 Welcome to the Closing Ceremonies of DefCon! So you all noticed, it was an experiment, I talked about it a little bit in the program. We've never been in multiple hotels like this, where you have to actually go out and see the sun. And I was really worried about that. Yeah, yeah. Yeah, so we have a plan for next year that does not involve destroying the sun. The orb, as I call it. So, as I mentioned, this is the last time we were here. This is the last year we're at Caesars. And next year we're back to some old favorites. We'll talk about that in a minute. But just to let you know, with all of this growth, it allowed us to try a lot of new things. We used over 400,000 square feet of space. And we're across three hotels. The link was the Workshop Hotel. Yay, workshops! This year also was like a record year for people who made badges. It was crazy. How many badges? Over 100 different badges and then we lost track. That's not even counting the shitty add-ons. And so, yeah, there's a lot. And so, one thing I wanted to say is at the last minute I got this brainwave and I was like, you know what, I should start a museum for all these badges. Why don't everybody just give me badges? And I'll put them in a museum. And that was a little kind of half-baked. What I really should have done is set up an area, given you money, you've given me badges, and I would have this authoritative collection. But even at the last minute, over 25 of the 100 donated badges to me, I'll collect them, we'll have them on display for next year. And next year, we'll have a proper way for you, if you want, to sell us a badge and we'll create sort of a whole history of the badges. Because I think it's really cool and unique and I'm afraid we're going to lose some of that history, so I just want to start doing this year after year. So, we're going to be doing that. Yay! So, for those of you in your hotel rooms or in the speaking tracks, last year you knew it was kind of a disaster. We had a lot of wiring and cable and interface, laptop, video issues. We lost 315 minutes of speaking last year due to technical problems. And this year we lost around 10. Yeah, I don't think anybody even would have noticed, but since we're trying to be more transparent, there's 10. So, we have a tradition here at DEF CON. Our number one, Paul Proctor, will be leaving our team after 20 years. Please, DEF CON, welcome. Help us give him a toast to Paul Proctor. Cheers! I'd like to thank all of those that I've shot over the years. Thank you. Love you, man. Okay, so we also started last year this Transparency Report I've wanted to do. And so we've continued it this year. So, as I predicted, what I hope is happening is that you will see that we are trying really hard to take these issues seriously and that we're trying to act on them. And when you do report something, we do something about it if we can. And so I'm expecting these numbers to go up year after year after year. As people get comfortable reporting, seeing that we actually are serious about this, I think for the next four or five years, we're just going to see these numbers increase until we level off. And only by sort of facing this problem head on, are we really going to know the magnitude of the issue. So, the numbers, yes, did go up this year, which I think is good. And we are better at tracking them. And we introduced a hotline for people to report things. So to talk about this and deliver this year's statistics, I'd like to bring the head of our sock up, CJ. First of all, I want to thank all of our partners. Thanks for the phone, thanks for the phone. I'm not loud enough. First of all, I'd like to thank all of our partners across all of our departments and across the hotel. We wouldn't have been able to be this successful without their help. So, the numbers. We had three reports of harassment, seven reports of sexual harassment, one report of sexual assault, seven medical incidents, none requiring ambulance this time, which is an improvement on last year. So either you guys are getting better at drinking or two reports of theft, three reports of vandalism, one case of trespassing, one case of the ceiling falling again, one badge maker exonerated, one attack on the casino foiled, one dust storm, attendees of other conferences thinking that we hacked them when we didn't, one. So there's one that's off of here. One warning issued to a member of staff whose conduct wasn't appropriate and didn't represent what we as a team would like to represent to you. Right, support line. We got 62 calls in total. 42 of those were general information calls asking where things were. It's kind of to be expected, but we did get three harassment calls, five sexual harassment calls, one call for medical help and one call of concern about drink tampering. And that is awesome. Obviously, we're going to do this again next year and we're going to scale it up and I want you guys to use it more. Less information calls, please. We do have an information booth in lots of locations, but, you know, I understand. At the same time, please trust us, call us. We've got trained people there to help you and we want to help you. So the next thing is, as you're all aware, there have been a lot of concerns about new processes adopted across the Las Vegas hotels. This isn't just Caesars. It's across all the hotels. These changes represent a new reality that all hotels have to face in their work to keep guests safe. We hear your concerns and Caesars is an extremely receptive partner. They're already engaged with us and working closely with DEF CON management to figure out the best way forward for next year. And as soon as we have an update, we'll let you know. Thanks and cheers. Even Tyrannosaurus Rex over here likes that. Okay, did we have the info booth? Hacker Tracker, do we have someone want to come up and... Come on up, Mello? Mello man, head of info booth. It's my last year as well. Oh, no. Thank you. So I don't know what my slides look like because what I sent is not this. So Hacker Tracker we brought on board last year as an official DEF CON thing. This year we started expanding it. We got both Android and iOS. Next year we'll have actual full website and it'll all look the same. That's my only slide? Yes, that is my only slide. All right, so I'm remembering the numbers and I've had a few drinks. My team was great. We had something like 8,600 Android users and about 6,400 iOS users as active users over this weekend. So that's about half of you out there used Hacker Tracker at least once. Okay, so how many out there have used Hacker Tracker? I know I have. We also had seven info booths this year. So if you turned around and didn't see an info goon there was probably in the wrong place. Okay, now how many of you went to the info booth or talked to an info goon somewhere? Sweet. So it looks like we're actually doing something decent. So thank you. Enjoy the con and workshops. So some of those you might have noticed with the new hotel space at Lynx we managed to expand the number of workshops and this is something we want to keep trying to do. It's just logistically takes a lot of work and effort but I'd like to introduce the person in charge of workshops. Hi. Hi everybody. So... Oh yeah, so just out of curiosity how many of you all went to a workshop this year? How many of you tried to register for a workshop this year? Okay. So we might need some more room. Yeah. Oh, bitch. So this year we had nearly 2,000 attendees registered. This does not include the folks on the wait list. We had about 150 folks on wait list for each class. We went from Thursday to Saturday. Six concurrent tracks morning, afternoon, four hours each and we had some amazing workshops. We had folks like Joe Grand, Richard Henderson, all sorts of different folks out there teaching, giving back to the community absolutely for free. Woo! Yeah. Yay! We like free, right? And we were in our own hotel. We had the fourth