DEF CON 33

August 7-10, 2025 · Las Vegas, NV · 99 talks

The world's largest underground hacking conference. 99 main stage talks spanning hardware exploitation, web security, AI attacks, nation-state TTPs, and everything in between. Every talk includes slides from media.defcon.org.

→ See editor’s top picks at DEF CON 33

• DisguiseDelimit: Exploiting Synology NAS with Delimiters and Novel Tricks — Ryan Emmon

  Ryan Emmons, a staff security researcher at Rapid7, delivered this talk to chronicle his zero-day research into Synology network-attached storage (NAS) devices and the $40,000 prize it earned him at t

• Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen — Marek Tóth

  Browser extensions occupy a uniquely dangerous position in the web security ecosystem. They run with elevated privileges, can observe and modify web content across every tab, and are trusted by defaul

• Can't Stop the ROP: Automating Universal ASLR Bypasses — Bramwell Brizendine

  Address Space Layout Randomization (ASLR) has long been hailed as one of the most consequential mitigations Microsoft has deployed against memory corruption exploits on Windows. By randomizing the bas

• Breakin 'Em All – Overcoming Pokemon Go's Anti Cheat Mechanism — Tal Skverer

  Pokémon Go launched in July 2016 and immediately became a global phenomenon, blending augmented reality with a location-based game mechanic that required players to physically move through the world.

• BitUnlocker: Leverage Windows Recovery to Extract BitLocker Secrets — Alon Leviev, Netanel Ben Simon

  BitLocker is Microsoft's flagship full-disk encryption feature, and for years it has been the frontline defense against physical theft attacks — the scenario where an adversary steals your laptop and

• Gateways to Chaos - How We Proved Modems Are a Ticking Time Bomb — Chiao-Lin Yu

  Home modems and residential gateways occupy a uniquely dangerous position in modern network architecture: they sit entirely outside the security perimeter that organizations and consumers meticulously

• New Red Team Networking Techniques for Initial Access and Evasion — Shu-Hao Tung

  In this DEF CON 33 talk, red team researcher Shu-Hao Tung from Taiwan presents a suite of novel network-layer attack techniques that challenge common assumptions about corporate perimeter security. Th

• Ghost Calls - Abusing Web Conferencing for Covert Command & Control — Adam Crosser

  Command and control (C2) infrastructure is the nervous system of an adversary operation. Once a foothold is established on a target environment, attackers need a reliable, stealthy channel to issue co

• Carding, Sabotage & Survival: A Darknet Market Veteran's Story — Godman666

  In a candid and often harrowing first-time DEF CON talk, the speaker known as Godman666 delivered an unfiltered, first-person account of over 15 years in the underground economy — spanning carding, da

• Building a Malware Museum — Mikko Hypponen

  Mikko Hypponen's DEF CON 33 keynote is equal parts cultural manifesto and preservation call-to-arms. The longtime Chief Research Officer at WithSecure argues that the security community is the only gr

• 7 Vulns in 7 Days - Breaking Bloatware Faster Than It's Built — Leon Jacobs

  Leon Jacobs, a security researcher from Orange Cyber Defense's Sense Post team, spent a portion of his summer holiday noticing something odd: an ASUS DriverHub utility installed silently on his gaming

• Recording PCAPs from Stingrays With a $20 Hotspot — Cooper Quintin, oopsbagel

  Cell-site simulators — commonly known as Stingrays, IMSI catchers, or IMEI grabbers — are surveillance devices used by law enforcement agencies worldwide to track and intercept mobile devices. Despite

• Help! Linux in my Webcam! — Mickey Shkatov, Jesse Michael

  Most people think of a webcam as a simple optical sensor with a USB cable. Plug it in, the operating system loads a driver, and a video stream appears. The security model, implicitly, is that the webc

• Breaking Wi-Fi Easy Connect: A Security Analysis of DPP — George Chatzisofroniou

