 Thank you everyone. Let's see who here by show hands. This was their first DEF CON I'm just gonna kind of let you know what you're in for this should take an hour to an hour and a half We're gonna kind of go through a whole journey of backstories of what it took to produce Things we learned along the way what the departments did and didn't do And along the journey we'll tell you about our transparency report plans for next year And award the black badges. So if you haven't been here before that's what you're in for and if you have been thanks for coming back And this is like the crowning achievement the final sort of celebration for how we've pulled it off after a year of planning And so I just want everybody have a good time and if you've got a beer Have a drink with me like how the community just delivers A light beer Fuck it will do it live There is one reality that I want to confront with you up front impersonal the very beginning of the closing ceremonies and That is DEF CON 27 is not DEF CON 1 We've grown quite a bit over the years I think somebody who hasn't a friend of mine hadn't come to DEF CON since DEF CON 8 and he was one of the guys in the room when we named DEF CON and He was walking around and he was like, you know in this room We could fit DEF CON 1 2 3 4 5 6 7 in one room And he was just amazed about how much we've grown and how much the community is Diverse and so there's so many interests and he was trying to say like in one room There are people getting a ham license in the next room. They're like teaching women how to Jimmy car doors open And he was trying to explain it to his dad who was it used to be a police officer and his dad's brain Just couldn't contain it. It didn't like I don't know what you're talking about son But along the last 27 years of our growth We've also realized that we're aging and as we bring in new generations of hackers we're starting to lose the old generation of hackers and Yeah, it sucks The first person that figures out how to stop aging. I'm in line to buy your secret Yeah, blip. Well, that's biohacking village right get on it guys My knees are only gonna last so long So anyway, I would really appreciate it if everyone Would raise your badge and join me in a moment of silence To remember our friends who are just they're no longer with us So just a moment of silence for our fallen hacker comrades and to respect them by continuing to explore and hack all of the things That's not quite silence, but I'll go with it Yeah All right, let's get this going. We have two people we want to call out Our first brother-in-arms Lockheed who was instrumental in creating the Def Con knock in the traditions in the infrastructure And he was the leader of the Def Con knock for over 20 years And though lock had retired He is still really with us in spirit and he really was a huge influence. Nothing fazed him He was unflappable and friendly and it's funny how the tone of the conference is really set in those early years and he was really instrumental in setting that and Also, unfortunately, we lost tuna Hugely contributory you don't see this because it's behind the scenes, but he was on our CFP review team and man He would just grind out quality CFP review so he had a large part to do with the CFP selection and Same thing. This is energy It was really incredible and so we just want to honor them by continuing to grow and make Def Con a really welcoming place And basically, you know honor their contributions by tearing shit up and Looking forward Thank you. I'm not I'm not crying. You're crying. Oh Man emotional Yeah, that's allergies alright so the badge The badge was the shit I'd like to introduce the creator the designer of the badge Joe Grand aka king pin just like his badges will make your head spin Thank you, please no applause I can't move around this is really awkward So you might have noticed that you have a badge most of you because we actually ran out We made 26,500 human which means we had more than that at Def Con this year. We had a few thousand inhuman But that's crazy How many of you guys participated in the badge quest sort of the challenge with the badge? How about over there in that left hand corner? Can you hear us back there? Over the hi. Okay. Good. So you can that's like that's a lot That's probably what like 20% or something like that's that's pretty cool So I figure I figured I'd give a little bit of detail all the design details are on the are on my website on the Def Con media forum or media server But I just wanted to clarify a few things There's a lot of rumors and some of them were intentionally placed. I guess by people playing the game I like the one so the badges have a transmission range of about a foot But people are like if I turn it over backwards and I hold my backwards to your backwards. It's double secret transmission Or you have to or you have to kiss them together Oh, you have to kiss them together and then I saw a rumor on Twitter is like no you have to actually polish them I So I will I will dispel all of those myths and rumors The technology we used NFMI is a near field magnetic induction. You don't have to hold them together You can be probably about a foot apart. It's pretty cool very little if any RF signature for the quest there were seven different states and The way that your LEDs are flashing Will show the state and it actually spells out this the different states as D E F C O N and the lights you can figure out what those mean or you can look in the in the slides to see it There's five magic tokens. So if you look at the state at the state Diagram, oh, that's me. Okay, so now if you look We know we start off you can communicate with anybody that brings you to the first state Then you have to find the goons in the different areas. So you attend a talk you go to a Village you go to the contest you go to a party you go to an art or entertainment exhibit You find goons in those areas and you scan the magic tokens which don't look like normal badges They have a different stone on them and that's how you can tell that that goon has what you need you can do those in any order and Then you progress to the final state which which I call state N and what you need there is the group chat So you didn't have to run around and talk to anybody Before that but it's awesome that you did because I know a lot of you met new friends and stuff Which is cool. Oh, yeah, actually well, I know a few people tweeted me So let's see how many other people made new friends by doing this contest or the you know the quest That's a lot of new friends Yeah, cool So the final one you have to get one of every color gemstone not every badge But every color gemstone either all together or or one by one. I call that group chat and when you do that Then you win the game you win the quest What happened well should I spoil that I wanted to check like should I spoil the the end? Yeah, because it's sort of over. Okay, how many group chat successes do we know of? Oh good question? Yeah, who solved the entire quest who completed the quest without without without cheating No, well, you know Well cheating counts is deaf con cheating counts. Keep your hand back up. Oh So that's that's quite a few all right So when you when you complete your quest you get a little you get a little Rick roll, right? We all need a little Rick Astley in our in our life and Then the you aren't interface that gives you a command prompt and you can