Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on Vulnerabilities & Exploits at DEF CON 26.

DEFCON 201826th Def-Con Hacking Conference is among one of the most main event on Computer, Information Technology, Cyber Security, Software, Hacking and Hack topics.

(Source: DEF CON 26)


1. Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more.


Josep Pi Rodriguez, Senior security consultant, IOActive

In this presentation we will show with technical details how several critical vulnerabilities were found in this embedded OS. First we will introduce some internals and details about the OS and then we will show the techniques used to reverse engineering the mipsN32 ABI code for the Cavium Octeon processor. It will be discussed how some code was emulated to detect how a dynamic password is generated with a cryptographic algorithm for a root shell backdoor. Besides, it will be shown how some protocols used by some services were reverse engineered to find unauthenticated heap and stack overflow vulnerabilities that could be exploitable trough Wireless or Ethernet connection. 

>>>Go To Presentation


2. FOR THE LOVE OF MONEY: Finding and exploiting vulnerabilities in mobile point of sales systems


  • Leigh-Anne Galloway, Cyber Security Resilience Lead, Positive Technologies
  • Tim Yunusov, Hacker

In this talk, we ask, what are the security and fraud implications of removing the economic barriers to accepting card payments; and what are the risks associated with continued reliance on old card standards like mag-stripe? In the past, testing for payment attack vectors has been limited to the scope of individual projects and to those that have permanent access to POS and payment infrastructure. Not anymore! 

>>>Go To Presentation


3. UEFI Exploitation For The Masses


  • Mickey Shkatov, Hacker
  • Jesse Michael, Hacker

In this talk we will summarize BIOS exploitation techniques and dive deeper into the specifics of an exploit we developed to provide reliable arbitrary code execution for an"over-the-internet" bios update vulnerability we found and responsibly disclosed. We will explain the relevant parts of UEFI and talk more about the exploit mitigations that exist there. We will also explain how to explore System Management Mode (SMM) in an Intel based platform, utilizing Intel hardware debug capabilities on an Intel 8th gen platform to obtain SMRAM content, analyze its contents, and search for vulnerable code.

>>>Go To Presentation


4. All your math are belong to us


sghctoma, Lead security researcher @ PR-Audit Ltd., Hungary

Believe me, there were a lot to hack in this case! Several gigabytes of installed materials, a few web servers, cloud integration, clustering capabilities, you name it. These software are bloated, they are basically their own little operating systems. 

Yup, I used plural. Because I thought why discriminate MATLAB? I should really give a chance to Maple and Mathematica to fail too!. I did, and they did fail, and these failures gave the material for my talk. Basically this will be a dump of exploits (RCEs, file disclosures, etc.), and if you use any of those software and you are at least a bit security conscious, you should definitely listen to it.

>>>Go To Presentation


5. All your family secrets belong to us—Worrisome security issues in tracker appsController


  • Dr. Siegfried Rasthofer, Fraunhofer SIT
  • Stephan Huber, Hacker
  • Dr. Steven Arzt, Hacker

Some apps use self-made algorithms instead of proper cryptography for data storage and transmission. Others do not even attempt to protect their communication at all and make use of the unprotected http protocol, or even give an attacker full access to a vulnerable backend system. Hard coded database credentials in apps allowed access to all stored user locations. We would be able to extract hundreds of thousands of tracking profiles, even in real time. In others, this wasn't even necessary, because the user authentication could be bypassed altogether. Flaws in server API allowed us to extract all user credentials (1.7m plain text passwords), further we saw full communication histories containing messages, pictures and location data. 

>>>Go To Presentation


6. Automated Discovery of Deserialization Gadget Chains


Ian Haken, Senior Security Software Engineer, Netflix

In this talk, I present a new technique for the automated discovery of deserialization gadget chains in Java, allowing defensive teams to quickly identify the significance of a deserialization vulnerability and allowing penetration testers to quickly develop working exploits. At the conclusion we will also be releasing a FOSS toolkit which utilizes this methodology and has been used to successfully develop many deserialization exploits in both internal applications and open source projects.

>>>Go To Presentation


7. Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities


  • Matt Knight, Senior Security Engineer, Cruise Automation
  • Ryan Speers, Director of Research, Ionic Security

In this session, we introduce an open source hardware and software framework for fuzzing arbitrary RF protocols, all the way down to the PHY. While fuzzing has long been relied on by security researchers to identify software bugs, applying fuzzing methodologies to RF and hardware systems has historically been challenging due to siloed tools and the limited capabilities of commodity RF chipsets.

>>>Go To Presentation


8. Exploiting Active Directory Administrator Insecurities


Sean Metcalf, CTO, Trimarc

This talk explores some common methods Active Directory administrators (and others) use to protect their admin credentials and the flaws with these approaches. New recon methods will be provided on how to identify if the org uses an AD Red Forest (aka Admin Forest) and what that means for one hired to test the organization's defenses, as well as how to successfully avoid the Red Forest and still be successful on an engagement.

>>>Go To Presentation


9. Demystifying MS17-010: Reverse Engineering the ETERNAL Exploits


zerosum0x0, Hacker

This talk will condense years of research into Windows internals and the SMBv1 protocol driver. Descriptions of full reverse engineering of internal structures and all historical background info needed to understand how the exploit chains for ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY work will be provided. 

This talk will also describe how the MS17-010 patch fixed the vulnerabilities, and identify additional vulnerabilities that were patched around the same time.

>>>Go To Presentation


Your Complete Guide To Top Talks @DEF CON 26

Get your FREE Guide on Top Talks @ DEF CON 26 . Our editorial team has gone through all the talks and handpicked the best of the best talks at DEF CON into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Fireside Chat - Lessons Learnt From The Solarwinds Attack

  • Description:
    Meet Sudhakar Ramakrishna, CEO of @SolarWinds to discuss ‘Lessons Learnt From The SolarWinds Attack’.
    The ‘SolarWinds hack’, a cyberattack recently discovered in the United States, has emerged as one of the biggest ever targeted against the US government, its agencies and several other private companies.
    Here’s an exclusive live chat with the CEO to understand what went wrong, what to prevent and lessons learnt. Join us in the live session (Limited Seats)…
  • Created by: pritha
  • Tags: solarwindshack, ceo