Friday, February 21st

How I Scanned the Internet For NSA Compromised Firewalls

A few years ago Equation Group's toolkit was leaked by a group know as the ShadowBrokers. Unlike most people simply satisfied with rooting their firewalls and moving on, I RTFM'd and worked out how the second stage and implant software was meant to work. Armed only with incomplete software, the NSA ANT catalogue, and a lot of motivation, I'll take us on a journey of discovery that culminates with an Internet wide scan of devices looking for NSA implant code.


Nobletrout has officially moved to New Hampshire. He hacks things, breaks things, occasionally fixes things. He likes to think of himself as a badass hacker, but really has just faked his way until now. He enjoys not paying taxes, working on aging land rovers, and skiing any chance he gets.

Saturday, February 22nd

Maintaining OpSec while visiting China

16:30 - 17:00

Are you a westerner and considering attending Defcon in Beijing or is your company asking you to attend meetings in China? Well, this is the talk that you can’t miss. I worked in InfoSec in Asia for years and routinely traveled to China in order to work and consult at every major Chinese company that you’ve probably heard about on the news. I’ll give you everything including how to get around and not get ripped off, how to communicate securely, and how to maintain OpSec. These are the things I wish I had known beforehand. China is an amazing place and it’s almost impossible to work in the security industry and have nothing to do with the world’s second largest economy. You will have some fun and leave with practical knowledge.

Small Data

Small Data has been working in the network security industry for over 15 years at prominent start-ups as well as established companies. They've been paid to do everything from exploit development to auditing security solutions and building security products. SmallData has many hobbies such as goofing around with GPUs, honeypots, privacy coins, software defined radios, OpSec, and speaking at various security conferences. SmallData has been an expat for many years living in Asia and this is the first conference they will be speaking at under their handle.

Compile-time chicanery to confuse C++-analyzers with counter-analysis code

17:00 - 17:30

In 1994 Erwin Unruh inadvertently posed the question "What if C++ templates, but too much?" when he demonstrated the C++ template system was Turing complete. His, the first compile-time "Template Meta Program" computed primes and printed them as a compilation error. Since that time, the draft standard of C++20 has been published and with it come exciting opportunities to create yet new and unseen software abominations.

In this talk I demonstrate and evaluate the application of C++ metaprogramming to adversarial software development challenges such as obfuscation, misdirection and chicanery. I also cover the limitations of metaprogramming techniques and where they should be supplemented with traditional obfuscation technology.

Evan Jensen

Evan Jensen is the co-founder and CTO of the Boston Cybernetics Institute, where he splits his time between performing security assessments, vulnerability research, and teaching. Evan has taught reverse engineering at many universities, including BU, RPI, NYU, MIT, Tufts, and West Point. He has also delivered presentations and training at conferences such as SchmooCon, REcon, RingZer0 and HITB. Before founding BCI, Evan worked in the Cyber System Assessments Group at MIT Lincoln Laboratory and Facebook’s redteam. He has a BS in computer science from NYU Tandon School of Engineering.

Email Sinkholing

17:45 - 18:15

Many popular email providers allow to re-register abandoned email alias. This opens an opportunity for an information leakage. Emails that belonged to hackers provide insights such as hacker advertisements, domains that were registered to the hacker, language preferences etc. On the other hand, if you plan to abandon your email, make sure you won’t loose valuable information such as banking/loan/retail notifications, personal correspondence.

In this lightning talk Yury Polozov will share observations of his multi-year research of the issue, show the benefits and the limitations of this recon method.

Yury Polozov

Yury Polozov is an independent security researcher who worked in the New Hampshire cybersecurity company Red Sky Alliance (d.b.a. Wapack Labs) for five years, and prior to it had experience with system administration, antivirus and antispam protection in Russia. Previously, Yury gave talks on various cybersecurity topics such as cryptocurrencies, Russian hackers and bots, and attacks on critical infrastructure.