floor of the link all to ourselves which is a far cry from when we were over at Bally's and we were huddled over and had a really cramped hallway and we made you guys wear those awful wristbands and we'll never do that to you ever again. But woo! And that's it. So I'm looking forward to next year and hopefully we can get more classes out for you and more folks in and improve the registration process. Thank you. Thank you. Okay. Evan, it's the knock. Woo! Just one thing I want to say is there's no amount of money in my back pocket that can afford the amount of bandwidth you want to use. So I'm done. How's it going, everyone? Here to talk about the knock. Hello. Okay, I have to see the screen. Hi. So my name is Evan and I run the knock here along with Mac and as usual I'm going to go through some statistics and the interesting stuff that we did. So we have two kinds of networks here. We have the wired and the Wi-Fi. So Wi-Fi is mostly for all of you across all three properties and wired is for everything else that is listed there. I'm not going to go through this. You can download this presentation for the knock later. So this is how the week went. We had the same amount of days and two more properties to take care of. And we started on Sunday, basic setup. So whatever is green is good. Orange, more or less, and red, that was very hard for us. But Sunday, usually good. We work with the hotel IT people and the Encore folks. They're super awesome. And it was going well until the time crush came and we had to run around the properties and got everything set up. So it was good. At the end, it worked. You can go through this later. But there was a lot of patching. There was a lot of things. When things were coming up, people couldn't find cables or cables were not working. And then we show up, they were working and so on and so forth. So, but the code that we used to know if things were working or not working was our friend Guy Fieri. So we had the knock current status, had the happy, the desperate, and the stellar one. So we set up, everything was working despite some problems that I'm going to talk a little bit in the next slide. But you guys show up. We had 300 mags. And Jeff already addressed what has to be addressed on how much it cost to do this. A lot of money. So you guys showed up. You can see it went straight to 300 mag on Thursday. And it never went down. So then we went to 350 for about three hours and we saw that it was already packed. So kindly, DTE allowed us to go to 400. And it stayed there for the whole weekend. As usual, we have some challenges and issues other than the unplanned ones, right? So bandwidth is the usual one actually. But some fiber connections, they were acting up on us between the IDF and the MDFs, the IDFs and the MDF. So we had a problem with some switches that we swapped. Still, shit didn't work. And then we found out it was a power issue. But half of it, not half, but part of the hotel and the APs were not working. Then we had on Thursday somebody posted on Twitter. And thank you for that. That multicast was leaking on the secure network to the other users. That was a configuration thing. We fixed right away, but totally we overlooked that. Thanks for reporting your names at the end of the presentation. Appreciate that. AP coverage and capacity, like this room with all of you right now, the internet is probably not so good. But it happens. And we had also new APs. I'm going to talk about that in two slides. And people still don't get 802.1x. I don't blame you because we have to fight through this. But if you follow the instructions, mostly most of the time it works and anyhow. So we went for a 10 gig backbone just like last year. But because of the fiber issues, we had to some places go down to one gig. The internet uplink, I talked about that already. Here at Caesars, so all the other properties will talk like layer three to here layer three using IPsec tunnels. So everything goes, comes here and then to the internet. We have one internet uplink. About the wired gear, not going to go through this. But pretty much the core, which is the firewall and the core switch and the firewall. We had like three of those, three sets of those. 3BSD! As for the wireless gear, we also had to have three controllers and that worked well. And we got a bunch more APs to support the three properties. Thanks, Jeff. So we had a total of 136 APs. The breakdown is there. Obviously, most of the APs are here at Caesars. 20 at Flamingo 6 at Link. Not going to read this, but we doubled the amount of traffic that you guys used. So last year, we had about five point something terabytes. 9.11, which is a weird number to have. But that's true up to like a few hours ago. And there's like some more cool stuff. The other cool stuff is that we have 15,000 different unique DHCP leases. That means that you guys stop doing like DHCP exhaustion attacks and we really appreciate that. So big shout out to my crew. People are awesome. They dedicate the whole week to be here and work hard, long hours and drink hard at night. Don't know how we did this, but we pulled this off. So give it a hand for my team, please. They're awesome. So in this room, how many people actually connected to the secure Wi-Fi? How many connected to the insecure Wi-Fi? On purpose. On purpose. Okay, so again, thanks to my team. Everyone is super awesome. And my last, almost, that was the last one. Yes, that's the last one. So big shout out to DT, Cheryl, Nikita, Will, without you guys. We wouldn't be able to do this, right? We bug you guys a lot to get stuff for us. So thank you. QM to get our gear safe and we show up. The gear is here. So those guys are super awesome. Caesar's IT, I cannot speak highly. Like, I can only speak highly of them. Sorry, Phil. No, we love them. They're super awesome. Whatever we need, they do for us. Same with Encore. Packet Rat is the guy who tweeted saying, hey, am I supposed to see this traffic here? And then it got quickly to us. So thank you very much for reporting that. We fixed the configuration right away. Lockheed, our fearless leader from the knock in the previous life. He still runs our server, the.com, networking.org. So I had to have some stuff done there. And I'm like, look, can you help? He's like, of course, right? So he's part of the.com family. Thanks to the bar staff downstairs. That's where we spent most of the night because we didn't go too far. The usual very nice folks who come to the knock and drop snacks for us, they show up. They said they were working in a knock before and they know how, like, you don't see anything and people only remember about you when shit breaks. So they bring us like a few snacks. Thanks for that. All the other DEF CON leaders and goons, thank you so much. Like, I'm a pain in the ass like to meet that line. So I say I need your request by this date. If it doesn't, if I don't get it, it will happen. But it will take longer. Everybody does a great job like pushing back and saying I really need this by this date. So thank you very much. Okay. And thanks everyone for behaving on the Wi-Fi as much as it can. Okay. This is the first year where DCTV split out and became its own department, got a budget and then spent it all on new equipment. So I'd like to introduce video man. Hi folks. How's everybody doing? Who has a hotel room in Caesars, Link, Harris, Paris, Bally's or Flamingo? Did any of you watch the talks today from your room? Yeah. Okay. So I expect more. Geez. We got new equipment this year. Morgan, my co-head, actually pushed for this, which was awesome. We also acquired three more new goons because we were just a team of two that were doing all of the TV broadcasting into the Def Con hotels. As you can see, our senior overnight program director is here on the right, right, my right, our T-Rex program director. So I don't know if you guys got here and we're trying to watch DCTV Thursday. It was only