 Have a good time, turn it over to you guys, congratulations to all of you guys that worked and didn't come to any talks. You know that, that is the slogan for contest and events, not one talk, not ever. Right? So thank you for creating all the content that keeps people from going to something they can watch later on YouTube. And speaking of YouTube, they're recording this. So this will eventually go online. So if you want to come up here and be in the YouTube video too, you can do that. Really, we're off the rails completely here. Just do whatever the hell you guys want. Alright, just so you guys have head up, the main closing is at four. Paris Ballroom, so the big giant over there. The rooms you didn't go to again. And that's where the black badges will be awarded. So I already thank you. Yes, that is also where the wrap will take place. Alright. And then big thanks to our contest and events goons. You may have seen them sitting on their asses in the couches in the center of the contest area. It's a hard job. The hardest of all the goon jobs, I think. So thanks, guys. They really held those couches right to the ground. I mean, without them there, they would have floated up to the ceiling and just danger. Alright, so let's get this kicked off with the beverage cooling contraption contest. If you're in here, here's how this is going to roll. You get two minutes, talk about really quick what your contest was, what people had to do, and then who won. Is there anybody from beverage cooling? This is going to be a dumpster fire. And apparently y'all didn't hear Grifter say, get in a line. Are you coming to get a selfie or are you with the beverage cooling? Okay. Are you going to come and get beverage cooling and selfies? Answer the question about the selfie. He doesn't do selfies. So if y'all could actually physically remove yourself from the seat and start lining up as we go alphabetically, so Grifter doesn't have to watch you climb out of the seat. Oh, he's taking a picture. Okay, so to start this dumpster fire off. I'm beverage chilling. I'm first because we're a dumpster fire. It's fine. So this year, this year, we had, what, four teams? Four teams. It sucks. Come on guys, we need more teams. Seriously. And it's a free beer. An after party and it's free beer. If you compete, you go to our after party. Come on, it's easy. Anyway. So we had four teams. One team brought a contraption for unlimited. It did not go well, but that's fine. We had three hacked teams. And over here, no, oh, there he is. We have Team Hebrew. Our first place, they got the target temperature of 44 degrees and 1.5 minutes. Which is okay. Congratulations. Yay. So going forward, I would like to see more people there. We're going to continue to fight to get to better places. Can we go in the smoking area by the Paris, you know, when you're walking out there next time? Like just you and me after this? Yeah, absolutely. You're a handsome man. I'm in for like next year. Thank you. You are too. Next year? I was kind of hoping today. All right. Well, I'll let them continue on the next contest. I think I've wasted my two minutes. Congratulations, Team Hebrew. Everybody, once again. So real quick, if you are winners, you can come up here on stage. As they announce you, we'd like you all to come back this way. We'll get a little bit more information from you. And then you can go drink and party. All right. So just so you know, if you are a first place team, like we don't have a lot of black badges, right? So you get a human badge. That's it. I mean, it's more than nothing, right? So if you're part of the first place team, then just roll down there and talk to these guys and they'll take your information. So next year you can pick it up at reg. I appreciate it. All right. Oh, here they come. It's gorgeous. I'll get some semi-alphabetical. Hi. So we're at the biohacking village. This year we had a really crazy setup. We had a fully immersive hospital setup that was part of our capture the flag. So you would go into these different hospital rooms, look for things. Super fun. We had a bunch of people come through. Anybody want to guess how many people we had come through just the CTF area? Three. The correct answer is over 9,000. I'm disappointed in you all. We had over 9,000 people come through that environment. A bunch of them played the CTF. I'll hand it over to Fotos to tell you about who played the CTF and how they did. Yes. So we had like over 40 teams. Smallest one was one player. Biggest one was eight team members. We had many challenges including emulated medical devices, you know, hacking healthcare protocols. The idea was that the hospital is under a cyber attack and you're leading an IT security team to make sure, you know, you remediate everything but by also showcasing some of the offensive techniques against some, you know, targets. So the winner is Merff Law. Is anyone from their team here to get the prize? I hope there is. Otherwise, you'll have to claim it afterwards. You can just stick them back here and the goons will divvy them up at the end. Okay. Anybody who doesn't show up for this will raffle it off at the end. Just use the same ticket you already have. Cool. Thank you. Alright, crack me if you can. I'll see you. Hi, everyone. I'm Inga with CoreLogic. I started cracking me if you can. It's