The Dark Side of Open Source Security Tools

18:15 - 18:45

Offensive security tools are routinely shared as open source projects. Some of these projects have become the lifeblood of red teams at both big and small companies. However, there is a dark side to the free and open sharing of offensive security tools: threat actors (both nation state and financially motivated actors) are adopting these tools to bootstrap intrusions, make attribution harder, and take advantage of the latest security research.

From ransomware evasion techniques to post-exploitation frameworks, Recorded Future tracks, analyzes, and produces detections for many open source security tools. The open source nature of this task provides both opportunities as well as problems. This talk will cover Recorded Future's analysis process for analyzing open source offensive security tools, and how we deal with the opportunities and problems they present.

Connor McLaughlin

Connor McLaughlin is a Cybersecurity Researcher for Recorded Future's Insikt Group. He spends his time tracking offensive security tools and working on the operational outcomes team. Before that he was an Associate Technical Staff in the Cyber Systems Assessments group at MIT Lincoln Lab for almost four years, where he spent his time researching software similarity, building malware sandboxes, and dabbling in iOS security.

Protecting the @Home Like the Enterprise

19:00 - 19:30

I hope to demonstrate a solution to the issues concerning families with young humans (4-50 yrs old). How do we provide a safer environment for tablets, Internet Connectable Widgets and doodads, when in the hands of semi-internet savvy person(s)? I will provide some at cost solutions to help ease the minds of parents and provide reasonable control features to the household, with minimal mental overhead. I will walk you through the experience of being a remote parent that wants to maintain communication with my children. So, I did what any security conscious parent would, I implemented MDM (mobile device management). I don’t work for google, or WordPress, but I will tell you how I leveraged these platforms to protect my family. The technical explanation will be reasonable, and you will walk away understanding how you could benefit from this ideology or a derivative of within your house hold.

Nico Smith

DAD, lover of technology, Captain in U.S. Army National Guard CND Manager on Cyber Protection Team and evangelist of raspberry pi. I’ve been a tech hobbyist for about 12 years. Part-time Pen tester and tinkerer. Active volunteer at both B Sides Las Vegas and B Sides DC. I have taught intro to computing as an after school high school program within Chicago. I Worked as both a Defensive and Offensive analyst in the private sector and the military. 3 years leading Red Team engagements to support Blue Space Defenders. and I love to share when I can.

Embedded Device ROP Tips and Tricks

19:30 - 20:00

The talk will first introduce a stack overflow vulnerability in an embedded device. Next, it will discuss the process for building a simple exploit for the vulnerability, and then improving it to work on several different devices (which share a similar code base). Finally, the talk will demonstrate how to convert a stack overflow to a command injection via several different creative ROP tricks.


Jeffball is a senior researcher at GRIMM, where he conducts vulnerability assessments, exploit development, tool development, and other security research. Jeffball has presented at numerous security conferences, such as DEF CON, BSidesLV, LayerOne, and MTEM, and has written several security tools and papers. Before working at GRIMM, jeffball worked at MIT Lincoln Laboratory, where he received an MIT Excellence Award for his work. He holds a BS degree in computer science and applied mathematics and a MS degree in computer science from East Stroudsburg University

To Pay or Not to Pay? Ransomware and Municipalities

20:00 - 20:30

There has been a tremendous spike in ransomware recently with municipalities becoming a prime target. This past summer alone we saw attacks in cities in Massachusetts, New York, Florida, Texas, and more. Why are criminals targeting cities? Should cities pay? And what can be done to mitigate the risk?

Kristin Dahl

Kristin Dahl is an intelligence developer with IBM X-Force IRIS and former research staff member at MIT Lincoln Laboratory. Kristin’s experience includes technical development, investigative research, policy development, threat assessment, and security operations across the defense sectors, critical systems, academia, and private industry. Kristin has worked collaboratively with multiple stakeholders and federal agencies, including the Department of Defense, the Department of Homeland Security, and the Department of Energy. She has both a B.S. and M.S. in Computer Science from the University of Minnesota, and routinely engages in cybersecurity research, education, and outreach efforts within the local community.