DC32 Schedule
Note All listed times are Las Vegas local time, PDT/UTC-7
Village Hours
| Day | Times |
|---|---|
| Thursday, Aug 8 | Setup (Closed to Public) |
| Friday, Aug 9 | 10:00 - 18:00 |
| Saturday, Aug 10 | 10:00 - 18:00 |
| Sunday, Aug 11 | 10:00 - 13:00 |
The village will be located in the Las Vegas Convention Center - venue map here
Events Schedule
| Event | Times |
|---|---|
| Prizes for all events announced | Saturday Aug 10, 16:00 |
RoboSumo will be available to play and test code during all open hours. Competition will be Saturday at 13:00 for as long as it takes to run a bracket.
HHV Rube Goldberg Machine will be running during all open hours. Come by and bring some text to print! Modules will be allowed to be added and removed all open hours as well. Those that want to be involved in the judging will need to have had their module inline before Saturday at 16:00 when prizes will be announced.
HHV Capture The Flag (CTF) is back in person and will be running during all open hours. More details to follow!
Talk/Workshop Schedule
| Time | Location | Talk/Workshop |
|---|---|---|
| Friday, August 9th, 11:30-12:20 | Creator Stage 1 | Talk - Custom, Cheap, Easy, And Safe Badges - Without Starting From Scratch - securelyfitz |
| Saturday, August 10th, 12:30-13:20 | Creator Stage 1 | Talk - The Wild And Wonderful World Of Early Microprocessors With A Focus On The 6502 - Michael Brown |
| Saturday, August 10th, 13:30-14:20 | Creator Stage 1 | CANCELED |
| Sunday, August 11th, 10:00-11:20 | Creator Stage 1 | Talk - Taking Off The Blindfold: Detecting Persistent Threats On Draytek Edge Devices - Octavio Gianatiempo, Gastón Aznarez |
Talk/Workshop Details
Custom, Cheap, Easy, And Safe Badges - Without Starting From Scratch
securelyfitz
Abstract
Electronic conference badges are cool and everything, but they’re A LOT of time, money, and effort including but not limited to hardware, software and art design, testing, manufacturing, testing, provisioning, and repairing.
I’ll share OpenTaxus, a relatively simple, cheap, mass-producible, and open-source badge design. We’ll start out by looking at and understanding the design and implementation, highlighting the areas worth customizing (and which to leave as-s). I’ll do a walkthrough of a few changes to customize the design - in KiCAD for hardware changes, and in CircuitPython for software changes.
We’ll wrap up with some discussion of how to handle cost reduction to fit in a certain budget, manage badge logistics for events of different sizes, and warn about some of the many pitfalls that electronic badges suffer. You should walk away with the ability to customize a badge to be mass produced for your own event.
Bio
Joe FitzPatrick (@securelyfitz) is an Instructor and Researcher at SecuringHardware.com. Joe started his career working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He founded SecuringHardware.com and has spent decades developing and leading hardware security-related training, instructing hundreds of security researchers, pen-testers, hardware validators worldwide. When not teaching classes on applied physical attacks, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.
The Wild And Wonderful World Of Early Microprocessors With A Focus On The 6502
Michael Brown
Abstract
Today everyone’s computers either run an Intel, AMD, or ARM processor. And most don’t even know what particular one they have. I know I don’t.
But back in the 70s and 80s, computer hobbyists knew they had a Z80 or a 6502 or 6809 or 68000 or other processor, and there was a much wider range of processors that existed in a wide range of systems.
So this will be a lesson in microprocessor history of the 8-bit and early 16-bit systems, with a particular focus on the 6502. We will delve into what made these systems what they are, and we will delve into how people can get into working with 8-bit microprocessors once again with resources for knowledge and systems.
We will have a couple of these on hand as well.