our ninth year. So it's the password cracking contest. So yeah, it's our ninth year. This year's theme was change your password. And it was kind of based off of NIST coming out and telling people not to change the password, which is not my preferred opinion. And so the main thing we did this year was we gave the team's historical passwords of individual users, you know. Oh, here's their old password and you have to guess their new password. And when humans change their password, they do it and, you know, they don't make it completely random. They do things due to human nature. But the main thing we did that was mean was we used S-crypt for the new hashes. And we made the amount of loops be an amount that's higher than normal but still fits the standard. And oh, by the way, it's not supported by HashCat out of box. And so they have to fix their code and everything along those lines. And so that was the, you know, that's the gist of the contest. The teams, they have 48 hours. They go nonstop. The teams are however big as they want. Back to the S-crypt. So that's about 200 tries a second per GPU card. So it's really, really slow. So just real quick, if I can rant for 10 seconds. You know, everyone does password cracking. We all do it, whether they're part of our job, things like that. So like, but it's just not sexy anymore. The community's shrinking. So like, I really would like to have more people come in and join in. 10 seconds is up, get off. Yeah. So anyways. So teams will do write-ups. Teams will share their code. They'll push out HashCat, John fixes and everything like that. They'll publish write-ups. And since it's the ninth year, you can go back and read their write-ups over the past nine years and learn how to be a better password cracker and things along those lines to look out for those here soon. We have a pro in the street. The pro teams, team HashCat, they won in the last 10 minutes, last 15 minutes of the contest. So they were going back and forth. And the street team is HashCraftsmen. So anyways, thanks a lot. See you next year. All right. Creative writing. Anyone? Anyone? Anyone? They're probably not here? It's online and they actually finished before DefCon starts. They finish even before DefCon starts. Are you going to repeat everything I say? A bunch of damn try-hards. So. Weird mustache. Watch out. Incoming Heidi. So Brian emails me like 15 minutes ago and says, Heidi, I'm short. I'm on my tiptoes. Thank you. I haven't seen any information about the winners of the beard contest. And my reaction was, oh shit, I was drunk. I don't know. So I madly texted all the other judges who then texted me back and said, also, oh shit, I don't remember. So doing the best we could through mad texts. We think that the winner, are you going to, what are you doing? I'm not doing anything. You're doing great. I said, please come up here with me. I hate microphones. And then he laughed at me. The winner of the beard contest, whose name I can't remember, but we'll just call him the hot Santa guy. That wasn't his real handle. We gave it to him. He was definitely a hot Santa. He will be hot Santa guy. The winner of, oh my God, the winner of the freestyle contest was a dog. It's right there. Shut up. I know. Because I tested it back just a minute ago. It was brimly, brimly the dog won the freestyle contest. And that's so much easier to read. The winner of the stash contest was hazmat. Now here's the thing with the beard contest. I know when you guys do your black badge decisions, you take into account how much time the contestants spend preparing and playing. Yeah. So some of these guys, 15 years, just saying consider it for next year. Sorry. We had one real neck beard, and it was like six years in the making, and it was about this long, and it was actually pretty impressive that he had cultivated. He could barely grow any facial hair, but he knew he wanted to be a neck beard, and he really pulled it off. It was awesome. And also we raised... Wait, wait, wait. Oh, sorry. Okay, fine. Take my thunder. The real big deal at the beard contest is that beard only matters about 50% of it. It's a bunch of bribes, sea, liquor, and money for the EFF. And this year we raised $2,174, which is a beard contest record. Yay. They have to come bike ride. Hey, come on back up. Hi, we're back. Don't pay attention elsewhere. Wait, wait, wait. Can I do this too? So every year for... Nine. Nine years, thank you. I can't see that, so it doesn't matter. We have taken anywhere from, I think the first year was like 20 to 50 hackers out into the desert doing a bike ride very early on Friday morning. You should all come with us. Yeah, and it's actually a giant misunderstanding. Me and JP, one of the organizers, 10 years ago, he said what I thought was we should do a ride to Defcon. And so we trained for two years, and we bike cross country and came to Defcon when it was at the Rio. And what he'd actually said was we should do a ride at Defcon, which is slightly different. A little less planning involved, but he was a trooper and we rode cross country a few years ago. But actually we continued to do this bike ride. It's 23 miles. We get out there about 6.30 in the morning. You're back in time for the tracks on Friday morning. It's awesome. To date, no one's died. So we're super happy about that. If you