one track. Unfortunately, we had a little bit of problems with our hardware, not showing up. We had over two months of work. Yeah, two months of work trying to get hardware. Six shipments that we tried to receive didn't happen. Friday morning, I drove 30 minutes north of here to pick up a bunch of hardware, put it in my car and drive it back down on site. Within 90 minutes of receiving that shipment, we had four of the hotels up and by about 2 o'clock, we had all six hotels up and running the tracks in your room. And as Jeff points out, this year we're in high def, right? You can actually see all the slides. You can see the video in all the rooms. It's awesome. It's superb. And I would also say that our volunteers here, our new volunteers, were a big part of that. We could tell them, hey, go do this. And like an hour later, it'd be done, right? Dedication and the ability to just pick up and roll with things is very important. Raise your hand over there. Thank you. We figured we're broadcasting to 18,000 hotel rooms. It's about probably 22,000 TVs because some rooms have at least two or more TVs. 99.9% uptime. There was a little glitch Saturday morning, but we figured it out. People were on the Twitters telling us, hey, we don't have audio. We were able to figure it out and fix it very quickly. We also streamed DC 101 and track one to the internet for the entire time that they were actually on, which was pretty fun. We figured out we got about 4,000 viewers online throughout the whole conference. Obviously, DC 101 was very popular. So, all right. So if you want, dctv.defcon.org is where the URLs will live when the conference is running. And you can hit us up on Twitter, DefconTV. Defcon underscore TV. Thank you. We get up in the morning so you don't have to. Okay, so we're going to move into, Zant, do you want to talk about the villages? Not really. Okay, so this year, with the new space, we had the opportunity to have a record number of villages. And so that meant Zant had to deal with almost double the amount of logistics requests. And because a lot of the villages were new, the whole process was new. So it was just a lot of work, a lot of answering questions, a lot of setting expectations, and a lot of last minute room changes as we were trying to figure out what kind of space some of the villages needed. So what we're really interested in hearing about is which villages worked and which ones didn't. And we really want to make sure that the winners have the space and the resources to thrive. So I'd like to have Zant have some words here. Thank you. Hopefully everybody enjoyed the villages. As DT said, we're a new division. I wouldn't have been able to do any of it without my two leads, which were runner up, bruiser. And I'd like to thank the entire rest of my team because they're the ones that made it all possible. They answered all the villages' call for needs. All I did is ran the entire weekend. I can honestly say I was so busy running. I did not hit my final village until 2 o'clock today. So yeah, all I got to do is say thank you for you guys. I really didn't have much else to say. Thank you. And that's why I didn't want to talk. My voice has been gone for three days. And yes, I already know every village needs more space. Okay, Data Duplication Village. They added talks this year. And unfortunately, we also had some lost duplicators that reduced our total capacity. We want to, nobody's here. I will talk about it. So you can just quickly look at the statistics. Infocon Archive Collection continues to grow. The hash tables you can see remain popular. And we had to turn away. We stopped accepting drives around 450 drives. We only got to about 300 and some odd drives. 300, 1, 2, 3, yeah, 319 dupes. And so next year we're going to address this by repairing the machines that got damaged and finding the machines that got lost. So it's really fascinating that even in this age of high speed internet, there's nothing that beats a high drive duplicator or an airplane full of hard drives. Okay, I'd like to go to contest and events. Mr. Grifter. I don't know what that was. It made me a little nervous. So hi, I'm Grifter, the department head for contest and events. This year, I love you too, deeply. This year we had over 50 different contests and events. Every year, I always say when we get up here, if you guys have an idea for something that you want to do, that you just want to try out, it can be the most absurd thing you can think of. But if it has legs, then we'll add it. It has legs. Fantastic. Just fucking DEF CON, you know? So we had 42 actual contests this year, 12 of which were new. So you guys really took that to heart last year. I got a ton of different submissions. We took a dozen of the best ones and most of that was just due to space. I think we're collecting all the hotels on the strip. Like they're fucking Pokemon cards now for DEF CON. So maybe if we've got some more room for additional contests next year, hit me up. Just send an email to contestedefcon.org and tell us what your idea is. We'd love to hear it. Yeah, I guess, can we get a huge, huge round of applause for all the organizers of the contests and events? They put in a ridiculous amount of work. We opened up the call for contests on January 1st. So I guess that's when DT thinks I've had enough of the holidays. And my inbox is what lights up like a Christmas tree. And then they just start hammering me with all the requests to try to make things the best they possibly can for you. So I really appreciate that effort. And I hope you guys do too. There are way too many to go through individually. So I'm just going to skip it and we'll come back in a second for those Black Badge events. This year for vendors, we had, it's like we have more space, but it got absorbed very quickly. It was crowded in the vendor space. And here are a list of the vendors. And what we're noticing is this year was the first year we noticed we had to turn away some vendors that wanted to provide cloud service-y things. And we really had to explain to people, no, you need to be sort of part of the community. You've got to engage with the community somehow. Not just show up and give away a free cloud login to your vulnerability scanning platform. And that pissed off some people. But if you can't, yeah, good. If you can't show up and engage with the community, we'd rather have empty tables than full tables. And so we're always on the lookout. So I had this epiphany. And I forget who, it wasn't really my epiphany, I read it somewhere and I can't remember where I read it. But it was essentially a reporter was talking about their experience at DEF CON in the vendor area and they said bring a lot of cash because you're gonna wanna buy all the stuff that you don't ever wanna show up in your Amazon shopping cart history. And I was like, exactly. We need to find those vendors and get them to DEF CON because we don't want them in your Amazon shopping cart. So if you can think of dodgy, interesting vendors, send them our way. Okay, let's hear from the arts and entertainment. Do we have, do we have the arts and entertainment here? Come on guys, artists, okay, I wanna try to wing it. They're still asleep, oh, that's right. Besides the roof coming down for the second year on a road during the fat base of Juno Reactor last night. You can see our lineup this year. We always try to have a really community driven track of artists from the community and then we also try to find some cool, either retro or current acts that you might not normally come across and we wanna expose you to. And then we also try to release every year a music CD or original soundtrack. So by show of hands, how many people appreciate or actually ever listen to the DEF CON music CD? Okay, yeah, these people donate their music to us. We compile it, we master it, and then it ends up going up for sale with the proceeds going to the EFF. And we just plan to