interact with the badge gives you some extra Commands some art commands and then some things you can mess around with the radio and troll other people and stuff Which I know some people did so anyway, that's that the uber badge I just wanted to mention these are the same as the other types of badges But they have a dyed black quartz crystal with laser engraving of serial numbers So maybe slightly harder to counterfeit even though I know we saw some amazing counterfeits of these badges already And the main thing is that these are hackable for later. So don't forget that, you know You have one all the documentation again is available. You can write your own code You can do something cool do some covert communication do something or hang it on your wall But it doesn't have to you know go on eBay or go in the trash or anything like you can still do something with it I did want to mention a few crazy hacks So people right away started dumping the code off of these things patching the code to skip through states without even knowing anything about the Communication method just like sticking it into Ghidra and reverse engineering it which is pretty cool Somebody wrote some code they called the jackpot code that they could just hold up to any badge And it would just unlock everything just cool super cool way to just like it's like in Mario You go through the pipe and you come out and you're done like that's pretty cool How many of you how many of you guys looked at the art the interactive artwork in the chillout lounge we could scan your badge Yeah, there was a lot of people in line So it must have just been you guys the whole time like cycling through So this this was like a last-minute thing that we thought it'd be cool If we could scan our badge and see the state of the badge see how you're doing in the in the event I mean by last minute it means it was being built two days in advance. Yeah, it was like Thursday Finish it Thursday and the main people behind that I have to shout out to Zebler And David Dolan who worked behind the scenes to do all the crazy video mapping stuff And this was thrown at them and it was it was not good And I'm glad I actually got to meet them because they turned out to be really nice, but I know they didn't like me You know over email I Apologize profusely So I do want to say to we tried a lot of new things right we decided to use these lanyard straps to mount things we learned a lot about kind of the human condition human nature and We were sort of curious if you learned anything at Def Con it related to the badge or not right because Def Con's all about learning We tried new things some of them maybe worked out a little better than others like some antennas fell off But you could go repair those but that's part of the process for us as well as you you know We're trying new things, so I'm curious like did anyone learn anything new at Def Con? Probably everyone that's pretty good cool Okay, so with that I want to say that all of the enthusiasm around the badge quest the excitement people coming up Asking questions posting pictures Tweeting whatever seeing groups of people working together was really just to me It was amazing and it was contagious to kind of see that excitement And none of that would have been possible without all of the goons that helped do the quest Everyone behind the scenes and of course all of you that played so thank you for that And I'm looking forward to seeing what next year will bring so I'm still here DT wanted me to ask you what you thought of this like new attempt of adding some soft You know jewelry to your to your wardrobe for Def Con. Did you like the gemstone? It was really yeah, we didn't know what we didn't know what people would make of it It was a big roll of the dice or like we're kind of moving it up the stack here on your lanyard And we weren't quite sure if people wanted like that hard crazy circuit board techno or if we could go the You know you can see it, but you're not quite sure what's going on Yeah, but it's also pretty cool to see 30 28,000 something hackers all wearing gemstones. Yeah, that's pretty cool We got you go by your local New Age store and be like check this out hand-cut Brazilian quartz crystal Yeah, all right. Thanks again Okay, so we're gonna start going through the various departments You're gonna get a quick report on what's been happening what it takes to to run the show and what's happened at the show So next up I'm going to introduce you to the queen bee of call for papers Nikita Who runs the whole department? Thank you Nikita? Can you can you see me? Queen bee is funny. I'm not the Beyonce, but I'll take Cardi B of Def Con So bear with me a moment. I'm gonna do a little strong Britney moment I wanted to start off by saying a few things about tuna On June 29th the community lost someone that truly embodied the word hacker King tuna Terrence Garot. He hacked everything. He was a huge contributor to the CFP board He wanted to make the world more secure He lived every minute of his 33 lives exactly the way he wanted everyone that met him loved him He was a son a brother an uncle a husband and a hacker He was infuriating and endearing. He was honest and he was shady and he was a true friend And we'll miss Terry every day. So, thank you. All right strong Britney We had 20 60 fp meant review members Reviewing for six months. We started about in January More than 500 submissions. We had a 10% increase for those who? Mark themselves identifying as female on the applications 75% are new speakers to Def Con We really like to encourage that in our community just slightly over 45% released tools and exploits and We hope that you appreciate our talks and if you have any Feedback to feedback at talks at Def Con org Yes Or feedback at Def Con. So let us know if you have feedback on the talks one thing that we also did this year That was new We have been paying three nights hotel for the primary speaker of the Presentation so if you're accepted you can come to Def Con get your badge get your Honorarium and also have three nights of your hotel stayed for Def Con, which we're hoping will help contribute To the community and allow more underrepresented people to make it to con people who may not you know Have a corporate budget behind them yet. We want to appreciate our speakers and get more of you guys here on that note of We want everyone to feel welcome in our family So sometimes when we do talks we we do mess up and we do appreciate the feedback and we hear it We did hear complaints about the unofficial DC 101 new panel this year and I wanted to say we heard you We are sorry and we will do better next time So thank you all Okay, workshops. This is our third year of workshops and a record year for us Because we got to basically take over a lot of space at the flamingo. So where is Where's the workshops workshops? Who's representing us for workshops? Here I am Hello Okay, hi everyone, I am Megan Totenkoff. I am the department lead for workshops How many of you all were able to get into a workshop this year? Okay, that happens every like the second time I've done this and I'm like, okay Sorry How many of you attempted to get into a workshop this year? Okay So a little bit of background. This is our fifth year doing workshops at DEF CON or sorry fifth year me running workshops at DEF CON We started out with maybe 20 Sessions that could hold maybe 50 to 60 people and this year we have 36 36 