want to hit that record first, let us know. No, no, no. But you will curse our name all the way out, but I promise you you'll be smiling all the way back in. It's super fun. Also, there's no contest, right? It was all just like participation trophies. Good job, everybody. Then no badge. Yeah, and a little bit. I'm hard at the alphabet, so we'll see. All right. Defcon, Ham Radio, Fox Hunt. Scav Hunt. Yeah, we need music. I don't have music. All right. Hi, I'm Evil Mofo, and these are some of my fellow judges. We are more scavenger than human. If you may have noticed, we are the best way to experience Defcon. If you haven't noticed, we're sorry we're going to try harder next year. So it's important to note this year's third place team played for nine hours. They got the list at 2 a.m. last night. They had to catch a plane at 11 this morning, and that was most spankable butts. In second place, we had UDOD forever. UDOD forever. And first, PBS loves the BBC. Oh, yeah. Awesome. You are very welcome for the amazing music, including the conga line that closed the contest area. They can come get their stuff. Oh, yeah. Come on. Get up. That's how this works. That's how this works. Go on the stage already. While we wait for them, what kind of stuff did they have to do? Do you not know? Do I need to put a trigger warning on this? Trigger warning. Every year, we have... Everybody comes up and asks, hey, what's the most amazing thing? And this team turned in a Sean Young blow-up doll that was sloppy seconds from last year that they tested a black and record rectal checker on, and they posted the video to Pornhub for four items. Stuff like that. DT is here right now. Oh, yeah. Also, you may have noticed we had a pre-con list. May I introduce DT? Ten years of my life. You know, I tested. I didn't have fun. And now, it's just wearing on me. The stress is too fucking much. You know, there are season... fucking season paralysis up my ass every time. What do you fuckers do? Something ludicrous? And then the attendees, there's no grace with you either. You just can't quit and stop your pitching at me for every fucking thing that goes wrong. You know, we used to... We used to be able to have this contest... How much material do you have? In one hotel. It used to be four minutes for a stretch, and now it's feeding. You fuckers are so gracious. We're cancelated. Holy crap. Up here. All right, D20, good luck following that. So, we ran the D20 CTF again this year. Slightly different rules, but same hot dog costume wearing maniacs smashing things with a sledgehammer. We ran into some logistical issues that among various things resulted in us not having a sledgehammer or a 20-sided die the day before the competition. Those are Walmart. We made it work. We made it work. But... There's an app. Yeah, yeah. Exactly. It's a sledgehammer. Walmart is a beautiful thing. I mean, yeah. But... So, we figured it out, though. We made it happen, and I want to first congratulate our winners. So, in third place with... You guys can read it. So, Big Ho Joe in third place. Red Hat August in second place, and Magnum in first place. So, some notable and awesome things. Magnum solved three of the highest point challenges in the first 20 minutes of the competition, which is fucking amazing. We saw very serious entries this year. Last year, we didn't really have anyone that put together a physically hardened machine. But this year, we had multiple competitors. So, I want to give a shout out to Aspen Scythe for having an awesome sort of acrylic and wood case around an all-in-one machine. And Red Hat August had a fantastic entry that was a raspberry pie encased in a solid block of resin, which was then suspended by springs inside a welded metal cage. And if you're wondering still, which machine survived four rounds of damage, including two smashes with a sledgehammer, that's the one. It was good. We're going to have to come up with some more destruction methods for next year. Apparently, it was tested in a bathtub, so there was that. So, we need to bring our A-game next year, I think. So, congratulations to Magnum. Magnum, are you here? You get nothing. It seems like in a Red Hat August? Also nothing. Well, Bekojo? Nothing again. All right, so... I do want to ask, you guys collaborated though as well with another group this conference, didn't you? Yes, sort of. Again, the logistical issues prevented us from doing a lot of stuff that we wanted to. But yes, we collaborated with the Carhack Village, and they did a bunch of destruction stuff in a very D-20 way with their grand prize, Tesla. And we did manage to get our Tesla gun to them, to Tesla the Tesla. So, that's a win. A small win, but a win. Get your shit together, man. I... Yeah, I know. Yes. I'm not even arguing. Yes. Thank you to everyone who played, and we definitely will be coming back next year. Also, in case you didn't know, we do offer a prize for winning the D-20 CTF, which is that you get to be the hot dog, costume-wearing maniac that destroys computers the next year. That's a good prize. Thank you, everybody. Dungeons at Def Con. Are you here? Oh, that's right. Wait, these are black badge. Well, let me keep going. Hold up, I just noticed the... What the hell was going on on that screen when D-T was up here talking? Was it really? Damn. Written record. Hacker