keep doing this until you guys stop caring because I think it's cool. There's really an intersection between sort of the culture and music and you can see that by the number of bands and DJs and acts that we have at DEF CON. This year Juno Reactor was awesome. How many people managed to see Juno Reactor? Yeah, so this was a big growing, this was like the biggest name band that we've ever done and boy did we learn a lot. I mean, you might not have realized it but that lighting setup was fantastic. It was fantastic because it was like a whole project in and of itself just to get the lighting set up. Corporate accounts to get CO2 cylinders to fire off smoke things. Did you realize that the misting machine is the same as smoke and it will set off fire suppression systems? Right? So you have to have fire trucks ready in the parking lot when you turn off the fire suppression system and a fire person standing there making sure it's not really on fire. And it's just like thing after thing after thing just for some guys to get up on stage and rock it. And so I was so happy that everybody got to enjoy Juno Reactor and all I saw was like fire suppression, smoke detector, you know, it was crazy. And the other thing that was super cool about Juno Reactor is they gave us permission to record it. So we're going to release it. Every one of the other big performers have these writers that say we can't record it, we can't think about recording it, you know. Where Juno Reactor is fantastic to work with. So we're going to try to work with bands in the future that allow us to record it and release it. Okay, pyros, anybody want to come up and talk about the parties? So parties spun out this year also into its own department because we had multiple properties and so much going on. So I'd like to introduce Pyro and his team. How's it going everybody? Do you have a good Def Con? Excellent. So I've worked with Def Con now. This is like my 19th year, 20 years going to the Con, but 19 years on staff. And I always just have Jeff like bounce me around in different places where he wants me. And last year he came at the end of Con. I told him I wanted to come back and I wanted to contribute and participate again. And he said that the big goal that they wanted to do with this new department was bring back the feel of the old Def Con parties. Lexus Park days, you guys, who was there? You remember what it was like and that's what we wanted to recreate this year. So I have a small staff and they are exceptional. Right here existence was our number one. Most departments have a department head and a second. He is by far the number one. This man did almost all of the actual labor and work to make this stuff happen this year. So I'm going to hand it over to him, but thank you very much. So how many of you guys came out to the parties that was not here at Caesars other than Hacker karaoke and a couple smaller ones, but over in Flamingo? Awesome. We're hoping to make it bigger, better and better next year. Unfortunately, the three or three pool party had to get moved inside due to safety. So we apologize that we couldn't throw the large pool party we wanted to throw. Hopefully next year that will all happen and you guys can come out, swim and drink and party. So feel free to contact us with parties and we'll make it happen and we'll get it out there. Thanks very much guys. Okay, so we're into the part where we're talking about black badge contests. So this is this year's black badge and I'll just tell you a quick little story about the black badge for this year. It's electronic and it's also analog and the has parts in it that have been reclaimed electronic components from the Apollo ground station tracking stations from back in the day. Some of that stuff got surplus. People took the components off and some of it's ending up on the black badge. Also, I'm going to have up here on stage later after we're over in case you're interested. I wanted to create like, how much more black can it be? I tried to get the blackest black and the blackest black is a black called Vantum black and absorbs all visible frequencies. But you can't get that, sorry. So the next best black is another black that's really, really expensive for every ounce of this paint and so the toy makers who designed this bought an ounce of this super black ink and we painted it and we compared it to just like black PCB. Not really that different. So you'll see the side by side comparison but we're like, ah, we don't want to really spend that much money for something where you can't unless I told you that you would never know. So that's why maybe in the future if we can work something out we might try to get a Vantum black. That would be super cool. So black badges get you in for life. They're generally, they're always given to the winning team of capture the flag and then after that it's really questionable who gets to win them. We vary it by contest. Grifter makes the call on who gets the contest, who gets one based on the quality, the amount of effort that goes into the technical complexity and so I'm going to hand it over to him to talk about the badges and start handing them out. So Grifter, Grifter, Trevor, little buddy. All right, so as Jeff mentioned the black badges are something that you go to contests to put exceptional work in. That doesn't mean that the other contests do shit work. We have only a handful. We do that on purpose to make it special. We also do it so that you don't know what competition is going to have a black badge that year. We want you to compete in the contest that is your favorite. That is the technology that you like or frankly the shit show that you enjoy the most. And so you never know what's going to have a black badge outside of the CTF. So we have a handful and those get picked and no one knows until literally four hours ago. So not even the organizers know. I'm going to start bringing them up and they're going to start telling you what their contestants did to earn those. So first hack the planet. Hack the planet! I'm really, really excited to be able to say hack the planet on a DEF CON stage with a dinosaur in my ear. I'm Beau Woods from ICS Village on behalf of the other founding members, Bryce and Bort, Tom Van Norman and Larry Van Enderweel. I'm really, really excited to be here to talk to you about our first ever black badge giveaway. If you didn't get down there to see us and you don't know us, there you go. ICS Village, we incorporate it as a 501c3 nonprofit educational organization. We want to have experiential learning and learn by doing. Basically we want to get shit done and not go out and spread a bunch of fud, right? So this year we had some really cool stuff down there. If you didn't get over there, we had a simulated water treatment facility. We had a simulated power plant. We had a bunch of cool stuff and our CTF obviously called hack the planet. Hack the planet. So we had over 100 different flags that we could run in this. So we had over 100 different people participating. It was really, really cool. We did a bunch of stuff. We had ICS Rex as we nicknamed him. Next year we're going to be back. We're going to be doing this again. Hopefully we get another black badge. We're going to do it even better and we'll have twice as much monster. So our winners this year was really hard fought race but we got a couple that we want to point out. Number two winners, Rockettes times two. Raise your hand. And then the first place, the winners were hashtag fuzzy snuggly duck and they get our first ever black badge and that looks badass. Thank you, hack the planet. Spoilers. All right, this is a first year contest but they put a significant amount of effort into it. You may have seen people wandering around with the NPC. Hello, my name is NPC on their shirts. So they included a bunch of other folks in the contest and made them not only folks who were competing but you could also participate