off-the-shelf IoT devices. These devices all have known vulnerabilities, but to successfully exploit these devices requires knowledge of networking and competency in exploit development. The IoT Village CTF is a great experience to learn more about security and test your skills to compete for fun and prizes. Exploit as many devices as possible during the event and the top three teams will be rewarded.

Labs

The IoT Village Hacking Playground is a set of hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices in just a few minutes. Whether you're a penetration tester that has never hacked IoT devices, or even someone that has never hacked anything, these self-guided labs will introduce the audience to the world of IoT and the security issues that can plague these devices. Work at your own pace following our IoT Hacking guides and if you get stuck, our instructors are on hand to provide assistance and answer any questions.


Sponsors

TCM Security

Join official prize sponsor TCM Security on site at DEF CON for a chance to win training courses in our CTF and raffles.

Learn More

GE Appliances

GE Appliances Hardware Hacking Your Kitchen gives you the opportunity to live hack into some of the most popular home kitchen devices, right in the IoT Village!

Learn More

Cybir

Critical Infrastructure & IoT Exploitation

Join the CYBIR team for hands-on content and labs exploiting critical IoT and network infrastructure. Participate in initial public disclosure of new vulnerabilities with our team of experts, explore the 0-day development process, and power up your reverse engineering skills by "living off the land" like a pro using simple, free tools!

Want to hack an Emergency Alert System unit, extract network traffic from recycled phone systems & routers, or exploit security controls in firewalls & proxies?

Bring a laptop, your favorite intercepting proxy, and a *lot* of caffeine.

Learn More

Phosphorus

Secure or Surrender: Take Control of Your xIoT with Phosphorus at DefCon 31

Don your white coat, and step into the Mobile xIoT Security Lab at IoT Village during DefCon 31 for a hands-on experience allowing you to Find, Fix, and Monitor an array of IoT, OT, IIoT, and IoMT devices. Brace yourself for the thrill of controlling real-world devices with known CVEs and safely automating fixes.

Accompanied by our expert guide, witness live hacking demonstrations showcasing the alarming simplicity behind breaching and controlling banned xIoT devices. And for the cherry on top, be among the first 100 attendees to receive an exclusive, limited edition "Secure Your Things" T-shirt as a token of our appreciation.

Embrace the excitement. Join us at the Lab and let the hacking games begin!

Learn More

Keysight Technologies

The IoT Kill Zone - Bluetooth Hacking by Keysight. Hands-on exercises by Keysight Technologies provide insights into powerful Bluetooth, WiFi, and IoT Security Assessment tools to unleash your hacking potential. Talk with security researchers on Bluetooth, WiFi, and 5G research; learn about firmware analysis and fuzzing. Walk away knowing the tools and lab equipment you need to perform IoT research.

Learn More

Rapid7

IoT Village Hardware Hacking Exercises 2023- From Memory Manipulation to Root Access

Rapid7 is back with more hands-on hardware hacking exercises at this year's Defcon IoT Village. In this year's exercises, we will be guiding the attendees through another multistep process to gain root access to a targeted IoT device via UART by first extracting the firmware to gain access to the root password and identifying memory offsets that allow attendees to alter U-Boot running memory to disable filters blocking needed changes to device boot environment variables. This series of exercises will cover steps including U-boot interaction, firmware extraction process, altering memory style attack, binwalk to extract cramfs filesystem, hexedit to identify memory offsets, and cracking of extracted password hashes.

Learn More

Protiviti

Embedded Device Security Workshops

Protiviti will provide two hands-on workshops showcasing common security vulnerabilities present in IoT/OT devices. These workshops will give you an opportunity to use a variety of device hacking tools and techniques to attack multiple components at varying layers of the stack, enabling a deeper understanding of device security.

Learn More

Gray Hat Academy

Perform Memory Extraction, Emulation and Shellcode with Gray Hat Academy

Want to put your MIPS shellcode skills to the test for a chance to win a prize? Come join us at the Gray Hat Academy table to get a free taste of our hands-on training labs! Learn to dump flash from our custom-built PCB that we use to teach our Hardware Hacking Workshop. Hone your dynamic analysis skills and exploit a WPS pin generation algorithm used in a popular Real Time Operating System.

Learn More

Confidential Computing Consortium

The Confidential Computing Consortium (CCC) brings together hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards.

CCC is a project community at the Linux Foundation dedicated to defining and accelerating the adoption of confidential computing. It will embody open governance and open collaboration that has aided the success of similarly ambitious efforts. The effort includes commitments from numerous member organizations and contributions from several open source projects.

Learn More

TryHackMe

Get ready to dive into the world of cyber security with TryHackMe!

Get ready to dive into the world of cyber security with TryHackMe! Serving as the training ground for millions of enthusiasts and hundreds of businesses, we've got the tools to upgrade your cyber security skills. Say goodbye to dull lectures and hello to accessible, hands-on tasks. Our interactive platform simplifies even the most complex of concepts, turning cyber-newbies into total pros. With each interactive, gamified lesson, you’ll untangle real-world vulnerabilities and strategies, strengthening the cyber fortress one step at a time. TryHackMe is the official prize sponsor of the IoT Village labs.

Learn More

Microsoft

IoT Firmware Analysis from Microsoft now in Public Preview! Microsoft is the official device sponsor of the IoT Village labs.

Learn how Microsoft Defender for IoT's firmware analysis helps device builders to market and deploy highly secure IoT/OT devices.

Learn More