sessions and we could hold between 80 and 90 people depending on the room So we're trying to get more folks in and also we are coming up with a better Solution than the free-for-all that is the one day for evembrite reg So we did sell out in less than one minute this year We had a little bit of a hiccup, but we worked with evembrite to fix it. We had nearly 2,000 attendees Attend workshops this year with 55 instructors. We had more women and Underrepresented minorities this year in attendance as well as teaching so that was really cool to see and our submissions also doubled over last year So if you ever interested in teaching a four-hour workshop keep an eye out for the call for workshops and submit early and submit often Thank you. Okay. I don't know if it's Mel. Oh you're gonna do it No, okay. Oh, no not that Mel the other Mel the Mel that runs press All right, so I'm gonna cover her slides so apparent this year we had approximately 120 media organizations represented at DEF CON 20% were new to us from 12 different countries and In the end we ended up having to ban one of them for code of conduct privacy violations so it's never fun kicking them out but The big new change you might have noticed it was kind of a drama thing for the press department But I don't know if it ever really boiled over into the public was this year We changed the camera policy and in the past the issue was you would have one say camera crew from a Big morning TV show, but it wasn't like one guy you would get the personality or the talent You'd get the producer you get the cameraman you get the sound man You get the lighting guy and you'd have five or six people to do one Camera shot and we started looking at all the media that that Produced the coverage of the show and we looked at it We said is that any different or better or worse than what we're getting and we realized it was actually worse The the short camera snippets were not that positive for us and so we decided you know what how about just You don't get to have a camera crew anymore You're not clogging up the hallways with five people and you're not doing the sweeping audience shots And so we spent a lot of time Holding the hands explaining like you can bring your iPhone you can bring a hand camera But you don't get to bring a camera crew and you know you can do off-site shooting you can shoot somewhere else That's fine. We can help you find a place but you just can't do it in the middle of say the vendor area and cause a problem and it led to these really weird interactions where What do you mean? Don't you want coverage? Don't you want us like we're the press and We'd be like yeah, but but you came to us like we didn't go to you and they're just their heads Don't compute that's not how it works in that world. So that but but but So anyway, I think the press adapted to that really well I think so far some of the coverage isn't fantastic and we actually tweeted out one example of how this policy Really led to some really Creative but positive coverage of our community. So we're gonna stick with that in the next year and see see how that goes So I want to I want to thank the whole press team They deal with hundreds of submissions and tons of questions and the other thing that was new this year was an outgrowth of press Is we had a policy group? So if you were interested in policy We had a subgroup that dealt with nothing but people representatives staffers Industry who were interested in policy and we had a miniature sort of invite only policy track for representatives And we've never done that before and that worked out really really well So we're probably gonna continue that and try to work with policy folks to get them on side and explain our world to them demo labs Demo labs. I'm not doing two in a row guys Who's doing demo labs? Where is he? You'll do it. We just talked to And when he said fuck it, we'll do it live he meant it Like I where where are all the goons? Where did they go? They're swimming. Is there a secret goon party like on the roof? So So we've been doing the demo labs for a few years now We just wanted to have a platform for people to show off the tools that they're creating We asked that they be open source or community-based We don't want to shill somebody's product So we get a great number of submissions on that It also gives the folks who submitted a talk that that may have only covered a tool Somewhere to if they're not selected for the main stage to have somewhere to show it off And then it gives them a significant amount of time to do plenty of demos, but we had nearly 40 demo labs this year running six at a time and I Mean they were just full all the time. Everybody was in there. Yeah, did anybody go see a demo lab I know we were in we were in planet Hollywood, which meant we were on like basically another planet, but hey But I'm now damn it guys All right, so yeah, so 150 hours nearly 150 hours of demos It went really really well if you have a tool work on a project or you're thinking about doing something Please consider Submitting to the demo labs next year. We'd love to see what you've got to bring to the table support line It's either it's either Ada or CJ Okay, it's CJ every year every year Defconn gets bigger and every year we get more and more interesting things going on and We try to respond to that by adapting and the helpline was one of the areas we try to adapt in we know they're members of the community that need help and We figured this was a good way to work and the stats here show that it is Doing good and we would like feedback on how we can do better. So total of 29 calls came in during con There were 12 code of conduct reports pushed through all of which will be investigated all of which will be acted on There were five referrals to trained paraprofessional counselors one legal issue and One person trapped back of house well, what we expect to happen is as The community is that people get comfortable using these mechanisms What we're trying to do is be really transparent here because if you see we're doing something you're more likely to use the system and trust the system and so We expect numbers to increase every year not necessarily because we're getting worse, but because people are getting Confidence in the system and so I'm hoping in two or three years will have reached our steady state Where everybody feels that you know their complaints are taken seriously and we have mechanisms to help you out So, you know, sometimes when I see numbers if they go up I actually get excited because that means the system is being used and it's working so Some of the stuff that would normally go in the transparency report I just read out from the helpline because we're moving things across people feel more comfortable in reporting through that mechanism So you may see some things change some things aren't on the report that we're on there before This is now the second year of having a full formal transparency report and as Jeff just mentioned the numbers are bigger But in some ways The numbers are better so We had six reports of harassment Five medical incidents and a medical incident is something where we have to call paramedics or someone more to come and deal with it two reports of theft slash loss Three people were banned and trespassed from the property we had two pieces of ceiling falling down this year which Which is a hundred percent increase on last year We foiled two attacks on the