as part of the contest. So I thought that was really cool. So welcome to the stage, Dungeons at DEF CON. Thanks, DEF CON. So D&D was Dungeons and Dragons, kind of inspired multi-layer crypto interactive puzzle campaign contest. So the teams were competing in all these various side quests that included crypto puzzles, all sorts of cool things interacting with NPCs and then they all had to coalesce together and solve this main quest puzzle where they were trying to identify a wizard that was taking over DEF CON played by Grifter. Our teams did a fantastic job. We ended up having to turn away like 30 teams. We capped registration at 38. Amazing turnout. We were so proud of everyone that competed. We had some people do amazing things. One of the guys, IAF, ended up flooding his hotel room, trying to steam open a letter that he had to figure out what's inside without letting us know he had gotten into it. We had another team that built a paper enigma machine to try and solve a puzzle that had absolutely nothing to do with enigma. But mad style there. They confirmed with the crypto privacy village that it actually functioned. So mad props there. Our... There we go. Our winning team, though. I mean, wow. First of all, two Roots of Salam veterans. So that lets you know the caliber of people that are coming out of that village, man. Watch out for these kids. They just destroyed things. It was amazing. And they have one of the coolest names, I thought. So our winning team, Murder Hobos. I like about a couple of kids winning a Black Badge is how much it's gonna cost Jeff. The oldest guy. He looks pale. Oh, that's all of us. All right, these guys took a break last year, and we missed them incredibly. So we reached out and we were like, are you guys coming back? And they were like, yeah, we miss you too. And so back they came and they were swamped. The entire time the contest area was open. So let's hear how they did it. Open CTF. So Open CTF was a collaboration this year between Vand and DC562. We had a great turnout and would like to thank Grifter and the entire contest staff for keeping the area at a reasonable volume between the hours of 9 a.m. and 9 p.m. The contestants who played Open CTF ranged from complete beginners to previous DEF CON CTF winners. In order to win Open CTF, your team needs to have depth across multiple technology disciplines, including binary reversal, cryptography, web hacking, networking, and forensics. Our teams demonstrated that skill over two days, hacking through several dozen challenges with the contest being neck and neck until the last hour Saturday night. In keeping with the principles of Open CTF, we would like to call out the three teams that submitted the best write-ups. BotchSec, Girls Taking Over, and Donkey Kick. We will be retweeting and posting those write-ups so that if you're new to CTFs, you can take a look at those. And for our top three teams, in third place, we had Ghost of Brittany. For second place, we have an Open CTF regular and previous winner from Seattle, Nag9. Yep. They had a... We released the source code to our scoreboard about four hours before the game ended and challenged the teams to hack it. They actually did and claimed those points, which put them into first place with about an hour left. Unfortunately for them, another team scored at the end and to introduce our winners who were previous third place finishers of Open CTF, from Europe, not problem. Oh, my sweet, sweet had Nag9. They need no introduction, social engineering CTF. Okay, we got some stats for you. We had almost doubled the space this year. That was pretty awesome, huh? That was really awesome. But you guys still waited three hours in line, so sorry about that. Really, shout out to my team, man. These guys are just awesome. Aren't they? Anyone who visited the village? Come on, they're awesome. Okay, here's some stats on the competition. The contestants spent over 680 hours in doing OSINT just for the competition, the three weeks prior to handing their reports in, which constituted 456 pages of OSINT that we had to review before they can get in the booth to make their calls, which is just ridiculous. 280 minutes of calls were made during the SCCTF just over the last two days, and we played 40 hours of clutch in the village. So I think that's the best statistic of all, if you ask me. One quick story, if I have just 30 seconds, the best story so far of SCCTF this year. Some contestant got a company, JB Hunt, and they're supposed to do a little research to get numbers to call. And he did research and found a person called JB Hunt, but he didn't know it was a person, because when he checked the number, if it was real, the guy answered JB Hunt, so he hung up, but you're not supposed to communicate before the SCCTF, and he called this guy and guy answered JB Hunt, and he's like, you got three minutes of time? He's like, I'm watching the Cubs game. I'll give you two minutes. And we're like, wait, this isn't, after about a minute and a half, we realize the guy doesn't even have a computer. He doesn't even have a computer. And I'm like, cut it, don't make the call, and the guy's still trying to get flags out of him. So we found Mr. Hunt is a little vulnerable, so we're gonna help him out afterward. Okay. Yeah, anyhow, you may be familiar with this wonderful woman standing to my right, Rachel Fabetobak. She has taken second place again. So we have another one. You're gonna have a collection of these. I mean, seriously, she has a wonderful little award, plus a challenge coin for you here. Awesome. And this is also another first for SC Village. This is the first year where we had two women dominate the competition. You may be saying, what? He's an ugly woman. That's because Whitney Maxwell, who won the SECTF first place by a huge landslide, she couldn't make it. She had to travel home. So Patrick is here accepting the things for her. So what we have for Whitney, by the way, this is super special, super special. I hope she likes bourbon. This is a TX brand bourbon. It's been customized by human hacker and something really cool. This is the first year SECTF t-shirt. I had one left. We sent it to them and they made it into a cap for the bottle. So yeah, this is an SECTF t-shirt for Whitney. You get the awesome human hacker award for being the first place. And this is our ninth year doing this. So we got number nine challenge coin for Whitney too. And then, you know, Whitney's not here. So maybe I should just hold on to this for her. Just saying. No, I won't do that. And then of course, Whitney gets the awesome black badge. We'll see you next year, guys. Thanks. So again, what are you pointing at? All right. So you may have seen these guys before. They put together one hell of a competition. Obviously, IoT is something that we hear about day in, day out. And they set up essentially a gauntlet of ridiculousness for their attendees to jump through. They leave educated and then sad about the world. I'll let them tell you why. So hopelessly broken. Hello, everyone. I'm so happy to be here. This is, what, our third? Yep. Okay, it's our third black badge. It's really awesome to be here. We had a crazy contest this year. We were tracking some of the targets that were being attacked. And we got up to about 51,000 attacks launched on our network. So that's really impressive. So thanks to everyone who played and contributed to that onslaught. I want to give a round of applause to everyone who played. So in third place with 37,000 points is Quantum Blockchain. So congratulations to them. In second place, they did complete all of the devices. So they did, you know, put on all the devices. How many devices do we have? 18. 22. 