  Wi-Fi has a long history of protocols that trade security for convenience and then regret it. WPS — Wi-Fi Protected Setup — was designed to simplify device onboarding onto wireless networks using shor

• Turning your Active Directory into the attacker's C2 — Quentin Roland, Wilfried Bécard

  Group Policy Objects (GPOs) are one of the most powerful — and most underappreciated — attack surfaces in Active Directory environments. At DEF CON 33, penetration testers Quentin Roland and Wilfried

• Exploiting Vulns in EV Charging Comms — Jan Berens, Marcell Szakály, Sebastian Köhler

  Electric vehicle charging infrastructure runs on a stack of aging, largely unpatched hardware. The data link that negotiates charging sessions between a car and a DC fast charger uses Power Line Commu

• Journey to the center of PSTN - I became a phone company — Enzo Damato

  Enzo Damato's DEF CON 33 talk is a tour-de-force walkthrough of the Public Switched Telephone Network (PSTN) from the inside—not from the perspective of a hacker probing someone else's infrastructure,

• Amber64 - Mining Hacker History from Over 500k Commodore 64 Disks — Wesley McGrew

  Forty years ago, teenagers with Commodore 64 computers were dialing into bulletin board systems with stolen calling card codes, trading pirated software with groups operating across international bord

• Win-DoS Epidemic - Abusing RPC for Win-DoS & Win-DDoS — Or Yair, Shahak Morag

  Or Yair and Shahak Morag from SafeBreach presented a comprehensive study of Denial of Service (DoS) vulnerabilities in Windows, centered on the abuse of Remote Procedure Call (RPC) interfaces. Their r

• ReVault! Compromised by your Secure SoC — Philippe Laulheret

  Philippe Laulheret, a senior vulnerability researcher at Cisco Talos, presents a comprehensive attack chain against Dell's ControlVault 3 — a dedicated security System-on-Chip (SoC) found in over 100

• How to secure unique ecosystem shipping 1 billion+ cores? — Adam Zabrocki, Marko Mitic

  Adam Zabrocki and Marko Mitic, both from NVIDIA's offensive security team, present a rare and candid look inside how one of the world's largest silicon and AI platform companies approaches security ac

• LLM Identifies Info Stealer Vector & Extracts IoCs — Olivier Bilodeau, Estelle Ruellan

  Information stealers are among the most damaging commodity malware families in circulation today. They silently harvest credentials, cryptocurrency wallets, and any other extractable data from infecte

• AutoDetection & Exploitation of DOM Clobbering Vuln at Scale — Zhengyu Liu, Jianjia Yu

  DOM Clobbering is a class of web vulnerability that has existed since browser developers decided that HTML elements with `id` or `name` attributes should be accessible as properties on the global `win

• Playing Dirty w/o Cheating - Getting Banned for Fun — Sam Collins, Marius Muench, Tom Chothia

  Modern anti-cheat systems are some of the most sophisticated rootkits deployed at consumer scale. They run at kernel level, intercept system calls, monitor loaded drivers, and in some cases enforce in

• One Key, Two Key, I Just Stole Your goTenna Key — Erwin Karincic, Dale Wooden

  When traditional communications infrastructure fails during disasters, first responders and emergency personnel turn to off-grid mesh radio networks like those provided by goTenna. These devices form

• Metal-as-a-Disservice: Exploiting Legacy Flaws in Cutting Edge Clouds — Bill Demirkapi

  The rise of GPU-focused cloud providers has created a new class of infrastructure security problems. Unlike established hyperscalers such as AWS, Azure, and Google Cloud — which have invested more tha

• AppleStorm - Unmasking the Privacy Risks of Apple Intelligence — Yoav Magid

  AppleStorm is a research project by Yoav Magid that investigates the privacy implications of Apple Intelligence—Apple's on-device and cloud AI platform launched in late 2024. The research was sparked