casino this year not just one so we're getting better at some things We narrowly avoided one biblical grasshopper plague We issued two warnings to our staff so to be clear our staff are held at a high level of standard If you have an issue with our staff report it they will be dealt with There is no room for goons who don't respect the community Following on from that we fired a staff member this year who did not respect the community He was trespassed from the property and banned for life We're kind of an old thing to clap like it's sad But it's you know chose Nobody's above the law at the end of the day. We all follow the same policies We had five complaints of drunken I'm not going there. We had five reports of drunken swordly We had five photo policy complaints, and I saw a lot of traffic about this on Twitter We do take these very seriously Melanie in her department work really hard to make sure that press follow the rules And we also make sure that attendees follow the rules if people are violating the policy tell us if you feel Uncomfortable with someone's doing with a camera tell us and we will do something about it One media company was ejected because they couldn't follow the rules We had 11 reports of safety or security issues relating to the hotel And then the last one is somewhat of an embarrassment We sort of a failed at a troll attempt at giving out black badge raffle and While some regards it was funny, I think a lot of people were disappointed by it and That's not really the the the best outcome So we apologize for that We will try to troll harder but safer When you consider the increase of attendees we have here These numbers both represent More people coming forward and talking about issues, but also there is no step change increase in problems That's great. You guys did sure keep me busy all con and I've been running around like crazy But it actually has probably been one of the safest cons I've attended and I would actually like to give a shout out To the Caesar's security folks who helped us with numerous incidents and who also Were so understanding that hackers will be hackers and as a result Many of you played with things maybe crossed a few lines, but if it wasn't anything malicious You'll have noticed Nothing bad happened and that's because Caesar's understands and for that I thank them Okay, so how many of you have installed the hacker tracker tool? Fantastic that last announcement about the black badge don't Don't listen to that announcement. That was a mistake Anyway, the raffle is on the raffle is on That's right, okay, do we have somebody from the info booth who'd like to talk about their project It's us again. Where's info booth you've got it It's a little little bruiser from info booth. So hacker tracker is the official def con app The development team is part of info booth. So if you've installed it we had about 7500 Android downloads over con and Ios I don't have specific numbers, but it's relatively close to that as well So a lot of people are skeptical to download the app because it's called hacker tracker Rightfully so but no, it's really good Gives all the schedule and we even had the raffle talk on it for a brief period of time So we also apologize for that because you know we kind of overstepped so No, but I just want to thank the info booth team all the great work they done and You know you how many you actually visited a booth in one of the several properties this time It's great. You guys always come and ask great questions and we appreciate it and As I said in the in the program we really do know where all the restrooms are located Yes, that's very no we don't do the DC TV But the info dot def con dot org is run with the same platform as the hacker tracker app So the what we were displaying at every booth is the same information that's displayed on the apps So we have the integrated back end with that with DT's help getting us Caught up there So Yeah, right on cool. Thank you. All right one of the big parts of def con is the network and to talk about it We have Louise Thanks DT. Hello everyone. I Have problems with like podium mics. I'm feel like Ricky Bobby. Hello. Can you hear me? So if you don't hear me, I'll wait the mic. Thanks everyone for being here I'm gonna go through the usual knock stats and what we do and not and stuff like that If you didn't notice last year we had a theme that was Guy Fieri this year We changed a little bit is it was Nicholas Cage So if you that there was a transformation thing for us But anyhow We I Recycled the slides from last year totally because it's very similar what we do the difference is that because of the number of properties We arrived here or Mac who's the other lead for for the knock he arrived here on Thursday Two weeks ago almost or 12 days ago To start working on this but pretty much Friday Saturday Do all the back of the house IDF's MDF's connection between the all of the hotels I'm not gonna bore you and read all about it. We're gonna post this later You can go through greens when we were happy and red is kind of like was a little touchy But some of the highlights there is that we got most of the stuff running by Sunday like the core and IDF's Mostly important Wi-Fi reg Was up by Sunday night, which was a record record record time. Do not expect that next year just in case but it was We'll get there. How many people used it? I think it was about 2000 registered but a lot of people also use that gone that gone which is the default and there's no problem with that I'm gonna explain that a little bit later But yeah, it was up right but it's funny. I land here on Saturday because I'm lazy and Mac has been here since Thursday and I check in and people are like is Wi-Fi reg up I'm like not quite yet, but we're gonna get there, but it worked out. Okay But you can go through kind of like our timelines Again green we were happy at night. We're drinking the finest drink of Chicago Which is called my lord if you haven't you should try it or not Exactly how to unfriend a friend a person in How to unfriend a friend in person that that's a shot of my lord anyhow So we work mostly here in Paris knock was here in Paris with the Paris valleys and then Planet Hollywood and flamingo Other highlights here. We have the call for services this year I'm I bet you we can do that better next year, but every time we change a little bit It's it's tough on us on planning and execution or meaning everything And Highlights also Wednesday was the day that everybody's kind of here and they're like remember the thing I asked you I need it right now We tried to accommodate and prioritize Thursdays the day of Remember that thing I forgot to ask you I need it right now. So We got it done By Friday everything was okay Saturday was a busy day Most of the stuff worked some workshops. We had to tear it down Bring stuff back to the knock. We had our knock talk if you attended I hope you enjoyed we went a little deeper on what we're talking here and Later on one of our team members did drunk hacker history. He did not win, but he did well They're tearing down right now. That's why I'm here. They're working So big hand for those guys who are doing the hard work, please Thank you and tomorrow and Tuesday. We had some some people staying through Tuesday Just to make sure everything goes to the right place and then we go to like a month detox or something like that So some of you ask us like what do you find when