Bio
information security professional and leader with years of experience in IT and information security/cybersecurity. While a security consultant advisor, he worked with clients in the healthcare, financial, manufacturing, and other sectors to assess their security programs and work with them to improve and mature their security posture. He is now Security and Compliance Director for FRG Systems, ensuring their HITRUST and SOC compliance. He is experienced with a variety of security regulations, frameworks, and standards. A seasoned speaker and presenter, he has presented at SFISSA, BSides Tampa, St Pete, and Orlando, HackMiamiCon, and ISSA International. He is an ISSA Fellow and Secretary and past president of the South Florida Chapter of ISSA and is a member of ISACA, ISC2, Infragard, and IAPP. My first video game system was the Atari 2600, my first computer was an Atari 800XL, and second was an Atari 1040STfm. Which I still have.
All Your Keyboards Are Belong To Us!
Federico Lucifredi
Abstract
This is a live tutorial of hacking against keyboards of all forms. Attacking the keyboard is the ultimate strategy to hijack a session before it is encrypted, capturing plaintext at the source and (often) in much simpler ways than those required to attack network protocols.
In this session we explore available attack vectors against traditional keyboards, starting with plain old keyloggers. We then advance to “Van Eck Phreaking” style attacks against individual keystroke emanations as well as RF wireless connections, and we finally graduate to the new hotness: acoustic attacks by eavesdropping on the sound of you typing!
Use your newfound knowledge for good, with great power comes great responsibility!
A subset of signal leak attacks focusing on keyboards. This talk is compiled with open sources, no classified material will be discussed.
Bio
Federico Lucifredi is the Product Management Director for Ceph Storage at IBM and Red Hat and a co-author of O’Reilly’s “Peccary Book” on AWS System Administration. Previously, he was the Ubuntu Server product manager at Canonical, where he oversaw a broad portfolio and the rise of Ubuntu Server to the rank of most popular OS on Amazon AWS. A software engineer-turned-manager at the Novell corporation, he was part of the SUSE Linux team, overseeing the update lifecycle and delivery stack of a $150 million maintenance business. A CIO and a network software architect at advanced technology and embedded Linux startups, Federico was also a lecturer for over 200 students in Boston University’s graduate and undergraduate programs, and simultaneously a consultant for MIT implementing fluid-dynamics simulations in Java.
Taking Off The Blindfold: Detecting Persistent Threats On Draytek Edge Devices
Octavio Gianatiempo, Gastón Aznarez
Abstract
Advanced attackers are increasingly choosing edge devices as targets, many of which are security appliances such as VPNs and Firewalls. They run closed-source firmware, and defenders and researchers must understand it to assess its security and integrity. We faced this firsthand when a client that used Draytek equipment was compromised. With at least 500k Draytek routers exposed to the Internet globally, no working tools exist to extract their firmware and assist researchers and defenders working with them. We reverse-engineered Draytek’s firmware format, developed tools to extract it, and discovered that its RTOS kernel can load code modules dynamically. These stored modules remain active even after firmware upgrades, inadvertently facilitating persistent threats. We crafted and uploaded malicious modules using our tools and newly found vulnerabilities to achieve persistence. End-users lack straightforward means to detect such compromises. In response to this threat, we developed our own module to assess the integrity of other modules loaded in memory, mitigating its impact. In our pursuit of a more secure internet, we are sharing our knowledge and opening our tools to the community, enabling observability, hardening, transparency, and vulnerability research on Draytek edge devices.
Bio
Octavio Gianatiempo is a Security Researcher at Faraday and a Computer Science student at the University of Buenos Aires. He’s also a biologist with research experience in molecular biology and neuroscience. The necessity of analyzing complex biological data was his point of entry into programming. However, he wanted to gain a deeper understanding of how computers work, so he enrolled in Computer Science. As a Security Researcher at Faraday, he focuses on vulnerability research on IoT and embedded devices and fuzzing open and closed-source software to find new vulnerabilities and exploit them. He has presented his findings at various conferences, including DEFCON, Ekoparty, 8.8, and Nerdearla.
Gastón Aznarez is a computer enthusiast who is passionate about cybersecurity. He earned a degree in Computer Science and began working in malware detection in firmware. He currently works as a Security Researcher at Faraday, specializing in discovering and exploiting vulnerabilities in IoT and embedded devices. Gastón also participates in CTF competitions and has shared his expertise as a speaker at different conferences.