Top talks on Hacking from DEF CON 26

DEFCON 2018, 26th Def-Con Hacking Conference is much awaited event on Computer, Information Technology, Cyber Security, Software, Hacking topics.

Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on Hacking at DEF CON 26.

DEFCON 201826th Def-Con Hacking Conference is among one of the most main event on Computer, Information Technology, Cyber Security, Software, Hacking and Hack topics.

(Source: DEF CON 26)


1. I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine


  • Alex Levinson, Senior Security Engineer
  • Dan Borges, Hacker

This talk will consist of an overview of the origins of the project, a technical deep dive into the inner workings including the modified Javascript VM, a walk through of the CLI utility, and examples of how we've leveraged Gscript in the real world. 

>>>Go To Presentation


2. 80 to 0 in under 5 seconds: Falsifying a Medical Patient's Vitals


Douglas McKee, Senior Security Researcher for the McAfee Advanced Threat Research team

This presentation will include a technical dissection of the security issues inherent in this relatively unknown protocol. It will describe real-world attack scenarios and demonstrate the ability to modify the communications in-transit to directly influence the receiving devices. We will also explore the general lack of security mitigations in the medical devices field, the risks they pose, and techniques to address them. The talk will conclude with a demonstration using actual medical device hardware and a live modification of a patient's critical data.

>>>Go To Presentation


3. Soviet Russia Smartcard Hacks You


Eric Sesterhenn, Principal Security Consultant at X41, D-Sec GmbH

Smartcards are secure and trustworthy. This is the idea smartcard driver developers have in mind when developing drivers and smartcard software. The work presented in this talk not only challenges, but crushes this assumption by attacking smartcard drivers using malicious smartcards. 

>>>Go To Presentation


4. Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking


ldionmarcil, Pentester at GoSecure

Due to the upstream-trusting nature of Edge servers, ESI engines are not able to distinguish between ESI instructions legitimately provided by the application server and malicious instructions injected by a malicious party. We identified that ESI can be used to perform SSRF, bypass reflected XSS filters (Chrome), and perform Javascript-less cookie theft, including HTTPOnly cookies. 

>>>Go To Presentation


5. Compromising online accounts by cracking voicemail systems


Martin Vigo, Hacker

In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the broader impact of gaining unauthorized access to voicemail systems today and introduce a new tool that automates the process.

>>>Go To Presentation


6. Compression Oracle Attacks on VPN Networks


Nafeez, Security Researcher

Compression oracle attacks are not limited to just TLS protected data. In this talk, we try these attacks on browser requests and responses which usually tunnel their HTTP traffic through VPNs. We also show a case study with a well-known VPN server and their plethora of clients. We then go into practical defenses and how mitigations in HTTP/2's HPACK and other mitigation techniques are the way forward rather than claiming 'Thou shall not compress traffic at all.' One of the things that we would like to showcase is how impedance mismatches in these different layers of technologies affect security and how they don't play well together.

>>>Go To Presentation


7. House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries


Sanat Sharma, Hacker

Since this a 20 mins talk, attendees should be aware of basic heap exploitation techniques, like fastbin attacks and unsorted bin attacks, and have a general idea of how the ptmalloc2 algorithm works. As a bonus, I also discuss how to land a fastbin chunk in memory regions with no size alignment (like __free_hook ).

>>>Go To Presentation


8. 4G - Who is paying your cellular phone bill?


  • Dr. Silke Holtmanns, Distinguished Member of Technical Staff, Security Expert, Nokia Bell Labs
  • Isha Singh, Master student, Aalto University in Helsinki (Finland)

This presentation shows how a S9 interface in 4G networks, which is used for charging related user information exchange between operators can be exploited to perform fraud attacks. A demonstration with technical details will be given and guidance on practical countermeasures.