you like patching cables and things like that So that's one of the pockets in one of the hotels. You can find a little bit of everything there One has a fork and the other one has the quesadilla. So I think the person saved some food for later Might have been Nick Cage. I don't know Bandwidth wise usually it's a big issue for us this time around. It wasn't Thank You DT and Linda That means use more next year And then I'll bug him, but yeah, we had 900 megabits per second for the first time which is more than double that we had last year And you guys did well. So thank you for that Some other stats. I think the most important here is the one on the bottom left Is it yes? So yellow is the deathcon secure network So about 90% if not more of you used the secure Wi-Fi network with 802 an X and WPA to Enterprise a Few like 10% or less is the open Wi-Fi. So big shout out for that for you guys Cool, I hope it worked out. Okay. I know it could be spotting some places But we tried to cover the whole thing, but not the casino Very important somebody sent us a tweet saying this is not your is like Wi-Fi down I'm like, what's the location and they're like, well, we're by at bellies by the elevators I'm like, yeah, kind of like doesn't work there. It's casino area We are not allowed to be there Challenges timing right the bigger we get more proper not the bigger bigger is not a problem But more properties cause like bring more complexity to the whole thing But everything worked out pretty okay It's just like when we're here in the knock and it's like oh an AP went down and flamingo like somebody's like I'll go and they go not me. So thanks to the team again And what did go well, this is the first slide for this year Obviously, I have an awesome team Great interaction with all the departments I know I could be a pain to ask to ask people like for stuff way beforehand just because we have to coordinate With a hotel to to get patches and for them to be prepared to cater what we need So I appreciate that for those that sent stuff on time for those that didn't I also appreciate you because sometimes We just know stuff after like everything is going on right, but we sort of plan for that 802 1x is also like all the way to secure Wi-Fi is also sometimes a challenge for us because people don't understand And you technically really don't have to but We're trying like along for the past few years with being trying to make it easier and easier for you So was the the Apple profile This year CRV calling in the knock he went out of his way and he created the Android app That way you don't get super freaked out when like your downloading assert and he says oh, we're gonna read your stuff No, we don't do that. It's just like a warning that Android has so that's a way to kind of like bundle that in a way that is verifiable and trusted Which also was integrated into the hacker tracker app for Android and it was all automatic There we go making it easy for you guys, right? And also on Sunday when I was like is Wi-Fi ratch up is why Wi-Fi ratch up like we're like yeah It's up. It's like good times and then somebody says it doesn't work on Chrome on Chromebooks So I had C7 5 and John and John in the knock that they spent probably the whole night and a little bit of the morning Saying we're gonna make this work because we couldn't find anywhere on the internet how to Without having an MDM solution to make this work They went out of their ways the way and made made that work so big props to these three guys So pretty much relay the network for everything that has been used here that uses IP No, we don't have IPv6 yet That was a question that we had because there is no way that we can block Router advertisements and things like that that I don't know because it's been a while I'm just a manager We have a 10 gig backbone 900 megabits per second uplink again. You didn't use it all now. He's not gonna give you more use it next year Right that smacks that out Is a layer to connection to from Paris to planet Hollywood core is in planet Hollywood In an IP sack tunnel to flamingo. This is the gear that we use you can read later The numbers that you like Lot of traffic 12 terabits per terabytes per second total as of like 1 p.m. Today Lots of big numbers there you can go through that interesting points here are a little less of wireless users than last year in a little bit less of Different Mac addresses so thanks for stop spoofing or creating like random Mac addresses just to try to mess with things Little more traffic compared to last year on the media server that you can download stuff at certain points in time We saw a lot of people downloading a bunch of stuff like who's this user. So that was kind of cool I Want to thank the North team. I know I did that but please another hand for these guys. It's And thanks to everyone here DT he listens to a lot of stuff that I have to complain Sometimes he avoids me but that's okay. That's what bosses good bosses sometimes do Nikita for getting us in the right track On everything but pretty much of the knock location and our talk yesterday. That was well received Linda for accommodating everything from trash cans in the knocks or everything else will for getting what we need Qm for delivering stuff on time Caesar's IT and on core these guys are rock stars for us without them We couldn't do stuff on time at all Sully's bar staff for keeping us on track the high high roller at the link was fun 28 minutes of drinks Yeah, it breaks you on Sunday The usual guys who brings a couple of snacks they've worked before at a call center and stuff So they appreciate what we do. I know a bunch of you do and that's greatly appreciated The other departments were doing the things that I asked them to do sometimes on time so appreciate that you but mostly important lock Who was our lead and Integrity accountability Professionalism working here for you guys For him Who watched a Defconn TV? Is anybody is this the first time you've left your hotel room? You just Stayed there the whole time Yeah, anybody in the room right now. Can you hear us? Just yell Okay, let's hear about the fanta is video man around here. We go. Let's hear about this year's fantastic DC TV Hi folks of video man. I'm serif We get up so you don't have to You can get room service and watch that first talk in the morning Thank the whole team, right? We're not just not just us, but it's a whole team of people that run this now The source of knowledge the guys in the cameras here and that feeds over here. They provide all the video for us, so Big fan of them We actually do internal streaming to all seven properties that are across the strip here So 26 channels across seven hotels this year so all of the hotels are part of the Defconn hotel block a whole lot of Ipsac tunnels and internet and Things to make that happen Our team wound up making 22 visits to these various hotels to get things hooked up And you know, thanks to step counters the aggregate across the team was 168 miles of walking and pounding pavement through back hallways of hotels running past security Etc Much like the knock if you tweet us we will respond And and you're in your quick to let us know if something goes wrong Which can be a blessing or a curse So these were the seven hotels were in it was about 30,000 television sets We had two streams to the internet track one DC 101 on Thursday track four for the rest of it We actually had over 10,000 