• 'We are currently clean on OPSEC' - The Signalgate Saga — Micah Lee

  In March 2025, the world witnessed what security researcher Micah Lee described as "unbelievable incompetence from the highest levels of the Trump administration" — the Signalgate scandal. The inciden

• The Ghost of Internet Explorer in Windows — George Hughey, Rohit Mothe

  George Hughey and Rohit Mothe from Microsoft's Security Response Center (MSRC) delivered a deep technical examination of how Internet Explorer's security zone model — code written in the 1990s — conti

• Turning Microsoft's Login Page into our Phishing Infrastructure — Keanu Nys

  Keanu Nys presents a class of abuse techniques that weaponize legitimate Microsoft authentication infrastructure — specifically Microsoft's own login pages and identity services — to conduct convincin

• Making a custom Hashcat module to solve a decade-old puzzle challenge — Joseph Gabay

  About ten years ago, an anonymous person posted a puzzle challenge to the internet. The prize: one Bitcoin, locked in a "brain wallet." To claim it, a solver would need to work through 20 cryptographi

• Mastering Apple Endpoint Security for Advanced macOS Malware Detection — Patrick Wardle

  Apple's Endpoint Security framework (ESF) is the official, Apple-sanctioned mechanism for building security products on macOS. It replaced the deprecated kext-based approach and is the foundation upon

• Invoking Gemini Agents with a Google Calendar Invite — Ben Nassi, Or Yair, Stav Cohen

  A team of three researchers — Ben Nassi (Black Hat board member and Tel Aviv University faculty), Or Yair (security research team leader at SafeBreach), and Stav Cohen (Technion PhD student) — present

• The UnRightful Heir - My dMSA Is Your New Domain Admin — Yuval Gordon

  Yuval Gordon, a security researcher at Akamai Technologies, presented a critical vulnerability in Windows Server's newest identity feature: Delegated Managed Service Accounts (dMSA). Introduced by Mic

• Infecting the Boot to Own the Kernel — Alejandro Vazquez, Maria San Jose

  Bootkits and rootkits represent some of the most powerful and most feared categories of malware. They persist below the operating system, survive reinstallation, and can subvert every security control

• TSPU: Russia's Firewall and Defending Against Digital Repression — Benjamin Mixon-Baca

  Benjamin Mixon-Baca delivered a deeply technical dissection of Russia's TSPU (Tekhnicheskoe Sredstvo Protivodeystviya Ugrozam, or Technical Means to Counter Threats) — the in-path deep packet inspecti

• Unveiling the Perils of the TorchScript Engine in PyTorch — Ji'an Zhou, Lishuo Song

  This DEF CON 33 talk—titled in full "Safe Harbor or Hostile Waters: Unveiling the Hidden Perils of the TorchScript Engine in PyTorch"—presents a systematic security analysis of PyTorch's TorchScript e

• Preventing One of The Largest Supply-Chain Attacks in History — Maksim Shudrak

  Security researcher Maksim Shudrak delivered one of DEF CON 33's most concrete supply-chain attack analyses by doing something no prior researcher had done at scale: he actually claimed 5,155 abandone

• Building the first open source hackable Quantum Sensor — Mark Carney, Victoria Kumaran

  Mark Carney and Victoria Kumaran, co-founders and co-organizers of Quantum Village at DEF CON, presented "Diamonds Are For Hackers" — a talk about building the world's first fully open source, hackabl

• Automated Unpacking & Deobfuscation of Nested VM-Based Protectors — Agostino Panico

  Agostino Panico (known as "Vanish") presents VM Dragon Slayer — an open-source framework for automatically defeating virtualization-based obfuscation (VBO) protectors, including multiple nested layers

• SCCM: The tree that always bears bad fruits — Mehdi Elyassa

  Microsoft Configuration Manager — still widely known in the industry as SCCM (System Center Configuration Manager) — is one of the most privileged and most abused systems in enterprise Windows environ

• Rebadged, Relabeled, Rooted: Pwnage via Solar Supply Chain — Anthony Rose, Jake Krasnov

  Solar energy infrastructure is expanding rapidly across residential, commercial, and utility scales — but its supply chain is riddled with security problems that most buyers never think to ask about.