Runway. Why doesn't say Hacker Runway up there? So you got everything the sock puppet said. But I speak, and I feel slighted. That also now. Hack Fortress. Oh, hey. These guys. Don't you guys do enough? This is the last one, I promise, because I'm sick of grifter shit. So, first of all, if Team Big Doge is here, anybody from them come on up? Probably not, but what the fuck. So, we run Hack Fortress. We've been doing this for seven or eight years. At Shmucon, we used to do this thing called Hacker Halo. A bunch of hackers had a bunch of hacking contests, and people just blew each other up on Halo, and then we combined scores and the best score won. One year at Def Con, we did a clandestine land party in my track room before my talk on Sunday morning. So, a bunch of randos, and I got together and did Team Fortress 2 at 9 a.m. on Sunday, which meant there were two of us. So, really, actually we had a good audience. What was interesting was a large number of people watching me and another dude like blow each other up on Team Fortress 2, and I'm like, hmm, this seems like there might be something here. So, we ended up taking out Halo and dropping Team Fortress with a source engine, which allows us to in real time manipulate the game, so then we pick up the hacking competition. So, the hackers, when they reach objectives, can do things like redeem points to set the other Team Fortress 2 on fire, and things like that. So, very interactive game. We designed it as like a spectator thing, crowd around, we got scoreboards, we streamed on Twitch, the whole deal. And this year, Team Big Doge won, this is their third in the row, they won Def Con last year, Shmucon, and then Def Con again. So, they get the giant iron wrench and they lost them a lot of money, because it puts their bag over 50 pounds. So, anyway. Tell them about the blue team guy. One of the challenges in the final one was social engineering, and they had to find the alien through an Area 51 Naruto run rush, and then once you got to the alien, you had to pitch them as if they were a foreign VC investor for whatever logo was on your shirt. So, we had a guy running around chasing her and her alien outfit, and then sat there and pitched black hat, because that was the hoodie he wore. And had such zingers such as things escalate quickly at black hat because they have three escalators. And I've never seen an alien with glasses, that's quite a spectacle. So, we gave him a challenge coin because he basically punned his way through a venture pitch. Also, if you're a VC, I would talk to that guy because he's pretty fucking smart as it turns out. Homebrew Hardware. Speaking in the back door. Yeah, we tried to. Hey, what's up? I'm L.P. around the Homebrew Hardware Contest. Generally, the basic premise is people make a ton of cool shit and we wanted to give a space to show it off. So, we did. This was our first year. We had a pretty good time. If anyone else is out in the audience like third or second place, come on up here. But third place went to Ian Tabor for his SLK and car hacking device. It was pretty wicked. Second place went to Bannon Hammer's Wrath. He 3D printed this pretty awesome rave mask thing that kind of looks like a bird. And first place went to Gretchen from Gender Hackers for their SNES cartridge badge, which is like a whole SNES game and a badge at once. Um, I just want to do a shout out. Thank you to Contest Events for picking us. That's really cool. The judges, Alcantaro, SecBarbium, Zaws. And then HiWiz, he like pulls everyone into everything and I had a tiny idea and I feel like he made it happen and dragged me the whole way and that's badass. Sorry you can't be here. I also love HiWiz. Um, a month ago, I had no idea how to make a game, make a PCB or do anything and I ended up winning a contest a month later so just jump into stuff and have fun and just do it. That was like a verbal bitch slap to all of you. I was like, oh, did you try hard at this? I learned a month ago and I won. Alright, maps of the digital lands. Yay. Hey there, my name is Teal. We did the maps of the digital land. What we did was we allowed people to draw maps of scenarios that represented different business cases. We had a lot of interesting submissions. A lot of people who really knew their networking stuff and we kept hearing that there wasn't enough networking engineering stuff going on at DEF CON so it sounds like we filled a void and we even had a little thing where you could submit drawings if they weren't network diagrams and we had a nice little collection going on that. I'm going to let John continue from that. So we're just going to go off of the winners. We got one through first place, actually we're just going to go third place. There's Nomad 69. Is Nomad 69 up in the building? We've got a bunch of four locals. If you're not here, we'll just pass them down. Second place is Coloq 73. What was that? His mom said he's not here. He's not here. She's like, I know. I drove him home. Who's first place, man? And Brute first place? Brute. Yeah, I'm sorry. Mike D was actually our third place winner. Yeah, he's over in the Def Con now. And then Nomad underscored. I don't know where the 69 came from. It was in the email. I don't know. That was their score. It wasn't a spreadsheet or anything, it was just words. It came directly out