|Saturday||10:00||Meet the Keynote|
|11:00||The History and Future of DEFCON and TIPS|
|The Dark Tangent & Jennifer Granick|
|Marc Tobias, Tommie Blackwell & Tobias Bluzmanis|
|13:00||The Wall of Sheep Workshop|
|CedoxX, Riverside & FS|
|Jennifer Wilcox, NSA|
|16:00||Meet the Feds|
|Linton Wells, Jon Iadonisi, Christopher Cleary, Tony Sager, Rich Marshall, Jerry Dixon, Ryan Pittman, Daron Hartvigsen, Barry Grundy, SA Ahmed Saleh|
|17:00||Apps – A Traveler of Both Time and Space
(And What I Learned About Zero-Days and Responsible Disclosure)
|11:00||When You Can’t Remember Your Locker Combination – Workshop and Contest|
|By Deviant Ollam & Christina “Fabulous” Pei|
|13:00||Kids Capture the Packet|
|CodexX and Riverside|
|14:00||Communicating in Code|
|Leigh Hollowell & Chris Lytle|
|15:00||Coding in Scratch|
|16:00||Social Engineer Your Future|
|Chris Hadnagy & Jim O’Gorman|
|18:00||General Awards Session|
Meet the Keynotes
By Steven Levy
WE OWE IT ALL TO THE HACKERS
The same spirit that drives the modern hackers today was the impetus to move digital technology into the mainstream of our lives. Learning about the creativeness and chutzpah of the early hackers–and understanding their implicit advocacy of openness and freedom–puts the tech landscape of today into perspective.
Steven Levy is the senior writer for Wired Magazine and the author of seven books, including Hackers: Heroes of the Computer Revolution, the classic computer history book. He was formerly the chief technology correspondent for Newsweek. Other books include Crypto, , Artificial Life and Insanely Great (the history of the Macintosh computer). His most recent book, In the Plex, is the result of a three year immersion into Google. In its review of the book, the Washington Post called Levy “American’s premier technology journalist.”
The History and Future of DEFCON + Tip
By The Dark Tangent, Founder of DEFCON & Jennifer Granick, Attorney at Zwillinger Genetski
DEFCON first started 19 years ago. Hear the history of DEFCON from the founder, includes stories from DEFCON 1, 5, 13, 19, and 20! The Dark Tangent will also give some safety tips to practice during the event and beyond. Jennifer Granick, a regular DEFCON speaker, will chime in and end DT’s talk with a quick overview on the ethics and laws of hacking, followed by some tips on how to have fun and stay out of trouble.
Jeff Moss, aka The Dark Tangent – Founder of Black Hat and DEFCON, Homeland Security Advisory Council Member Jeff Moss has been a hacker for over twenty years. In 1992, Jeff founded DEFCON, the largest hacker community and gathering in the world. Five years later, he started Black Hat, a series of technical conferences featuring the latest security research. In 2009, Jeff was appointed to the Homeland Security Advisory Council, a group of subject matter experts providing advice to the Secretary. Jeff is also a contributing author to “Stealing the Network,” a series of books combining stories that are fictional with technology that is real, and executive producer of a documentary film about the history of hacking to be released in late 2010.
Jennifer Granick, Attorney at Zwillinger Genetski. Jennifer Stisa Granick is a lawyer working on computer crime and security, electronic surveillance, privacy and copyright cases. Jennifer lives with her twin daughters who already each want their own iPads to play Angry Birds on, a schnoodle dog named Loki and a cat called Mr. Boodles.
By Marc Weber Tobias , Tommie Blackwell & Tobias Bluzmanis
Every lock and security system is designed to prevent unauthorized access. Some are more complicated than others, but all have the ultimate goal of keeping bad guys out for as long as possible. Just how secure locks really are depends on the time it takes to open them, together with the difficulty, required training, and tools. Often, very high security locks can be opened in seconds because of design flaws or problems that can be exploited. Locks and their defeat can be seen as the solution to a puzzle. The trick is to figure out what the “secret” is that will allow the lock to be opened without the right key or combination.