>>>Go To Presentation


9. Practical & Improved Wifi MITM with MANA


singe, CTO @ SensePost

After years of using mana in many security assessments, we've realised rogue AP'ing and MitM'ing is no simple affair. This extended talk will provide an overview of mana, the new capabilities and features, and walk attendees through three scenarios and their nuances:

Intercepting corporate credentials at association (PEAP/EAP-GTC), Targeting one or more devices for MitM & collecting credentials "Snoopy" style geolocation & randomised MAC deanonymization. As a bonus, you'll be able to download a training environment to practise all of this without requiring any wifi hardware (or breaking any laws).

>>>Go To Presentation


10. Weaponizing Unicode: Homographs Beyond IDNs


The Tarquin, Senior Security Engineer,

This talk discusses the use of homographs to attack machine learning systems, to submit malicious software patches, and to craft cryptographic canary traps and leak repudiation mechanisms. It then introduces a generalized defense strategy that should work against homograph attacks in any context.

>>>Go To Presentation


11. Hacking PLCs and Causing Havoc on Critical Infrastructures


Thiago Alves, Ph.D. Student and Graduate Research Assistant at the University of Alabama in Huntsville

During this presentation I will talk about the architecture of a PLC and how it can be p0wned. There will be some live demonstration attacks against 3 different brands of PLCs (if the demo demons allow it, if not I will just show a video). Additionally, I will demonstrate two vulnerabilities I recently discovered, affecting the Rockwell MicroLogix 1400 series and the Schneider Modicon M221 controllers.

>>>Go To Presentation


12. Hacking BLE Bicycle Locks for Fun and a Small Profit


Vincent Tan, Senior Security Consultant, MWR InfoSecurity

This talk will explore the ever growing ride sharing economy and look at how the BLE "Smart" locks on shared bicycles work. The entire solution will be deconstructed and examined, from the mobile application to its supporting web services and finally communications with the lock. We will look at how to go about analysing communications between a mobile device and the lock, what works, what doesn't. 

>>>Go To Presentation


13. Lost and Found Certificates: dealing with residual certificates for pre-owned domains


  • Ian Foster, Hacker
  • Dylan Ayrey, Hacker

In this talk, we will review the results from our ongoing large scale quantitative analysis over past and current domains and certificates. We'll explore the massive scale of the problem, what we can do about it, how you can protect yourself, and a proposed process change to make this less of a problem going forwards. 

We end by introducing BygoneSSL, a new tool and dashboard that shows an up to date view of affected domains and certificates using publicly available DNS data and Certificate Transparency logs. BygoneSSL will demonstrate how widespread the issue is, let domain owners determine if they could be affected, and can be used to track the number of affected domains over time.

>>>Go To Presentation


14. Reaping and breaking keys at scale: when crypto meets big data


  • Yolan Romailler, Security Researcher at Kudelski Security
  • Nils Amiet, Security Engineer at Kudelski Security

In this talk, we discuss about how could we have impersonated hundreds of people by breaking their PGP keys, mimicked thousands of servers thanks to their factored SSH keys and performed MitM attacks on over 200k websites relying on vulnerable X509 certificates. 

In the end, we were able to do this in an entirely passive way. Going further is possible, but it would lead us to the dark side. Would big brother hesitate to go there?

>>>Go To Presentation


15. Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!


Orange Tsai, Security Researcher from DEVCORE

In this talk, we propose a new exploit technique that brings a whole-new attack surface to defeat path normalization, which is complicated in implementation due to many implicit properties and edge cases. This complication, being under-estimated or ignored by developers for a long time, has made our proposed attack vector possible, lethal, and general. Therefore, many 0days have been discovered via this approach in popular web frameworks written in trending programming languages, including Python, Ruby, Java, and JavaScript. 

>>>Go To Presentation


Your Complete Guide To Top Talks @DEF CON 26

Get your FREE Guide on Top Talks @ DEF CON 26 . Our editorial team has gone through all the talks and handpicked the best of the best talks at DEF CON into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

RSAC Meetup Banner

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)