of the email. They've been drinking a lot of four loco. That was the score. It's just in his auto correct. Yeah. What'd you do? There we go. That's about it. We got the trophy for first place. I'll give it to Brute when I see him because he's local too, I believe. I'll see him at Amida. Let's get a selfie. He wants to go drink. He's got loco. No, I'm good. I'm good. Don't get in the juice, man. I'm good. Hey, come over here. I'm too black. I guess I need more light. I'll re-text him. There you go. I'm too black. I guess I need more light. Oh, man. It's an invasion. You're going to keep typing that if I keep saying it, huh? Not a problem. If you're here, come on up. All right, then. The CTF is Defcon's approachable CTF designed to be played throughout the con and introduced new players to the game with no pre-crawlification required. Now under new management, Van passed the torch to longtime players and previous winners, Neg9, as the new contest organizers this year. 570 users competed on 229 teams over 54 problems that ranged from cryptography to recon, Ponebles to reverse engineering. We even gave out hardware to a chip that had multiple challenges on board. When many challenges were intended to be easy, we also had a few problems we believed were as hard as the problems in the Defcon CTF. The fight for the top 10 was intense, with second and third place teams changing position less than 45 minutes before the close. But in the end of the day, one team emerged as clear winners. Without further ado, in third place, with 2,040 points is IE6. In second place, open to all, 1,152 points. And the winners of Open CTF at Defcon 27 are not problem with 2,936 points. Please come to the front to claim your prize if you're here. Thanks everybody for playing and remember, try harder. All right, sure. With a box? Good, Lord. You won a box of shirts. That's what that wall is for, I'm pretty sure. Do anything bad to you? No, that was good. What about the bacon? The bacon was good. The bacon was raw. I need the bacon. All right, O-SINT CTF. Now you come up here, you have to ignore these guys they're taking a selfie, you just get up and do it. Hello everyone, we are Trace Labs. We did the missing person CTF using O-SINT all day yesterday. So we had about over 200 contestants across 50 teams gathering some very valuable intelligence on real missing people. There was one clear winner throughout the whole day. Team Wookiees, they showed up right at 10am to start. They went the whole day almost no breaks. So congratulations to Team Wookiees on taking that away. We had about over 2,000 unique intelligence submissions throughout the day. Team Wookiees accounted for about 150 of these which was fantastic and that's why they were a clear winner and they will be getting access to offensive security pen testing with Cali vouchers and Hunchley licenses as well. So congratulations to you guys if you're around here. Take a picture? Sure, take a picture. Take selfies with my Canadian friends. Great job guys. Go that way. All right, Recon Village CTF. If anybody wants to add anything to the transcription when we're done you can come up and say some stuff and make them type weird things. Type something that I don't say. Type whatever you want to say whoever is transcribing that. Hey guys. We were doing a Recon Village CTF which was focused around open source intelligence and finding information around assets and people. We had a winner which was a clear winner from the very starting but they have been competing from last three years and they were doing bang on. So I would like to call the first winner Neutrino Cannon on the stage. Oh, don't do that. Here's your Recon Village trophy and a bottle of taquila as you guys are out. Get that home. That'll be fun to take through TSA. I swear it's under three ounces. Or it's about to be order. All right, can we have the second one? Second place. Cult of the quantum cow. Balls dropped everybody. Yay. This is the cool trophy which I would like to save from the drifter. I don't know. Does everything you give away have alcohol in it? All right, thank you very much. That's what I told you is the one with the hat. Yeah. I mean a gun full of alcohol and a cowboy hat full of alcohol. You're from Texas. You got to be sporting super wood right now. I'm so jealous right now. An alert ICS CTF. Hello. Second year this year for us. So if you happen to walk around and you see some smart city lights are blinking with a freaking crane and some other stuff there, then there's us. So this year we had about similar to last year about 30 teams and the first three places are here. Third place is Modbus. He had 1,460 points. Hexwell's 1,009. And CTFSG is 3,006. So they played really hard. We also had I mean one of the highlights which we can bring is there was a lock picking challenge. Different from the lock picking village they had to lock pick with paper clips. So CTFSG actually picked that. Probably our second place. Hexwell's are you around? Anyone? No? You're here? Come over. Yeah, so I mean I'll just leave it to them to describe the CTFSG. The first three places they have been playing for all three days straight. From morning at 10 until 6pm. So yeah. Second place. We had a lot of fun. We hacked some Bluetooth. We chugged some beers. We stole some password hashes. What else