In our presentation, five experts will discuss and participate in demonstrations of how different locks have been analyzed and defeated through the use of imagination, commonly-available items, and an understanding of how things work. The issue for all security professionals is to develop the ability to look at something that appears as perfectly secure, and to figure out why it is not and how it can be easily and quickly opened. That is what we do, and we will try to impart an understanding to attendees of how we think and work our way through often-difficult security problems.
Solving security puzzles can be rewarding, challenging, and fun. Our work has real-world consequences in terms of protecting people, property, and facilities. Developing these skills in young people is so important that the five speakers are deeply involved in the development of a security camp for kids in order to develop the skills required to analyze and solve security problems in the physical and cyber world.
Marc Weber Tobias
Marc is an American investigative attorney and author. His law practice specializes in technical fraud and related investigations. Marc Tobias has conducted or reviewed investigations involving locks, safes, security and locking products and technologies for both public and private clients. Marc also consults with corporations and government agencies with regard to the analysis of locks, alarms and security hardware for bypass capabilities and defective product designs that could lead to breaches in physical security.
Marc Weber Tobias is recognized as one of the foremost security experts in the world and has authored one of the leading references on the subject. He has provided expert testimony in patent infringement lawsuits and defective product litigation with regard to product design and security defects, and in criminal trials. He has written seven books and received five patents.
Marc has analyzed and released numerous security alerts with regard to the security flaws in locks, ranging from high security, state-of-the-art systems that are installed in the White House and the Pentagon to the basic pin tumbler locks that are commonly used around the world. He has been responsible for the disclosure of such security defects as the bypass of tubular locks with ball point pens, the insecurity of gun locks that are relied upon to protect children, many popular consumer security devices, lock bumping in the United States, and most recently the security flaws in one of the most recognized high-security locks in the United States.
As a lock expert he has demonstrated the vulnerabilities of the security products of many lock companies, including Kaba, Kwikset, Medeco, Targus, Master Lock and others. Revealing the security flaws in locks with techniques as simple and effective as lock bumping, Marc Weber Tobias’ work has forced many companies back to the drawing boards.
Tommie Blackwell, Ph.D.
Tommie Blackwell’s served as Senior Vice President of the U. S. Space & Rocket Center from 1991 to 2003. Her responsibilities included program development for U.S. Space Camp and Aviation Challenge programs, development of the Geospatial Training and Application Center, corporate relations, fundraising, and Congressional lobbying. In addition, she was loaned to the White House to develop the international G.L.O.B.E. program (www.globe.gov) and implement the training in various parts of the world. Her expertise and experience spans executive management, program design, exhibit creation, writing (position papers, speeches, articles, editorials, stories), marketing/branding, and fundraising.
Tobias Bluzmanis has been an active locksmith for the past 25 years and has worked with Marc Tobias and Security Labs for six years. He is the co-author of “Open in Thirty Seconds: Cracking one of the most Secure Locks in America, published in 2008. Tobias Bluzmanis is a senior consultant to one of the largest lock and security companies in the world, and has been granted two patents.
The Wall of Sheep Workshop
By CedoxX, Riverside & FS
Over a decade of monitoring the Defcon Network. Brining Security Awareness to the forefront of the industry in a unquie and playful manner. Proving that we all can be sheep at somepoint when we let our gard down. Security awareness and protection is a 24x7x365 habit, it should be taken seriously and practiced in the same manner. The Wall of Sheep is an example of what can happen when user let their guard down, while the WoS does this in a playful and harmless manner, there are more scrupulous characters at defcon that wont be so nice. Connecting to the defcon network “The Worlds Most Hostile Network” is a decision one should not take lightly. The Wall of Sheep was Founded by RiverSide and CedoXx over 10 years ago and continues today as it educated sores of defcon attendees on safe computing practices.
one of the founding members of the Wall of Sheep, and the “Capture the Packet” Game and skills assessment product. Cyber Information Security Professional, Threat analysis expert with over 20 years in the industry.