• Emulating Embedded Linux Devices at Scale w LightTouch Firmware Rehosting — Sigusr Polke

  Vulnerability research on embedded Linux devices — the routers, access points, and network appliances that constitute much of the internet's physical layer — has historically required either physical

• Bypassing Intent Destination Checks, LaunchAnyWhere Privilege Escalation — Qidan He

  LaunchAnyWhere is one of Android's most consequential historical vulnerability classes: an unprivileged application leveraging a privileged bridge to invoke protected or unexported activities on its b

• Stories from a Tor dev — Roger Dingledine

  Roger Dingledine co-created the Tor anonymity network over two decades ago, and at DEF CON 33 he delivered something rare in security conference talks: a frank, first-person narrative of what it actua

• Unmasking the Snitch Puck: IoT surveillance tech in the school bathroom — Reynaldo, nyx

  Two researchers — one a recent high school graduate, one an experienced hardware hacker — conducted a comprehensive teardown and security audit of the Halo 3C, an IoT surveillance device manufactured

• Mac PRT Cookie Theft & Entra ID Persistence — Shang-De Jiang, Dong-Yi Ye, Tung-lin Lee

  This DEF CON 33 talk—titled in full "Original Sin of SSO: macOS PRT Cookie Theft & Entra ID Persistence via Device Forgery"—presents a novel attack chain against Microsoft Entra ID (formerly Azure Act

• Finding and Exploiting Kernel Vulnerabilities in the eBPF Subsystem — Agostino Panico

  > **Editor's Note:** This talk attracted substantial post-conference scrutiny. In late September 2025, Alexander Peslyak (Solar Designer) published a thread on the Openwall oss-security mailing list r

• HTTP 1.1 Must Die! The Desync Endgame — James Kettle

  James Kettle's fourth annual DEF CON session on HTTP desync attacks represents both the culmination of a multi-year research program and a sobering conclusion: the attack class has not been resolved,

• Pre-Auth RCE, Arbitrary SMS & Adjacent Attacks on 5G and 4G/LTE Routers — Edward Warren

  Edward Warren, a senior cybersecurity analyst who conducted this research while working at a security operations center, presents a series of vulnerabilities in Tuoshi and Cufi branded 5G and 4G/LTE m

• CTRAPS-CTAP Impersonation, API Confusion Attacks on FIDO2 — Marco Casagrande, Daniele Antonioli

  FIDO2 is the current gold standard for phishing-resistant multi-factor and passwordless authentication, deployed by major platform vendors and recommended by CISA, NIST, and enterprise security guidan

• Client or Server? Hidden Sword of Damocles in Kafka — Ji'an Zhou, Ying Zhu, ZiYang Li

  Apache Kafka is the backbone of modern data-intensive architectures. Deployed by thousands of enterprises for real-time data pipelines, event streaming, and critical application integration, a single

• Siriously Leaky: Exploring Overlooked Attack Surfaces in Apple's Ecosystem — Richard Im

  Apple's iOS security model rests on a layered architecture combining hardware-backed authentication, process isolation via XPC, and tightly scoped permission frameworks. The implicit promise to users

• Passkeys Pwned: Turning WebAuthn Against Itself — Shourya Pratap Singh, Jonny Lin, Daniel Seetoh

  Passkeys are widely positioned as the successor to passwords — phishing-resistant, cryptographically bound to origins, and immune to replay attacks. Google, Apple, Microsoft, and major enterprise plat

• China's 5+ year campaign to penetrate perimeter network defenses — Andrew Brandt

  For more than five years, a collection of threat actors affiliated with the Chinese state systematically identified, weaponized, and exploited vulnerabilities in enterprise perimeter network devices —

