Each year I make up a list the week before Blackhat and Def Con of talks that I “can’t miss” and some that I want to see (and use it for video watching afterwards for those I missed). This year I thought I would share that list here. I will be breaking them down by each day of the events by time slot. Any talk I have a :star2: by, is a “Must see” for me.

If you are a blogger as well, I’d love to see other people’s picks. Drop me a link in the comments below or on Facebook/Twitter

BSidesLV

Aug 2 - Tuesday

Unfortunately I’ll have to miss these due to teaching, but these are the ones I would go to if I could.

• 11:45
  • Are you a PenTexter? Open source pentest reporting and automation
    • Any time someone releases a tool that makes reporting easier, I’m in
• 4:00
  • Ingress Egress
    • Ingress (AND POKEMON GO) players should attend this.

Aug 3 - Wednesday

• 10:00
  • Crafting tailored wordlists with Wordsmith
    • Better wordlists are always a plus. Wonder how they factor in companies with multiple offices in multiple states. Could be awesome if you could just input a list of addresses. We’ll see…
• 2:00
  • 🌟 Six Degrees of Domain Admin - Using “BloodHound” to automate Active Directory domain privilege escalation analysis
    • Graph theory applied to derivative admin, what’s not to love?
• 2:30
  • Latest evasion techniques in fileless malware
    • Fileless malware techniques plus new ones
• 3:00
  • Is that a penguin in my Windows?
    • A bunch of talks on Linux on Windows at BlackHat, but I bet Spencer’s at BSidesLV will be the one to see.
• 6:00
  • One compromise to rule them all
    • EmPyre module releases that target ZooKeeper, Marathon, Chronos, Mesos, Docker, and HAProxy

BlackHat

Aug 3 - Wednesday

• 10:20 - 11:10
  • 🌟 HTTP/2 & QUIC - Teaching good protocols to do bad things
    • I’ll be honest, I’ll definitely be attending this one because Vyrus talks and releases cool stuff
  • The Linux kernel hidden inside Windows 10
    • This is another one, Ionescu literally wrote the book(s) on Windows Internals
• 11:30 - 12:20
  • A journey from JNDI/LDAP manipulation to remote code execution dream land
    • If I can get RCE from JNDI/LDAP I’m in, hopefully this isn’t just a review of CVE-2015-4902
• 1:50 - 2:40
  • 🌟 Certificate Bypass: Hiding and executing malware from a digitally signed executable
    • Putting evil stuff in signed binaries without making the certificate check fail. Sweeeeet! Hope they release a tool or at least go into enough detail to make one.
• 3:00 - 3:50
  • Pwning your java messaging with deserialization vulnerabilities
    • Deserialization is the new(ish) hotness, I want to learn more about it.
  • Recover a RSA private key from a TLS session with perfect forward secrecy
    • Wondering if it’s another “in these perfect conditions” SSL talk, or it’s the real deal, what swayed me on this one was the tool release.
• 4:20 - 5:10
  • Account jumping, Post Infection Persistency and Lateral movement in AWS
    • I have only been a user of AWS, not seen access on any tests yet, definitely interested on how to abuse access when/if I do.
  • 🌟 Crippling HTTPS with Unholy PAC
    • I use PAC files a lot, so I’m very curious how these can be manipulated further
  • Captain Hook: Pirating AVs to bypass exploit mitigations
    • Always interested in how to break AVs ;-)
• 5:30 - 6:00
  • Building a product security incident response team: Learning from the hivemind
    • This is a question I thought a lot about, curious on new solutions
  • Unleash the infection monkey: A modern alternative to pen-tests
    • Curious how someone automated me

Aug 4 - Thursday

• 9:00 - 9:25
  • Badtunnel : How do I get big brother power?
    • Morbid curiosity. Go read the abstract, you’ll understand.
• 9:45 - 10:35
  • 🌟 The remote malicious butler did it!
    • Rogue Domain Controllers and kerberos? I’m game. It’s from the Microsoft ATA guys, so might end like an advertisement.
• 11:00 - 11:50
  • 🌟 Cunning with CNG: Soliciting secrets from Schannel
    • Pulling keys out of Windows systems to decrypt TLS/SSL traffic? swweeeeet!!
• 12:10 - 1:00
  • AirBNBware: Short term rentals, long term pwnage
    • I’ve used AirBnB and these thought did cross my mind when the person’s welcome sheet included their WPA password.
  • BadWPAD
    • DNS purchases to get WPAD requests, interested if they have anything new
• 2:30 - 3:20
  • Bad for enterprise: Attacking BYOD enterprise mobile security solutions
    • Release of a tool called “Swizzler” to automate breaking “secure enclave” mobile apps? Swweeet!
• 3:50 - 4:40
  • 🌟 The beast within: Evading Dynamic Malware Analysis using Microsft COM
    • COM object fun? Don’t have to tell me twice