did we do? And that was just breakfast downstairs, right? We blacked out the city. We moved the crane. We had a great time. Thank you guys for the CTF. Thanks. I'll get the first place. CTFSG. It's a very large group. Hi guys. It was pretty fun. I think 1, 2, 3, 4, 5, 6. So many of us played since the first day. I think some of us didn't even attend any talks. But it was a good experience. We managed to turn off the city. We managed to remotely trigger some hydraulics to flush waters. And lockpicks. So I think it's pretty fun. And some of us are actually here first time at DEF CON. So many of us are coming back next year to play the CTF again. Thank you. Hopefully they play our CTF again because last year the first place is also the same team. I mean not the same people but the same team. Alright, so hopelessly broken. They're taking selfies Heisenberg. Give them a break. We told them they could do whatever they want. Don't go back on it now. See, we're going to take a picture. I dare you to say something. These lights are a lot brighter than closing ceremonies. Alright. Wait, where's the team that won? Get on the stage. Come on, come on, come on. They're going to yell at me any second now. Okay, so yeah. So hopelessly broken CTF. This year was really crazy. We had over 200 teams registered from two to four people. This team is quite a lot larger. So that was like, you know, anywhere from like 600 to 1,000 people. I don't know, I wasn't counting. But, so let's see here. This is our first place team. It was really impressive because they somehow got one extra point. Normally all our scores are round numbers. So I want to give a call out to everyone that participated because we decided to give like little gifts to the first top five teams because there were so many players. So in fifth, we had Team Red. Then we had in fourth, five dimensions. And then our personal favorite name, 418, I'm a teapot. Pretty good for IOT related stuff. Good job then. Then flat board man. Pretty good. And without further delay, this team behind me, SixGen, they did a great job. Almost every single device. One of the devices was so finicky that we decided to smash it with a crowbar. So I guess that's out of the contest forever now. Trying to think if there's anything else. Cool. Oh, the rest of my staff is packing up all the devices. We had like over 50 boxes. So they're not with me. But the team from last year that won first places here, we've been working a lot with them to collaborate from here to Canada. They've been operating IOT Village in Canada and we've been collaborating on research. So it's really, really cool. So I'm happy that they came out and did a workshop with us. So thank you for everyone that has made the Solopoly Brook and CTF awesome. And I hope you come back and play next year. Selfies. Selfies. Guys who aren't in the slides. Do you mind if I go? Hey guys, my name is Jeff. I go by Morpher. I represent Tampa Evident Village. I'm here today to announce the counterfeit badge contest along with the king of the hill winners. So we're going to start with the counterfeit badge contest. So Gory and Gulo coming in in first place. You may have heard about this mythical badge. It's pungent. You smell it before you see it. It was fished out of a strip club. I'll let them take it away. It's at 24 out of 30 points with their counterfeit urinal cake badge. Everyone should ask Grifter how it tastes later. It was delicious. I knew what it was. I still wanted to taste it. How many of you have tasted a urinal cake? You don't go fishing them out of there and taste it. I like to experience new things. Call me. I've been asking for any assistance from anyone on our spirit journey and no one decided to help. We were on the search for the great rare Las Vegas P.O.D. Does anyone know how hard it actually is to find a urinal cake in Las Vegas? We were banned from several strip clubs, bars, dive bars, casinos, CVS's Walgreens and Albertsons because no one appeared to like nitrile gloves and saran wrap. Really pissing off a few strip club bouncers before we met the universe. And then we acquired the P.O.D. As are unlikely heroes or before the sun came up our unlikely heroes discovered, finally discovered the booty they so desired. No. Does anyone have a dremel? We can smell it from here. It's bad. Coming in second place was Molly. She left this morning on an airplane counterfeit badge. Actually really good. Marble on the front. It passed six goons with full inspection. None of them were the wiser. Feels bad. And lastly was so with the black badge we typically put them in a separate category because these guys go crazy. So we got two different categories of entry. And former year's badge. And the black badge that these guys replicated was so identical to the actual black badge of last year. That if anybody here knows M and Charlie over in the tamper village it fooled both of them. And that's a real impressive feat. So I'm going to have them tell you a little bit about the badge here. So we won the so hopelessly broken last year and we were awarded one badge for the three of us. And so coming to DEFCON we thought that just wasn't going to be realistic. We needed to have all three. So we spent the time we've never done any PCB work before. We spent hours with micrometers measuring every little piece