Speaker at various security conferences and Universities around the world. Author of various articals on APT, hacking trends, the “Insider Threat”, Malware, rootkits and Botnets. Contributor to open source projects and
‘FS’ is a high school student who has been attending Defcon since DC15 and plans to continue attending until he’s dead. Focusing heavily in network security and playing with packets, FS also enjoys coding python, soldiering hardware, and is known to occasionally make a website. FS plans to attend college for a degree in Network Security and wants to pursue a career as a Network security professional, hopefully becoming an > expert.
By Ms. Jennifer Wilcox, National Cryptologic Museum, NSA
Presented by the National Security Agency’s National Cryptologic Museum, learn how to solve a simple cipher message and how to create your own secret ciphers. Then hear about the Germans in WWII thought they had an unbreakable cipher machine called Enigma. Thinking no one could ever understand their secret communications, they used the machine to encrypt thousands of messages. However, the secret had been solved before the war even started. Learn how the mathematicians and cryptanalysts worked 24/7 to break and read those secrets almost as easily as the Germans. A real, working German Enigma machine will be available as well to try your hand at encryption.
Jennifer Wilcox has been the Museum Administrator and Educational Coordinator for the National Security Agency’s National Cryptologic Museum since 1999. She has conducted extensive research in cryptologic history particularly pertaining to the World War II German cipher machine Enigma and the Allies’ ability to solve those messages. Her research has resulted in brochures, articles, presentations and museum exhibits.
For more than a decade, a primary function of Ms. Wilcox’s work has been in creating and presenting a wide variety of educational programs for students visiting the museum as well as presenting briefings to adult audiences. Her research and presentations cover topics including women in American cryptology, Native American code talkers, Civil War signaling, and cryptology in the American Revolution as well as the popular Enigma story.
Ms. Wilcox earned her B.A. in Telecommunication from Michigan State University in 1983. She began her career at the National Security Agency in 1986. Ms. Wilcox first worked in the NSA television center writing and producing educational videos. She followed that with a move to the NSA libraries as an Information Librarian where she honed her research skills. She puts those skills to work in her role as Educational Coordinator at the museum.
By Johnny Long
Johnny Long, best known as the “Google Hacker” will present a course on Google Hacking. He will show how Google’s search engine can be used for research but also how it can be used to dig up sensitive information. Traveling all the way from Uganda, East Africa where he is working with Hackers For Charity (http:// www.hackersforcharity.org), this session promises to be a real treat.
Meet the Feds
By Christopher Cleary, former Cyber Command; Jerry Dixon, former DHS; Jon Iadonashi, former Navy; Rich Marshall, DHS; Tony Sager, NSA; Linton Wells, NDU; Ryan Pittman, CCIU; Daron Hartvigsen, AFOSI; Barry Grundy, TIGTA; SA Ahmed Saleh
Meet federal agents from three letter agencies and beyond. Let’s talk about criminal investigations, intelligence gathering, cyber weapons, war strategy, and more. Come with questions.
Linton Wells II is the Director of the Center for Technology and National Security Policy (CTNSP) at National Defense University (NDU). He also is a Distinguished Research Professor and serves as the University’s Transformation Chair. Prior to coming to NDU he served in the Office of the Secretary of Defense (OSD) from 1991 to 2007, serving last as the Principal Deputy Assistant Secretary of Defense (Networks and Information Integration). In addition, he served as the Acting Assistant Secretary and DoD Chief Information Officer for nearly two years. His other OSD positions included Principal Deputy Assistant Secretary of Defense (Command, Control, Communications and Intelligence-C3I) and Deputy Under Secretary of Defense (Policy Support) in the Office of the Under Secretary of Defense (Policy).
Jon Iadonisi is the founder of White Canvas Group – a company that specializes in cultivating alternative and disruptive strategies. His depth of experience, diversified expertise, and unique operational background has provided a perspective that has enabled him to contribute to solving national security problems. He has spent the past fifteen years using innovative computing technologies coupled with cutting edge scholarship to solve complex problems, some of which later became implemented as new strategies and capabilities for the U.S. Government. He is regularly sought by the Department of Defense, various Intelligence agencies, and members of the US Congress to provide expert opinion and briefings on information age unconventional warfare.