DEF CON

Aug 4 - Thursday

• 12:00
  • Beyond the MCSE: Red Teaming Active Directory
    • This talk is also at BlackHat, only reason I didn’t list it there was because it will probably be a packed room like it was last year.

Aug 5 - Friday

• 10:00
  • 🌟 BSodomizer HD: A mischievous FPGA and HDMI platform for the (m)asses
    • An FPGA based HDMI board that can rewrite displays as the old one did, but also intercept, and record screenshots.
• 11:00
  • Project CITL
    • This is the Underwriters Lab for “Cyber” (but as the abstract says, without any type of certifications or seals of approval)
• 12:00
  • 411: A framework for managing security alerts
    • I know of a lot of firms that have switched to ELK, they gave this talk at “ElastiCON”, here are the slides where they listed a Github 411 project, but it doesn’t seem to be released yet. Hope they do so at Def Con
• 12:30
  • Frontrunning the frontrunners
    • DNS NXDomain response registration of new domains? Who doesn’t love DNS?
  • Cheap tools for hacking heavy trucks
    • I have family members who are truck drivers so this directly impacts their safety.
• 2:00
  • 🌟 Anti-Forensics AF
    • int0x80 talking about anti-forensics techniques.
• 4:00
  • Robot hacks video games: How TASBot exploits consoles with custom controllers
    • They used Nintento R.O.B. to hack consoles. We “Rob"s have to stick together.
• 4:30
  • Mr. Robot Panel
    • This room will be packed. I mainly want to go to ask a question:
    • Do they think they are hurting the hacker community by sensationalizing “FSociety” as a positive influence in the Mr. Robot world? Feel free to comment below or hit me up on Facebook/Twitter one what you think.

Aug 6 - Saturday

• 10:00
  • 🌟 Developing Managed Code Rootkits for Java Runtime Environment
    • I love MCRs and a JRE MCR sounds awesome, especially with all the server-side Java that exists these days
  • I fight for the users, Episode 1 - Attacks against top consumer products
    • Got the inside scoop that there might be some additions/updates to ZackAttack (finally) coming in this talk.
• 11:00
  • Picking Bluetooth Low-Energy locks from a quarter mile away
    • Sounds like a good talk about actually doing things with BLE locks and release of tools. w00tw00t!
• 12:00
  • Bypassing captive portals and limited networks
    • Bypassing portals, I’m down, I just hope it’s not just DNS tunneling
• 13:00
  • 🌟 Six Degrees of Domain Admin - Using “BloodHound” to automate Active Directory domain privilege escalation analysis
    • If you missed the BSidesLV version, here it is again. Graph theory applied to derivative admin, what’s not to love?
  • 🌟 Cunning with CNG: Soliciting secrets from Schannel
    • This talk is also at BlackHat, so if I miss this I can see it here.
    • Pulling keys out of Windows systems to decrypt TLS/SSL traffic? swweeeeet!!
• 14:00
  • Universal Serial aBUSe: Remote physical access attacks
    • A new piece of USB hardware and software? Yes please. Plus, it’s Sensepost.
• 15:00
  • 🌟 Phishing without failure and frustration
    • Always interested in story time with Jay and Larry, but also no matter how many times you send a phishing campaign, there are always new ideas and methods to be learned. Not sure why it’s in the 101 track.
• 17:00
  • Sticky keys to the kingdom: Pre-auth RCE is more common than you think
    • They didn’t mention sticky keys in their abstract but it’s in the title so I’m assuming the tool release has something to do with that. Awesome either way.

Aug 7 - Sunday

• 11:00

  • 🌟 Use their machines against them: Loading code with a copier
    • I’ve use copier and printers for a number of things, but hosting PowerSploit tools via Excel somehow seems really interesting

• 12:00

  • Let’s get physical: Network attacks against physical security systems
    • Attacking physical security systems is still a dark art to me, definitely into learning more about how it’s done.

• 16:30 Closing Ceremonies