• Cyber Volunteering & Community Defense 1 yr in - DC Franklin — Sarah Powazek, Jake Braun, Adrien Ogee

  Most DEF CON talks center on offensive techniques, novel vulnerabilities, or adversary tradecraft. This one is different. At DEF CON 33, Sarah Powazek, Jake Braun, and Adrien Ogee presented a frank on

• Cash, Drugs, and Guns - Why Your Safes Aren't Safe — Mark Omo, James Rowley

  Mark Omo and James Rowley spent two years reverse-engineering electronic safe locks—primarily the SecuRAM lock series used by Liberty Safe and other major safe manufacturers—and found a systematic set

• Exploiting Security Side Channels in E2E Encrypted Messengers — Gabriel Gegenhuber, Maximilian Günther

  End-to-end encryption (E2EE) is the centerpiece of modern secure messaging. Signal, WhatsApp, and similar applications are built on the premise that even the platform operator cannot read user message

• Not Just a Pipeline Leak: Reconstructing Real Attack Behind tj-actions — Aviad Hahami

  On March 14, 2025, an attacker compromised the popular GitHub Actions repository `tj-actions/changed-files` and injected code that printed CI runner secrets to job logs. The widely reported story was

• Remote code execution via MIDI messages — Anna Antonenko

  Anna Antonenko — a firmware developer at Flipper Devices who describes herself as a "decent forward engineer but not a great reverse engineer" — presents the discovery of what she characterizes as a b

• Kill Chain Reloaded: Abuse legacy paths for stealth persistence — Alejandro Hernando, Borja Martinez

  Modern Windows security — Secure Boot, Virtualization-Based Security (VBS), Credential Guard, Hypervisor-Protected Code Integrity (HVCI), and kernel-level EDR telemetry — has raised the bar for mainta

• Conjuring Hardware Failures for Cross-ring Privilege Escalation — Christopher Domas

  Machine Check Exceptions (MCEs) are among the most catastrophic events an x86 processor can experience: they signal that hardware — the CPU itself, memory controllers, cache hierarchy, or system buses

• Escaping the Privacy Sandbox with Clientside Deanonymization Attacks — Eugene Lim

  Google's Privacy Sandbox is the industry's most ambitious attempt to replace third-party cookies with privacy-preserving alternatives for the web advertising ecosystem. Conceived as a way to maintain

• So Long, and Thanks for All the Phish — Harrison Sand, Erlend Leiknes

  Harrison Sand and Erlend Leiknes, both penetration testers at Norwegian security firm Mnemonic, delivered a methodical account of how they traced a single phishing SMS — impersonating the Norwegian Po

• You snooze you lose: RPC Racer winning RPC endpoints against services — Ron Ben Yizhak

  The Windows Remote Procedure Call (RPC) protocol is the backbone of interprocess communication on Windows systems, used by virtually every service in the OS and by countless enterprise applications. A

• Inside Look at a Chinese Operational Relay Network — Michael Torres, Zane Hoffman

  Michael Torres (MTU) and Zane Hoffman (Earl) present a months-long investigation that began with a simple research question — "what secrets are people accidentally publishing in Docker Hub container i

• Man in the Malware: Intercepting Adversarial Communications — Ben Folland

  Ben Folland's DEF CON 33 talk presents a threat intelligence methodology for intercepting malware communications—specifically, the C2 (command and control) channels and data exfiltration pipelines of

• Kill List: Hacking an Assassination Site on the Dark Web — Carl Miller, Chris Monteiro

  This talk is one of the most unusual presentations ever given at DEF CON: a meticulous account of how a darknet investigator (Chris Monteiro) and a think-tank researcher (Carl Miller) spent nearly a d

• Investigating Threat Actor Targeting Researchers, Academics — Christophe Tafani-Dereeper, Matt Muir

  Christophe Tafani-Dereeper and Matt Muir from Datadog presented "Weaponizing Trust," a detailed investigation into a threat actor they designate MUD-1244, which they began tracking in December 2024. M