Christopher Cleary is a former Computer Network Operations Planner from US CYBER COMMAND who led an Operaional Planning Team focused on studying “Advanced Persistant Threats” to DoD network. During his tenure at CYBERCOM he was one of the few Officers to lead a forward deployed element suppporting combat operations in the CENTCOM AOR. Mr. Cleary is currently employed by Sparta Inc. opa Cobham Analytic Solutions directing Cyber Strategy and Policy.
Tony Sager is the Chief of the Vulnerability Analysis and Operations (VAO) Group, part of the Information Assurance Directorate at the National Security Agency. The mission of the VAO organization is to identify, characterize, and put into operational context vulnerabilities found in the technology, information, and operations of the DoD and the national security community and to help the community identify countermeasures and solutions.
Richard H.L. Marshall, Esq., a member of the Senior Cryptologic Executive Service (SES) and the Defense Intelligence Senior Executive Service (DISES), is the Director of Global Cyber Security Management at DHS by special arrangement between the DIRNSA and the Secretary of Homeland Security. He is responsible for the direction of the following programs: Software Assurance; Standards and Best Practices; Supply Chain Risk Management; and Cyber Training and Education.
Jerry Dixon currently serves as Director of Analysis for Team Cymru and was the former Director of the National Cyber Security Division (NCSD) & US-CERT, of the Department of Homeland Security. He continues to advise partners on national cyber-security threats, aides organizations in preparing for cyber-attacks, and assists with the development of cyber-security policies for organizations.
Ryan Pittman is currently a Criminal Investigator with the U.S. Army Criminal Investigation Command’s Computer Crime Investigative Unit (CCIU) near Washington, DC. As the Assistant Special Agent in Charge for CCIU’s Digital Forensics & Research Branch, Special Agent Pittman conducts digital forensic examinations on all manner of media and network data, investigating a wide variety of computer-based offenses, with special emphasis on computer and network intrusion incidents.
Special Agent Daron Hartvigsen is currently assigned to Headquarters Air Force Office of Special Investigations (HQ AFOSI) Cyber Investigations and Operations Program Office. SA Hartvigsen and the program team are responsible for organizing, training, equipping and assessing AFOSI Cyber Investigations and Operations program, worldwide. As such, Agent Hartvigsen draws on his 17 years of Federal investigative experience to help ensure that DoD’s premier cyber operators are functioning in a manner that is responsive to our nation’s needs.
Barry J. Grundy serves as the Assistant Special Agent in Charge (ASAC) of the Treasury Inspector General for Tax Administration (TIGTA), Computer Investigative Support (CIS) Program. TIGTA CIS is responsible for conducting digital evidence collection and forensic analysis in support of investigations related to IRS assets, programs and tax administration. Prior to joining the Treasury Department, Grundy worked for the NASA Office of Inspector General, Computer Crimes Division as the Resident Agent in Charge of the Computer Crimes Division’s East Region, responsible for the supervision of criminal investigations related to cyber events at all NASA Centers and facilities east of the Mississippi river. Prior to his federal career, Grundy was employed as a Special Agent for the Ohio Attorney General’s Office, Health Care Fraud Unit, where he was responsible for the computer seizure and forensic media analysis support in addition to maintaining a normal health care fraud case load.
Ahmed Saleh is a Special Agent with the NASA Office of Inspector General, Computer Crimes Division, at the Jet Propulsion Laboratory located in Pasadena, CA. SA Saleh is responsible for conducting cybercrime investigations and has overseen numerous successful domestic and international cases involving computer intrusions, botnets, malware and child exploitation. Before joining NASA in 2010, SA Saleh was a Special Agent for the Air Force Office of Special Investigations. SA Saleh holds a B.S.E Degree in Computer Systems Engineering from Arizona State University and a M.S. Degree in Computer Science from James Madison University.