testing every little component to get the traces right trying to figure out what the heck that vacuum tube was because we've never had used vacuum tubes before. Finally the week before DEFCON we got the third iteration of our PCB ship from PCB way. And the black was close but not exactly perfect to the real black badge. But we decided to, a week to DEFCON we have to assemble it anyway. We ordered some pizza while we were assembling our hands were a little greasy. It turns out the pizza grease actually helped to convert that black to just the perfect black to match the real black bags. Thank you. Thank you. So I'll go to review channel. Also not appearing in these slides. Hey guys, Gator from DC Darknet. How's everybody doing today? So we got a few agents out there that's awesome. So if you guys haven't heard about DC Darknet it's a real life MMORPG. We send you across all of DEFCON to people go through and learn stuff from real people and real experts in their field. Come back and you level up. So the awesome part is that we are able to get together with 10 different villages this year and send you from all the way over at the planet of Hollywood all the way to Flamingo. So without further ado mental is going to talk about who's first and second and third places. Cool. So once again we had another great year. We grew once again. We had hundreds of returning players and hundreds and hundreds and hundreds of new players. As they came to our table in the contest area they got to experience a wonderful fragrance from these lovely gentlemen as they were working on their badge at our table. But it turned out to another great year. Our players successfully shut down the march hair and disconnected it from cyber as our story forward once again and carrying that forward. We had an interesting event in our standings this year where our third place wasn't present at DEFCON at all. So congratulations Dax. That is amazing. Second place was McLeven. Stand up dude. And Sagefault is Sagefault here. Well Sagefault got first place. So since you guys were so kind as to give Sagefault a DEFCON entry badge next year we're going to give second and third place badges. So Dax when you watch this that means you have to get your ass here next year. Thank you. We'll see you guys next time. Now source code reviewed challenge. First time speaker I'm looking forward to taking care of this tradition here. Yeah. Cool. Yeah so I can't be confirmed to deny the judges were so drunk. My name is Hot Santa. Where's that floor? Nice. Yeah so I'm Naz. I'm with the abstract village. We had a couple contests and one was the secure code review challenge team built an application that took data from NVD and about CVEs and produced questions with actual get commits from confirm vulnerabilities. So we had we had 80 people sign up to join the contest. We had about half participate. We had a total of over 4,000 questions were asked. And so we had three winners. We have Astro Lee Wei Lu and Icerna if you guys are here you want to come up. Thanks guys. Threat modeling challenge what just happened over there? You guys do your thing. You're fine. Threat modeling. Yeah he's right behind you. Yeah. Hot Santa. It's actually the same Nick but it's alright. Yeah so other challenge we had was a threat modeling challenge. We basically put together a vulnerable design for a fake company for basically it was food ordering. We had a kiosk. We had a printer. There were some back end services. We had about 60 people sign up 45 teams and we basically went through review the threat models trying to find threat identification. So a high number of threats are identified that were actionable and well documented for a dev team. And so we had two winners. One team based one to three team members. So first place was Seaner if you want to come up. And then we had second place was team Biosek. It was Jolene Dickey and I'm not going to pronounce it. A-O-X-D-C. Thanks. I've got Hot Santa's hotel room key. That's hot. You want to stick around? You might be the next contest too. Who knows? No. You're not. That's not alphabetical at all. That's not all. Use the... Yeah, I guess the... Super bright up here. We're the Gold Book Puzzle. We're part of the Crypto Privacy Village. It's a cryptography based puzzle hunt if you're familiar with the concept of puzzle hunts. And it's the fourth year that we did the contest. We also have a ton of puzzles for junior cryptographers noobs or kids who want to come by and have a lot of success this year. Do you want to talk about how many people entered? Yeah, so this year we had a really good show out. We had 275 teams register. So those are people that we convinced to connect to the Wi-Fi because the BVS isn't very mobile friendly right now to do for next year. With those 275 teams we had 2,303 wrong answers submitted and 27 correct answers submitted. The team that won solved eight of our nine challenges. So that means one of them remains to be solved after con. Good luck. All the puzzles are still available and will be available after the conference at goldbug.crypto-village.org so keep up the hard work. Team Goldbugs, if you're here, come on up. I can't see anything. And what was really awesome about Goldbugs is that they said they tried to do the contest the first year and they said, I really want to win this