22 devices. So they got, they, they put on all 22 devices, but they came in second because they'd not put on them first. So that was Pony IP. So round of applause to them. Now in first place is a team that, you know, has been playing for a while and they finally really, I think, you know, they got it, right? And they had a great run this year. And once they got first place Saturday afternoon, they completed everything first. They, they were like, we're canceling our flights because we want to stick around just to see if we get to be on stage and receive a black badge. So thank you for canceling your flights and joining us on stage is team, oh, knock, knock, knock, X90, X90, X90. Yep. They're just going to briefly say thank you and what they plan to do with the prize money. Yeah, so just quickly, I want to say thank ISE and the IoT Village for putting together the CTF. Congratulations to the other guys that competed alongside of us. You really kept their hearts pounding in our chests up until that the last moment that we got the last box. We talked about what we're going to do with the prize money as a team. We're going to be dedicated going back into acquiring more IoT devices for more research and testing and hopefully we could add to the number of devices that are in the CTF for next year. Our next first year contest and a black badge contest of that. These guys got so much praise from the attendees who were competing. They absolutely loved what they put together. If you made it into the contest area, this was toward the back. There was a plane and a train and once again, sadness. So we'll bring to the stage Red Alert ICS CTF. Oh, hi. Hi. Hello. We are from Korea and Singapore. Yes, South Korea indeed. We are very excited to introduce the Red Alert ICS CTF at Afghan. It's the first time. Anyway, thank you so much Grifter and Orgun to give us a good chance. This is CTF based on real world scenarios and including simulation of aircraft, small city, railway and traffic sign and also power plant. As we are IT security engineers, not only ICS, but also we are focused on how to break through from IT system to OT system using air gap by passing treats. Yeah. Anyway, Ben, we'll talk more. Yeah. Thank you. So we had two and a half days of challenge. Our participants, they were very happy trying to play our CTF. So yesterday, we actually released a very special challenge, which is a DEF CON special. We had the teams had to chuck down a beer and 10 seconds for 3,000 points. So four teams participated, two team won and two team lost. So the two team that lost had to lose 3,000 points as well. And our leader, which was the winner, they lost their lead yesterday after two days lead. But eventually today morning, they took back the lead and they are the first place. Yep. So I'll just announce our top three places. The third place was actually team rebate. They had 20,000 points. The second place was a new country. They had about 25,000 points. And the first place we have CTF SG with 28,000 points. So we have the winners here. And also the black badge goes to them. They have been playing nonstop for two and a half days. I personally seen them done the work and they are really very persistent in trying to hack our simulations. And also since this is the first time we have brought, we have held the CTF and DevCon. So we are actually being, we are very honored to be standing here on the stage at the closing ceremony. So we'd like to thank everyone that participated, came to our booth and also Grifter, Brian and all the other goons again. Thank you. I love this contest. So these guys put together a bunch of minigames. And essentially it's, I mean, it's a bunch of points from all these different things. So if you suck at one thing, you can redeem yourself somewhere else. And I think that's great because sometimes you go into a CTF and you just feel beat down. You don't, you hit something that you can't get past and then you're stuck forever. This makes sure that that doesn't happen. And I love that about these guys. They've been on the stage many times before and here they are again warlock games. All right, good afternoon DevCon. You know, you get to that point where Red Bull just isn't enough anymore, right? You need to find a different energy drink. So if anybody's got ideas, let us know. Spent a long weekend. Brondo. Brondo. So, yes. So this is our fifth year coming to DevCon as a contest and standing here on the stage for our third black badge is just as humbling as receiving the first. So we're very appreciable and honored to be here. Special thanks to Dark Tangent, Grifter, and Pandero. So we started Friday at 11 a.m. and ended Sunday at 12. We actually extended it two hours so that we could get the last bit of points in there. So the kinds of things that we do are the things that you would expect in the CTF. There's the binary, there's the reverse engineering, the web. And the challenges that these guys had to go after this year dealt with the global government, cyber security enforcement agency, because we all want to hack the government, right? So they had to go against those guys and Torba enterprises as part of their web services. They had to reverse engineer binaries, which were authentication tokens for the GovSec.agency. So that was the onboard items. Then we had things at the table, the physical security side, right? So they had the lockpicks that they had to go after. And if you didn't do so well at lockpicking, you could always jump on the end of the table and play a few rounds of Fortnite. Any Fortnite players out here? Yeah, a couple. Not my game. But my youngest son could probably, he definitely has it. So we offered a lot of different points. We even had a t-shirt for our Defcon 26. We always get a t-shirt going this year, how to puzzle on it as well. So even if you can do anything with all your other challenges, you can at least solve that and get some points on the board. So our third place team scored 2,350 points. And they actually led a good portion of the way, which was pretty impressive. They're a team out of Europe somewhere. We won't specify exactly where they're from or who they are, but we've seen them before and they played a fantastic game. That was Dank Memes. I think they may have already departed. Our second place team with 2,425 points was Ambush. And they played a phenomenal game as well and the lead actually swapped within the last hour of the game. Our first place team, PTFS, with 2,550 points. Defcon, thank you very much. We look forward to seeing you next year. What are you shaking your head now? Don't shake your head now. Just get up here. Wireless CTF. Hey, Defcon. So we're back again. I think this is our 13th year running the wireless village and we're super psyched. We got more space this year. Thank you guys. Appreciate it. We really do. Every year we try and make some changes and this year we did. We had over 20 foxes go out over the course of the con, which meant that our guys that were doing well, I'm getting books thrown at me. Wow. The guys that were doing well and the guys that were doing well were up for 24 hours a day for three days straight. The foxes were 24-7 when they went to sleep. They became hide-and-seek. We also partnered thanks to HiWiz with the Furries. So we actually had foxes that were foxes. Yeah, that happened quite a bit. And thanks to Renderman, I must say there was a IOD fox, if you don't know what that is. It was a butt plug that was walking throughout the conference, inserted, and being spoken to during the course of the village. I'll let that one sink in, literally. So that being said, we had one team that came back, came over from the East Coast with us, comically speaking, and they just tore it up. So software-defined radio, Wi-Fi, Bluetooth. We're doing full-on unbeaconing Bluetooth tracking on a phone, and they were extremely successful with it. So I want to bring up the Majestic 12. Oh, one other thing real quick. So we had one other contest that was new this year. We had King of the Hill. We've been trying to do it for many, many years. We had a router running 24-7. It was up for 51 hours. 