• How a vuln in dealer software could've unlocked your car — Eaton Zveare, Roshan Piyush

  Eaton Zveare presents research he titles "Unexpected Connections" — a vulnerability in obscure automotive dealer management software that cascaded into full administrative control of an entire automot

• Voice Cloning Air Traffic Control: Vulnerabilities at Runway Crossings — Andrew Logan

  Andrew Logan, an audio engineer attending his fourth DEF CON, presents a sobering threat scenario: the use of AI voice cloning technology to impersonate air traffic controllers on VHF aviation communi

• Virtualization Based Insecurity: Weaponizing VBS Enclaves — Ori David

  Windows Virtualization Based Security (VBS) is Microsoft's flagship security architecture innovation of the past decade, isolating the most sensitive OS components — credential stores, security polici

• Where's My Crypto, Dude? The Ultimate Guide to Crypto Money Laundering — Thomas Roccia

  In February 2025, North Korean threat actors stole $1.4 billion from the Bybit cryptocurrency exchange — the largest single theft in the history of cryptocurrency — and then laundered the money with b

• Breaking into thousands of cloud-based VPNs with one bug — David Cash, Rich Warren

  Zero Trust Network Access (ZTNA) products — marketed as the successor to legacy VPNs — are increasingly deployed across enterprise environments following high-profile Ivanti, Pulse Secure, and Fortine

• Rusty pearls: Postgres RCE on cloud databases — Tal Peleg, Coby Abrams

  PostgreSQL is one of the most widely deployed open-source relational databases in the world, and virtually every major cloud provider — AWS, Azure, GCP, and others — offers a managed PostgreSQL servic

• How to Fake a Badge like a Pro: Counterfeiting Event Credentials — Russell Phillips

  The event credentialing industry has operated on a foundation of security through obscurity for decades. Badges, wristbands, lanyards, and stickers guard entry to everything from music festivals to pr

• From Shanghai to the Shore: Threats in Global Shipping — Kenneth Miltenberger, Nicholas Fredericksen

  Lieutenant Commanders Kenneth Miltenberger and Nicholas Fredericksen of the United States Coast Guard present a maritime cybersecurity briefing focused on a specific, underappreciated threat: Chinese-

• OverLAPS: Overriding LAPS Logic — Antoine Goichot

  Microsoft's Local Administrator Password Solution (LAPS) is one of the most widely deployed defenses against lateral movement in enterprise Windows environments. By ensuring every managed endpoint has

• Turning Camera Surveillance on its Axis — Noam Moshe

  Noam Moshe, Team Lead and Lead Vulnerability Researcher at Claroty, presented an investigation into critical vulnerabilities in Axis Communications IP cameras — enterprise-grade surveillance equipment

• Silent Leaks: Harvesting Secrets from Shared Linux Environments — Cernica Ionut Cosmin

  Cernica Ionut Cosmin, an application security engineer and bug bounty hunter, presents a systematic examination of information leakage vectors in shared Linux environments — hosting panels, developmen

• Hacking OBD II Emissions Testing — Archwisp

  What happens when a security researcher buys a rotary-engined sports car that kills catalytic converters, moves from a state without emissions testing to one that has strict emissions laws, and decide

• The Ultimate Hack: Applying Lessons Learned from the loss of TITAN — John Mauger

  On June 18, 2023, five people were sealed inside the Titan submersible and began their descent to 3,800 meters below the surface of the North Atlantic, bound for the wreck of the Titanic. None of them

• Shaking Out Shells with SSHamble — HD Moore

  SSH has long been treated as a solved problem — a cryptographically sound protocol that, once properly deployed, provides a trustworthy remote administration channel. That assumption has eroded sharpl

• Paywall Optional: Stream for Free w/ New Technique, RRE — Farzan Karim

  Modern streaming platforms and paywalled services invest heavily in content delivery infrastructure, licensing enforcement, and DRM — yet the authorization logic that gates entitlement to that content