Apps – A Traveler of Both Time and Space
(And What I Learned About Zero-Days and Responsible Disclosure)
I love apps! In the app world, I can control both time and space.
The world of apps has obvious not thought about security, yet. Here is an import lesson they can learn from a Girl Scout. I’ll show a new class of vulnerabilities I call TimeTraveler.
By controlling time, you can do many things, such as grow pumpkins instantly. This technique enables endless possibilities. I’ll show you how. Wanna play a game? Let’s find some zero-days! (Cuz it’s fun!)
Thank you AT&T, DEFCON, EFF and Lookout!!!!!
CyFi , cofounder of DEFCON Kids
CyFi is a ten-year-old hacker, artist and athlete living in California. She has spoken publicly numerous times, usually at art galleries as a member of “The American Show,” an underground art collective based in San Francisco. CyFi’s first gallery showing was when she was four. Last year she performed at the SF MOMA Museum in San Francisco. DEFCON Kids will be her first public vulnerability disclosure. CyFi’s has had her identity stolen twice. She really likes coffee, but her mom doesn’t let her drink it.
By CyFi , cofounder of DEFCON Kids
Come join your peers for treats and refreshments. Let’s party!
By Joe Grand
This workshop introduces kids to the process and fun of hardware hacking. Similar to Joe’s popular Hardware Hacking Training course for adults, each kid will experiment with a custom circuit board with a goal of defeating the security mechanism. A successful hack will turn the board into the popular memory game Simon. The kids will leave with smiles on their faces and circuit boards around their necks. No prior electronics experience is necessary.
Joe Grand (formerly known as Kingpin) is an electrical engineer, hardware hacker, and proud daddy. He specializes in the invention, design, and licensing of consumer products. He also finds security flaws in hardware devices and educates engineers on how to increase security of their designs. Joe was a co-host of Prototype This on Discovery Channel, an engineering entertainment show that followed the real-life design process of a unique prototype each episode.
When You Can’t Remember Your Locker Combination – Workshop and Contest
By Deviant Ollam & Christina “Fabulous” Pei
We all interact with locks every day of our lives. We use a house key to open the front door, we wrap a chain around the tires of our bike when we park somewhere, and we have to remember the combination to our locker at school in order to get our books each morning.
What if you lost your keys, or your locks, or forget all the numbers in your head? Would you be still able to open your locks then? It might interest you to know that you can! For ages now, specially-trained people have used the skill and knowledge of lockpicking to do just that.
This class will teach you all about how lockpicking works, and you’ll see that many of the locks you trust every day don’t always keep us as secure as we think they do! Participation is limited to 30 kids, as each station will have an assortment of locks, picks, and other tools for hands-on fun.
Deviant Ollam, TOOOL
While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. Every year at DEFCON and ShmooCon Deviant runs the Lockpicking Village, and he has conducted physical security training sessions at Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, CanSecWest, ekoparty, and the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.
Christina “Fabulous” Pei
Christina “Fabulous” Pei is a Chicago-based educator who is actively hacking American education. She works with both students and teachers in several math education initiatives at the University of Chicago and its surrounding neighborhoods . She can also be found teaching kids how to pick locks at Maker Faires, promoting Tinkering School and Beam Camp, speaking and learning at hacker conferences, or building cool projects with high school students.
By Chris Hoff
Have fun learning all about electronics with this easy-to-use, snap-together project board kit. Use easy to identify color coded parts. Projects go together with ease. We will build select projects from over 100 possible designs such as a Space War Alarm, a Musical Motor, and a Fan Detector.
Chris Hoff has 20 years of experience in high-profile global roles in network and information security architecture, engineering, operations, product management and marketing with a passion for virtualization and all things Cloud.
Hoff is currently Director of Cloud & Virtualization Solutions of the Security Technology Business Unit at Cisco Systems where he focuses on virtualization and cloud computing security, spending most of his time interacting with global enterprises and service providers, governments, and the defense and intelligence communities.