48 of those hours, there was connections every minute. We had three hours of downtime for the entire conference of people trying to attack it. So we've just, we've expanded quite a bit, and we've done a whole lot. We've got some amazing sponsors, and now we've got a Black Badge. So Majestic 12. It's ticking. I want to give this away. It's ticking. I would just have a couple of quick words, and that's basically just to install Pintu. Thank you. Thank you. Good job. I'm surprised you're still awake. That's pretty impressive. All right. So these next guys come out of the packet capture village. Woo! Yeah. I also like packets. So a couple of years ago, they asked, well, how do we become a Black Badge contest? And they had multiple contests that were going on in there. And I said, well, all of these contests only take a couple hours for the attendees to compete in. So what we want for a Black Badge contest is something that you really have to invest time in. You hear about these contests where people compete all weekend or for some 24, 36-hour stretch. So we were discussing it, and they were like, okay, I think we can make it harder. And then a couple of years ago, they just combined every contest they had into one mega Voltron-like contest. For some reason, they haven't stopped making it harder. So every year, they just up their game and up their game. And this year, it was difficult enough to knock out some really veteran competitors. So I think they may have found the right spot. So up here to talk about it, capture the packet. Hey, everyone. This year, packet hacking village was insane. I want to thank the DEF CON staff. It was an awesome space. One thing we kind of noticed in the terms of villages and anything under 1,000 is a village. Anything over that is a town. And I think we've hit town because we're crushed in that space again. How many of you were at the packet hacking village at one point? Right, by raise of hand. All right. So thanks again. That was an amazing space. We want to thank all of our volunteers. The people that made it happen. We had over 100 volunteers. Our ops crew that nobody sees but makes it happen in the background. B-Box and Preduration and all the leads that were there. My partner in crime, C-Docs, just was awesome. So this year, we changed it up a little bit. So to make it so that more people could compete and capture the packet, what we did was we made three events. So we had packet inspector where you've never touched anything before. You want to try. You sit down. You play. Then we made packet detective. You go to the next step. Middle, you play. You learn. We have people there teaching you. And then when you're ready, you jump into the deep end. As Grifter mentioned, I think we made the deep end a little too deep. But we intend to make it deeper. So bring it. And then as he mentioned, it's a little of everything. We have a lot of crazy things in there. Data exfiltration, custom protocols, custom crypto. Yeah, we rolled our own crypto. And we had some ridiculous stuff in there. There's the steganography in there. We had a great time putting stuff all over the place. And out of the entire conference that played it all, the hundreds of people that competed, we only had 26% of the challenge solved. So maybe a little too hard. Maybe a lot. What do you think? Keep it there. Do you mean torture? Yeah? OK. Keep being mean. Noted. So we had companies coming up to us through this whole thing and are like, will you share the winners with us? We want to hire them. So not giving out any information to anybody. We'll let them know, hey, there's people that want you, but no. But we had this absolute awesome team. They competed a couple of years ago. And one, prior to it being a black badge, and had the pouty face. And they came back year after year. And they finally got it. So this is like their fourth, fifth year, something like that playing it. So I want to really thank the team. And then their name is What is a Packet? And here is their prize, Wado Cash. Oh, Wado Cash with that. Thank you, guys. William Ray. And one last thing for Wall of Sheep. Your APIs are leaking like hell. See you. And now, yes. So you may know these guys. You may not. They call themselves the Order of the Overflow. And even if you don't know them, you know their contest. Capture the flag. Hello, hackers. I'm Zardis. And this is the Order of the Overflow. We have been here among you since DEF CON 9. We have been playing CTF since DEF CON 12. We were raised in this community. And now we are professors, freelance hackers, engineers. And we are still here every year playing DEF CON CTF and now hosting. We played DEF CON CTF for a long time. And when legit BS, the prior organizer stepped down, we fell the call to step up and carry on this tradition of an awesome game for some of the best hackers around. We had three guiding philosophical principles. One, we wanted to be inclusive. We wanted to raise the inclusivity and the positivity of this community. Two, let me look them up. We wanted to be inspirational. We want to inspire the next generation in a similar way that the amazing hackers we saw as we were walking around DEF CON 9 completely clueless inspired us. And number three, we wanted to innovate, responsibly innovate the game into new areas, new formats, new types of challenges. And so I'll talk a bit about then innovations that we did this year. One was kind of scooped a little bit by an earlier CTF. We integrated capture the flag. We integrated capture the flag. We integrated king of the hill and attack defense services together. So in a traditional attack defense, teams attack each other to steal information and try to defend themselves against the attacks of other teams. With king of the hill, teams additionally had to create the most elegant or the best solution. Additionally, we tried to have a much, much higher emphasis on raw hacking skill. To do this, for example, we delayed the release of network traffic significantly to force hackers to come up with novel original exploits instead of script-kitting them off the wire. Right. And third, with the rise of automation, the cyber grand challenge recently and all of this awesome new technology, which is really cool, it has become much harder to actually tell where the human skill ends and the automated skill begins. In many contexts, this is great, but in CTF we wanted to find the best humans and identify even among them who the best hackers are. And so we heavily limited what is probably currently the most advanced part of this automation, which is automated patching. We heavily limited patching so that teams could only patch a certain amount of bytes per service. So we had a service with multiple vulnerabilities, for example, where teams had to patch in under 10 bytes and they did, which was incredible. So with all of this, of course, we had to keep DEF CON CTF as this awesome top CTF and with this came some traditions, which we embraced. We had multiple qualifying events, the best CTFs in the world, from which the best hackers in the world qualified for DEF CON, hosted by awesome, amazing conferences and awesome, amazing teams. We had our own qualifying event and overall over 600 teams played in our event, of which 24 qualified together with the prequels. And then we made this game and it was an absurd amount of work and all of these fine hackers can complain about it a lot more than I can, but we haven't slept in, you know, six months. We, of course, had issues with our first year running this. It turns out when you invite the best hackers in the world and you invite them all to connect to your network and you invite them all to attack everything, shit catches on fire. So we had this awesome situation, set of situations where we would be fixing stuff as it was burning and overnight the teams would be hacking things and we would be fixing things. And then in the morning they would hack the things we fixed, it was pretty