• Mind the Data Voids: Hijacking Copilot Trust — Tobias Diehl

  Microsoft Copilot integrates the Bing search engine as a live retrieval backend — when users ask about topics not covered by Copilot's training data, it fetches current information from Bing and uses

• Reversing approaches to extract embedded scripts in macOS malware — Patrick Wardle

  Malware analysis is fundamentally a triage and classification problem. When a new sample arrives, the analyst's first goal is to determine whether it is benign, known-malicious (already documented and

• Orion: Fuzzing Workflow Automation — Max Bazalii, Marius Fleischer

  Orion is a fuzzing workflow automation platform developed by Max Bazalii and Marius Fleischer at NVIDIA's offensive security team. Presented at DEF CON 33, the talk addresses a persistent pain point i

• No VPN Needed? Cryptographic Attacks Against the OPC UA Protocol — Tom Tervoort

  OPC UA (Unified Architecture) is the dominant open-standard protocol for industrial automation, connecting PLCs, SCADA systems, and remote monitoring endpoints in facilities ranging from gas pipelines

• Advanced Active Directory to Entra ID Lateral Movement Techniques — Dirk-jan Mollema

  Dirk-jan Mollema, founder of Outsider Security, presented new and advanced techniques for lateral movement from an on-premises Active Directory (AD) environment to Microsoft Entra ID (formerly Azure A

• Ghosts of REvil: Inside Look with Hacker Behind Kaseya Ransomware Attack — Jon DiMaggio, John Fokker

  Jon DiMaggio and John Fokker present an inside account of the REvil ransomware operation, centered on exclusive access to and conversation with a hacker directly involved in the 2021 Kaseya VSA supply

• RATs & Socks: Abusing Google Services — Valerio Alessandroni

  Legitimate cloud services have increasingly become the preferred communication backbone for sophisticated malware — a technique sometimes called "living off trusted services" (LOTS). By channeling com

• SSH-nanigans: Busting Open the Mainframe's Iron Fortress through Unix — Philip Young

  IBM mainframes (z/OS systems) are among the most security-hardened computing platforms on earth. They run global financial transactions, process enormous volumes of government and healthcare data, and

• Direct Memory Access Everywhere — Joe FitzPatrick, Grace Parrish

  Direct Memory Access (DMA) attacks have been a fixture in hardware security research for decades. The threat model is straightforward in principle: an attacker who gains physical access to an exposed

• Blind Trailer Shouting — Ben Gardiner

  Semi-trailer trucks share public roads with millions of other vehicles. Their braking systems are safety-critical infrastructure — a compromised brake controller on a tanker trailer is not an abstract

• Loading Models, Launching Shells: Abusing AI File Formats for Code Execution — Cyrus Parzian

  The explosion of AI model sharing has created a new attack surface that combines the risks of untrusted code execution with the trust dynamics of scientific software distribution. At DEF CON 33, Cyrus

• Killing Killnet — Alex Holden

  Killnet was one of the most publicly visible Russian hacktivist groups of the post-2022 era. With a Telegram channel in the tens of thousands of followers, regular appearances in Russian state media,

• Planting C4: Cross-Compatible External C2 for All Your Implants — Scott Taylor

  Scott Taylor's DEF CON 33 talk introduces C4—Cross-Compatible External C2—a framework for building command-and-control infrastructure that operates as an intermediary between diverse red team implants

• 40 Years of Phrack: Hacking, Zines & Digital Dissent — richinseattle, Netspooky, Chompie

  Phrack is the longest-running hacker technical publication in existence. Born in 1985 on a BBS in an era before the World Wide Web, it has survived Secret Service raids, legal battles, the commerciali

• Claude: Climbing a CTF Scoreboard Near You — Keane Lucas

  Keane Lucas from Anthropic's Frontier Red Team presented a detailed experimental study of Claude's performance on Capture the Flag (CTF) competitions across a broad range of security categories. The r