views of the internet streams So for the people who were not able to be here with us in person They were here in spirit and we did get a number of tweets of people saying hey, thank you for doing this Thanks for having this the tracks up on the internet because I couldn't be there this this year because of x y or z So that was that was great So video myself video and myself This is our team over here you guys can stand up We've got sandwich We've got sandwich ghost pepper and eagle one and we'd like to thank our new rock star Robbins BS or Robin BS We'd also like to give out a special thanks to Kevin squeak and the Defcon knock because all these people help us make it happen couldn't done it without you So check out we'll be doing again next year At Defcon TV DC TV defcon.org. Yeah, and we're hoping to Broadcast to the same seven hotels next year So if you want to get a room and you want to have a little bit of join the room con Which was a hashtag we created created this year. Please do so. Thank you. This is a big one. This is villages Villages and do it Thank you, sir, and it was a I'd like to I just like to call out Zant for a double thanks He couldn't make it to Defcon China, but he was still involved in all the villages for Defcon China So we couldn't thank him there. So we're gonna double. Thank you here. Thank you, man I'm still just trying to figure out why I'm here. Somebody told me it was free to Kila DT I did hear a rumor Villages need more space just saying That's what I've heard real quick you may have noticed that we had some villages around the con There was 32 in total 11 of them were new Let me know what you thought at villages dot Defcon dot org Other than that, I would just like to thank all the village leads for all the work They do to help me make my job easier And then I would like to thank all of my village goons for all they did to make it easier for you guys to get around with a special shout-out to Fox runner-up, Honey and Amazon for attempting to keep me on task Other than that That's about all I really got. Let me know what you think. I hope you enjoyed the villages and learned a little bit I know we're trying to grow them all like I said, but thanks for coming Okay, we've got a little bit of some statistics got data duplication village They pack it up DDV Okay, so this is something that we started years ago. It was originally sources from the info con dot org video archive Something I do with all my spare time. I Collect all the videos I can find from every hack conference and then we Also have some old hash tables rainbow tables and some word lists and other things So here are statistics this year. We managed to dupe over 506 terabyte hard drives Which is a lot? And you can see over here on the right-hand side info con is about half 230 copies people like getting new Updates of different cons, but I'm really surprised people still really like their rainbow tables But I can understand downloading five terabytes each That takes a while and a lot of people in other countries don't have that kind of bandwidth or time Or maybe they're on a metered connection And so it's really cool that we make it possible for people to grab data really quickly What I'd love to see in the future is more data sets and more people bringing their own data sets like it would have been really cool To see some other big dumps there So maybe in the future we're going to try to make that easier for people to bring and contribute their own data so By show of hands who here any of the 500 people participate in the data duplication village Okay back there All these the rainbow tables weren't on the con network, but all the info con data every year is on the con network So if you don't want to bring a hard drive you can always run with W get All right, we're gonna grow that next year Next up we've got vendors Who wants to represent vendors come on down Hi Defcon I'm Kevin I'm the team lead for for vendors and I want to talk a little bit about The vendors themselves, so this is a list of the vendors that we did have and we really love having Smaller companies come in and sell their products the type of products that you want to buy from you know The mom-and-pop shops or the you know, not the Amazons of the world essentially, you know We love those types of vendors. So here actually bought something from vendors Yeah We had a lot of people buy things for vendors and that's really awesome I know that they appreciate it. We loved having you guys in there our vendor goons Really appreciate them big shout out to all of them for helping the vendors get set up and helping you guys find your way I think the big thing that I want to say is that if you have any feedback for us as As the attendees or if you know of any vendors that you'd like to see inside of our vendors areas Please let us know you can get a hold of us at our vendors at Defcon or shoot us an email Give us any feedback that you might have and we definitely want to try to get better We try we want to grow what we want to grow in a way that Defcon wants We want to grow in our spirit. And so if you know anybody or have anything to send us absolutely let us know Especially shady stuff. We want shady stuff Shady stuff. Okay, we'll get some umbrellas, right? We had this epiphany when I was trying to describe to a friend is like well what we want then I'm like Well, basically stuff that you only want to buy in person, you know with cash You know like nothing you'd want to actually put your name on on Amazon and it was like a ha That's what people want Well awesome, uh get that feedback off to us and we'll try to make next year just as good and better. Thanks a lot Okay, arts and entertainment the people that are they awake? Yeah I don't have any slides. Well, I do have slides. I didn't actually make the slide But all right, we have slides. So I got some stats. I want to pull up here Really who went to the official Defcon parties that were in track one over here in Napoleon's out there and in the planet Hollywood? Gallery nightclub. That's really cool. That's really cool. Did you like the nightclubs place? This is our first year doing something like that. That's outside of a traditional ballroom. Was that good? So some stats we had about 75 performers. These are DJs band members, etc Supported by my team of eight goons and 17 other staff members that helped us with decor sound lighting also want to shout out to soma.fm who does all of our chill out space all day long and Everything that was in the chill out space was broadcast live on soma.fm And there is a Defcon channel that you can tune into all year round after the con ends there, too I Want to thank some people the hotel Wendy has been awesome for us on core Christina She's really helped us out. I want to thank Linda and Janet from the Defcon office. We can't do anything without them We had 42 hours of entertainment across those three properties and across three nights And the official soundtrack want to talk about that You can download that for free from the Defcon media server if you want to also you can go to our bandcamp site defconcommunications.bandcamp.com 100% of the proceeds that you donate through there will go to the EFF And if you have feedback for us, we'd love to hear it. Our Twitter account is defcon underscore music Thanks everybody. All right, let's get some parties Who went to a party? Yeah, hi I'm existence and I'm your responsible adult for