incredible. So everyone had a great time before I get to announcing. Oh, yes, and we captured, of course, all the packet traffic, we captured all game events. We accumulated an enormous amount of data overall that we hope would be very useful to the community going forward to analyze how top hackers perform. So before moving on to announcing the winners, I'd like to give special thanks to a number of people. For one thing, the entire DEF CON crew and the Goons, Forkus, Brian Grifter, Dark Tangent. I'd like to thank also Encore. They helped us set up our AV stuff which hopefully the hackers found extremely distracting and you found entertaining. We'd like to thank Legitimate Business Syndicate which is the prior DEF CON CTF organizer. Yeah. I was supposed to be able to call out Guy Novito, Sir Goon, Lightning and H.J. there. Amazing set of people. And special thanks to our poor undergrads that we brought with us. These ASU students, I don't know if they're here, but we basically enslaved them for a weekend. They were running cables, running water, running coffee, they were running everything except for digital services. That was us, unfortunately. And we'd like to thank our families who haven't seen us at all, you know, again. And I'd like to thank my team here. None of this would be possible without them. So we have Slipper, Incredible Hacker, Adam DuPay. He's okay. We have Odo, Tiffany Bau, Davideh Bazaroti, Jeffrey Crowell, Ray Yammer, Noel Poiner, and Alexandros Capravelos. Give it up for this amazing crew. So we had an interesting issue this year with the room. We had to fight with the fire marshal and we had to fight with that balance of trying to get people in the room without getting the event shut down for the risk of everyone dying in a fire. So Dr. Tangid is interested in a show of hands. How many people went by the room this year? Woo, awesome. All right, next year. Make sure to spend even more time there. We have a lot of interesting stuff planned. If of course we are invited back. Absolutely. All right, so I'm going to move on to announcing the winners. But as I do so, keep in mind that you can be up here as well in a couple of years with enough practice, enough work, enough perseverance. You can take their place and you can take our place. You're the future. Yes, please take our place. All right, so without further ado, let's move on to our winner. So in third place, we have hacking from Taiwan. Hitcon. So third place, just wave. All right, we're doing it. Third place run through. Jump around. Good job. High five. All right, give them a hand. Get out of here. Good job. In second place, they asked me to announce them as first place, but I cannot do that. The Blade Parliament of Poning. Good job, guys. Good job. Give them a hand. All right. In first place with a motto of when research means meets hacking, deafcore root. So we will now confer the black badges onto our winners. They're more than eight of you here. We will confer the black badges onto eighth of these brilliant hackers. So give them one more round of applause. And let's do this. Final round of applause for deafcore root. Thank you all. We hope to see you next year. And remember, obey the order of the overflow. I was going to say, is that yours? It's ours now. So again, thank you to all of the organizers and all of the contestants, not only for, you know, designing and competing and all these things, but also for creating a really cool atmosphere around deafcon when you see these folks and the level of focus that they have, whether that be, you know, on hacking some of the most complicated systems that these guys can craft for them or the dedication they put into a tinfoil hat. You know, we love seeing it and it makes us love deafcon. So thank you again. It truly takes, I think I put in the program, over 15, 16, 1700 people to put on the contests, the goons, the villages. And you can see the departments here. We have almost 450 goons, just to try to make the departments work. And so you can see all the departments that we have. And I'd just like to give a round of applause and a special appreciation just to all the goons that work year round to get ready. So when people talk about it, we really exist to try to provide that platform for everybody else in the community to run their event. And you can see it takes a lot of people and a lot of dedication. So we have some goons on the way retiring and we have some new goons coming in and we just want to call out the gold badge. When we retire, when you retire, let me rephrase this. If you've served for 10 years at DEF CON, for more than 10 years, you get a gold badge. And the gold badge sort of acts like a black badge in that you put in your time, you've got the scars, the psychic wounds. And so we will bring you back. You can come for life, right? You're always one of us when you're where the walking wounded of the goons. And so I just want to say thank you to all the goons of the past that have done that and retired. You're always welcome. And then I want to welcome the new goons who don't know what they've gotten themselves into. Is a major malfunction here? So we have a QM stores. And if you think about who's in here the longest, even longer than the knock, the knock has to get equipment. Well, they have to pick the equipment up from somewhere and that's our QM stores. And so we have a little story here where the QM stores, we have warehouse space all over Las Vegas in multiple places. And we have all these semi trucks that swoop in and bring literally thousands and thousands and thousands of pounds. And I think last count, we had like over 60 pallets of equipment. Yeah, pallets. And so this year, you might have seen online, we have our poor projectors. Poor, poor projectors. 1-1-3-0-6-2-5-7-6-9, which tells you something that we have over 100 projectors. And there's a little bit of a mistake. We got a call that said, hey, four of your projectors all just failed. We need more projectors. And that's a white coincidence. 18 volts, you don't want to plug into the HDMI port that is expecting 5 volts. Or it lets all the smoke out. And so here's our Pelican case where the wrong voltage plug was plugged in to the HDMI distribution block and they all died. So we're going to pour one out for the projectors. Okay, so next year we're going home. We're going home next year to Paris and Bally's, a place we know and love, except we've kind of grown up a little bit. And so we've had to expand a little bit so we're plugging into Planet Hollywood. So instead of forcing you out into the orb for 10 minutes or so, we're hoping we can get that down to like maybe a minute. Less cancer. So next year we're hoping to have more square, the same or more square footage, three hotels, maybe a fourth if we have to. But we're going to be back at the Paris Bally's plus Planet Hollywood, more hopefully workshops. And that is what I've got to say. Oh, one last thing that's not on the slides. In case you're keeping score. Last year I talked about this desire to expand the DEFCON culture overseas and we were talking about maybe doing a DEFCON China. We did that. It happened. Those are the people that actually win. So we tried a DEFCON China. It worked. We were planning for 600 and we got 1400. It was a huge success. And so don't be afraid. We're doing DEFCON China again next year. We want to get you involved. And so we have DEFCON China t-shirts here that are like electroluminescent and they light up. We don't know yet. Yeah. And so our friends over here from the other communist nation of Cuba is jealous that the nation of China has got us. So our other communist overlords here want us to come to Cuba. All right. Thank you so much. I don't want to say goodbye, but I have to say goodbye. We're going to put everything online. We're going to get everything. And I hope to see you at the bar downstairs. Thank you so much for an amazing year. DEFCON 26 is over.