Previously, he was Unisys Corporation’s Chief Security Architect, served as Crossbeam Systems’ chief security strategist, was the CISO and director of enterprise security at a $25 billion financial services company and was founder/CTO of a national security consultancy amongst other startup endeavors.
Hoff is regularly interviewed by analysts, media and the press, is a featured guest on numerous podcasts and has keynoted and presented at numerous high-profile security conferences including Black Hat, DefCon, Microsoft’s Bluehat, RSA, Gov2.0, FIRST, Glue, Source, SecTor, and Troopers.
Hoff is a founding member and technical adviser to the Cloud Security Alliance, founder of the CloudAudit project and HacKid conference and blogs at http://www.rationalsurvivability.com/blog. You can also get his firehose Twitter timeline by following @beaker.
Hoff is a CISSP, CISA, CISM and NSA IAM. He was twice nominated as the Information Security Executive of the Year and won the Security 7 award in Financial Services in 2005. Hoff is a 2010 Microsoft MVP (Security) and a 2010 VMware vExpert.
Kids Capture the Packet
By CedoxX and Riverside
The Ultimate live Network Foresenic Challenge! Monitor the network, look for clues, analize Real time traffic, monitor, assemble and inspect Packets that contain clues, use these clues to solve puzzles, score points, compete against the best of the best in traffic and packet analysis and prove you are the “CTP” winner.
Communicating in Code
By Leigh Hollowell & Chris Lytle
Cryptography is the art and science of making and breaking secret codes and ciphers. Learn about the history of cryptography, practice it for yourself, and make your very own secret cipher! There will be prizes! Please note, kids will get more from this session if they have basic reading and writing skills.
Coding in Scratch
By Chris Hoff
Scratch is a programming language that makes it easy to create your own interactive stories, animations, games, music, and art — and share your creations on the web.
As young people create and share Scratch projects, they learn important mathematical and computational ideas, while also learning to think creatively, reason systematically, and work collaboratively. We’re going to learn Scratch together! Your child would benefit from being able to read/write for this course.
Social Engineer Your Future
By Chris Hadnagy & Jim O’Gorman
Whether you know it or not, you use social engineering every day. From interacting with everyone from your friends to your family, aspects of social engineering come into play. But what is social engineering? How can you put it to use for you in a positive, and ethical, manner? And most importantly, how can you use it to win this year’s Social-Engineer.Org Kids SE CTF at Defcon 19? Two of the team members from Social-Engineer.Org will present you with an entry level 60 minute session meant to launch you into the world of social engineering, showing you what you need to know to put it to use for you, and protect yourself from malicious social engineering attempts.
When struck by lightning Chris Hadnagy was transformed into loganWHD and infused with the power of social engineering and the ability to identify the weak point in any physical security system. Countering the natural instinct to use his powers for self gain, Chris has spent his time teaching others in the lost arts of many security topics and spreading knowledge through articles published in local, national, and international magazines and journals. Hidden amoung normal mortals as the operations manager of Offensive Security Chris currently lives a hidden life as the lead developer of Social-Engineer.Org and is the author of the book “Social Engineering:The Art of Human Hacking”. If you are in trouble, and no one else can help, perhaps you can contact Chris online at www.social-engineer.org or twitter at @humanhacker.
Jim O’Gorman, aka Elwood, comes from an alternative timeline to help protect this world from the hidden threat of the Ko-Dan Armada. He does this with the assistance of his trusty guide Centauri in getting paid to conduct simulated attacks against Earth based companies. Additionally, he has joined forces with “The Great Evil One” to help instruct the Offensive Security course “Advanced Windows Exploitation”. Jim is also a founding member of the Social-Engineer.org site that helps to protect Earth against Xur’s constant attempts to take over the planet through more subversive means. However, even Jim has fallen victim to “The Great Rylos Virus” and as such can be found on twitter at @_Elwood_.
By CyFi , cofounder of DEFCON Kids
Come join your peers for treats and refreshments. Let’s party!
General Awards Session
Join all DEFCON attendees in the main DEFCON area for the annual awards ceremony.