nighttime and run the parties and meet-ups at Defcon I Don't drink so that's why I'm responsible We had some absolutely fantastic meet-ups with a huge attendance and amazing parties this year And I hope to go even bigger and better next year I want to shout out to some of the meet-ups that were new We even had some new people to Defcon that threw a great meet-up. So I want to shout out to them Thank you very much for doing that. Thank you all for coming out and participating now Special shout-out to pyro who's retiring this year and my goons and my goons who helped make this a success I have a very small team, but we made it happen. Anyway, if you have any feedback or suggestions for parties Please email me at parties at Defcon.org and If you want to throw a party, please get in touch with me. Let's make it happen next year. Thanks everyone and see you next year Contests and events That's right breathe it in So as you can see there's there's quite a few Contests and events that are on this slide There's also some random ones that that grow organically throughout the conference Sometimes they become You know official contest leader. Yeah, there is dino sumo wrestling But that's unofficial and has been unofficial for several years. We'll work on it. It's fine So, yeah, if you let me see how many people participated in a contest or event here All right, awesome, so I Guess first and foremost I'd like to thank the organizers of of these contests. They put in a significant amount of time I mean they start emailing me whether I like it or not in January about what they're gonna do the coming year and It's an incredible amount of effort just to make sure that you guys are entertained. So thank you very much to them Also, I'd like to thank the contest and event goons We have an incredibly difficult job of sitting on a couch in the contest area and watching the contest take place It's hard Somebody's got to do it. So it's us. So thanks guys All right, if you are interested in running an event or a contest Please reach out to me if you've got some crazy idea that you think is just way too weird. We'll never do it We might just do it. So please Hit us up contests at defconn.org or hit me up on the twitters grifter 801 And we'll see what we can make happen But let's get to The black badges, right? So of all of the contests you saw on that slide Only nine of those contests actually receive black badges. So it's incredibly stiff competition What we look for in a black badge contest is first and foremost Difficulty right we want you to work for it if you're getting into defconn free for life You better bring it and so we want something that's gonna make you suffer or at least Eat up a fair amount of your weekend just crushing puzzles or Putting together a ridiculous pretext and just coming at it full force. So This first contest I'm gonna bring to the stage is One of the longer running contests they are near and dear to my heart I think they are near and dear to yours the room when this contest is taking place is packed I They put in I Love you, too. I do so Again, they put in a significant amount of effort. They're they're one of those contests that's planning all year They're celebrating their 10th year this year. Welcome to the stage the social engineering contest So 10 years that's unbelievable, huh? This year we had 11,000 square feet and we still broke fire code by putting people over the floors So yeah, it's a little crazy and this yeah So the two ceiling tiles that fell that that statistic that was our room and and one of them This is not even a joke They had tried to repair the ceiling and they left a razor utility knife in the ceiling And it fell through the ceiling tile and cut one of our one of our people in our room No, I don't think she deserved it She was just standing there looking at a t-shirt and then you had a knife run down the back of her arm anyhow So that was pretty that was pretty crazy. Yeah. Yeah, that actually happened real stories Also the the kids and teens events I know that's not the black the black badge portion of it, but there was just something notable I wanted to to tell the community we had a young man who lost his mother last year be right before DEF CON and He he came and he competed in the teens event and he said just for the three days He's here running around he forgets about losing his mom because of the community and the way you guys accept him and make Him feel so that's a young little 14 year old young man That's coming to DEF CON and find in a place to really express himself So I just want to say thank you to all of you that interacted that way Okay, so on to the events just a couple stats that are shocking to me this year our contestants We have 14 contestants. They spent 874 hours doing o-scent The three weeks before they hand their reports in and we had 1120 pages of o-scent submitted. I just don't think they understand I also have a life and we just do this for fun, but that's a lot of o-scent to read We had the first time ever in ten years are running this contest that the a contestant got a perfect score on the report Right and yeah, yeah, I didn't think it was possible Especially this year we chose our theme was alcohol tobacco and firearm companies in America We thought it would be fitting and first day man the firearm companies were shutting us down non-stop it was like literally like bang bang you're dead and See what I did there. Hope I did it. I'm here all weekend Yeah, you appreciate that. I know we had the same since you humor so But then the second day it wasn't the case But we had the best the best thing that happened out of all of all of the calls was this one Contestant was using a pretext. What was the name he was using? Robert Green and he and he got caught like someone really got suspicious after giving over like flag flag flag flag and He called he hung up called another part of the the company and he said this is Rob Green from IT and the lady says Rob Green You're a damn liar click So yeah, I got to say here's what I'm really proud of that that means that company Actually had an email policy where they warned all the other employees about scam calls. That's awesome, right? It took us ten years to get there Took us ten years That's that's phenomenal. So I'm really happy. Okay, so Without without wasting any more time. Is this the first time there's a baby on stage at Defconn? Oh yours was on. Okay. I just curious. I was just curious. So she won the sec tf. No, just kidding. She didn't We should give the black bastard her she'll be getting in for like 90 years Defcon 2000 she's still there. Okay, so Our second place our second place winner well first time she ever did anything like this She just started off like three months ago or something in the industry. Sadly. She had to leave for a flight She was flying back to Australia and didn't want to be late So she had to run but she she came in second place with the perfect report score Also with an unbelievable call score, but our first place winner a leaf standing here She competed last year and another great lesson for us. I'm sorry company card No, what I'm going I'm gonna give her a bottle of alcohol I'm gonna give her a 10th year se head award and and black error. Sorry. Wow. Where am I? Defconn's gonna give her a black badge So you even made the bats beautiful hang on I have your badge right here It's also the second year in a row that women dominated the