contest and this year they got to win it. So that's awesome to see them do that. And if you like cryptography and puzzles like we just said check us out on, check out the BBS that's still online, follow us on Twitter and join the puzzle next year. Thanks. Tinfoil hat. Yeah, so tinfoil hats people may have seen various people walking around DEF CON wearing tinfoil hats on their head. That's really the whole point of the contest is to get people to be silly and build a tinfoil hat. We do some SDR testing to see actually how well they block the signal and attenuate it. But the heart of it is seeing the really stupid, crazy tinfoil hats. This year's winner actually she won it the first year and she came back the third year here and made a replica of the James Webb Space Telescope and was walking around with that. The second place winner for the style and substance was a little girl what was her name is Nova King she actually didn't we were unable to get her her prizes so if she sees this or is still around DEF CON please contact me and then we'll get your prize. So that's all I have and let's get some of this selfie action here. That is black magic. Alright wireless CTF so thanks everybody wait, wait, wait what? Oh that's right. Sorry you didn't send us your results so we're judging you harshly but come up and tell us about the Schemaverse. So as pointed out I'm Nydian and didn't submit results so thank you. We wanted to keep it a secret for the winner. Schemaverse is everyone's favorite space-based battle game built inside a Postgres database not a lot of them but that's all it is. It works out. Basically our users don't sit there writing sequel all day long instead they create bots that play the game on their behalf while they go and get shit-faced and I think the best example of that is the fact that the winner actually fucked up early game allowing one of our other very highly skilled players to get a very very big advantage while he was also off shabba-con so he had no fucking idea what was going on but he was doing really really good but our winner did come from behind and Sysfix is the champion reigning again second year third year in a row either way congratulations second place was Mr. Glass third place was Black Cat Hacker Schemaverse.com does run all year round so if you do feel like I invite you to come check it out and the next contest is Coindroids because we also didn't submit the results for that thank you Coindroids I'm command and control but I also didn't submit incident in either turns out you gotta read those emails and just totally failed so command and control is a hacking challenge for web and mobile and holy shit this is super bright everybody comments on it but I can't see anything so this year we had about 140 challenges to discover we had over 200 teams and players play but the top three teams were absolutely head and shoulders over everybody else and in third place we had a team Bahumbug they play every year with 32,500 points a repeat player, 8-bit Brandon got second place and Savage Submarine got first place this year Savage Submarine found about 90% of the overall vulnerability so that's pretty huge and then next year we're going to be launching two totally new vulnerable sites all cloud based and stuff like that so yeah nice work guys take your selfie yeah you all agree Coindroids you coming up here or not are you coming up here or not you ignore the selfies I thought we established this ignore them they don't exist I go my whole life ignoring selfies trust me that's not a problem so Coindroids this is our sixth year we are a blockchain based battle game where robots throw coins at each other and kill each other so we've had double the amount of active users daily active users this year which is like 15 so our first place goes to ball hair alright you know it's about time ball hair got something honestly ball hair gets cut off never appreciated no I don't want to bring ball hair on stage everyone else that's what he's saying I'm saying ball hair doesn't get the recognition that it deserves including today ball hair on stage let's talk about your manscaping habits second place was manscaping no no so ball hair won with 942 kills in 176 death coin which is worth nothing so congratulations second place was death machine with 413 kills and won 66.6 death coin all together there were 7,041 death coin transactions related to coin droids out of a total of 9,277 death coin transactions during the conference which is 76% of all death coin transactions which means there are 2,236 death coin transactions that are not related to coin droids which means people are using it for some reason which doesn't make any sense so whatever the fuck you're doing with it congratulations we're going to tell you later you're going to freak out so ball hair besides having an awesome name is going to win a a ticket to a blockchain training conference that's happening in denver plus a human badge for next year and ball tram so congratulations and coin droids is available all year round at coin droids.com and you can actually play with other coin that's not completely worthless so that's it and I'm not going to take a selfie that's it that's literally it, that's the last slide go, is it 4.30? no it's at 4 o'clock damn that's alright sorry 4 o'clock go have a beer one hour