competition It was the second year in a row that women dominated the competition We again have two women in the first and second place and most of the high most of the high scores that we had Through the competition were all by our women SE so good. Good job. Keep it coming Thank you. All right next up. We have another long-running contest The it's funny that the first two are the ones who start to hit me up in January This is a Contest that has taken many forms over the years It started out as a troll essentially right and it morphed into something incredible So what went from grabbing your your creds and putting them on a wall on a paper plate in the Alexis Park Turned in to capture the packet I'm Riverside. How's it going? So this year we We did two packet hacking villages for Defcon one in China and one here But in China, it's actually the data packet hacking village because packet hacking village by itself means purse hacking village Because the translation so awesome, but I want to really really thank Defconn this year because the space was awesome How many of you got a chance to go out to the village? All right, how many of you got shirts? All right, there were six thousand shirts given out this year. It was awesome. We really really had a great time So I just thanks again to Defconn I want to thank all of our staff our volunteers our speakers and the DJs it was rocking We got shut down on YouTube streaming multiple times for violations by accident on the DJs oops but We I want to sneak spite some some very very short time in here. I know I got to get off the stage soon We have amazing people across all of Defcon and this is an inclusive community and we we accept everyone and some of our Community have disabilities Both physical mental we have people of all different shapes and sizes and we include Absolutely everybody so in at least in our village We started building a tag for those that want to wear them that's a disability tag that is bright and like that They people can see it so if somebody has social anxiety panic attacks you can see and you're like, okay Let's get that person help. There's goons all over the place, but sometimes in a crowd. There's a thing we ask that The crowd the group not use social engineering techniques and use those if you see it. It's legit Please try I know we've talked to Defcon They're working on trying to figure out something those that want to can those that can't can't but you know We have but you know a ton of different people and we want to make sure everybody can participate equally So let's let's work that together as a community So this year's wall of sheep stuff was a bit sparse because you know, we're getting the open not the secure network but What we did notice and we kind of pivoted completely we build some of you noticed a second projector next to the wall We call that this our sidecar app Since we can't see your encrypted credentials meaning we're actually doing our legit Dobb what we can see is your awesome DNS tracking records and all the other things how many of you by show of hand knows What an HTTP tracker is? Okay, so not many that means a company is tracking everything that you do and so we had a flow of all the traffic going across the network and 50% plus of the Defcon attendees at any given time. We're being tracked by another company a lot a lot of But all those trackers we were tracking the trackers and watching who what who was doing what it was awesome to watch So even though they're not a bunch of stuff on the actual wall list the traffic is amazing to watch We had so many people participate So if you don't know how to deal with that talk to somebody that raised their hand that knows how to deal with it Stop getting tracked Let's see the ctp stats and ctp this year was Crazy we had lines of people trying to get signed up go in we were able to accommodate a ton of people We did the prelims the mains the finals This year we had 14 categories we spent As grifter said the entire year we were some of these challenges We've been working on for multiple years some of the challenges are like three four years in the making to do custom stego and Crazy exfiltration techniques and like the stuff that you hear on the scary news We're throwing that inside of here So if you're an actual defender or somebody that does threat hunting this is your bag It is awesome. And so just to kind of give you an example of like what happened The third place team respondo Answered 42 percent of all of the content in finals the second place team answered 46 percent and the first place team who gets the the water cash to grand and the The black badge over here and hopefully a handshake from DT Here you go guys 53 percent Broke the 50 percent mark first team in a long time given hand and they played multiple times So, thank you all deaf con See ya The next contest up is one of the side effects of competing in contests here at deaf con They're a perfect representation of that after years and years of slaving away on puzzles and Mystery challenges and all things. What the hell is that? They decided Maybe we can try our hand at this and so they created their own so welcome to the stage Oh, no, that's in the wrong spot. Where are you guys? dumpster fire We're just gonna bring him up anyway. Hey, whoever's running the thing leave it off. It's dungeons at deaf con Hello we're dungeons at deaf con and What we saw a bunch of us have participated in mystery challenging years past what we've found is there's a lot of really high level expert level content and contests at deaf con Which is awesome if you walk in as a high level expert, but what if you're not a high level expert and you want to learn? Well, that's what we created so dungeon the deaf con is a crypto and puzzle solving competition And the goal is that anyone can walk in off the street and learn how to do this and win Archdiocese spent all weekend answering crypto puzzles and Solving challenges and learning new things because we are going to guide you through the experience We're not going to give you the answers, but we will tell you Tools you can use and ways you can think on how to solve these puzzles. So First off, we want to just shout out to the goons and to the villages for being our NPCs Our contest is all we every year we base it around different RPG and this year was paranoia themed and they got to send our players on Quests that they could earn hints So without any more we have a couple of winners first of all I want to shout out to the council of nine They made it to the end of the competition were the first ones to they found lost got the key and opened the box of treasure and Our overall points winners who get the shiny shiny black badge is the fellowship of the token ring So take a while So the next contest I feel a little bit bad So we had them in the regular contest and events closing and not as a black badge They actually won a black badge. I had to call them and say oh, hey, you're gonna be in the main closing ceremonies and And Whitney said I'm in my car on the way to a storage unit and then flipped it around and made it back here So Goldbug challenge. Hi everyone Per def con. I'm losing my voice as always so really quickly the crypto and privacy village is a place where crypto means cryptography and privacy is a right and We mean it so much we set it in neon So if you had a chance to come by the village you would see that we had some custom Via Alibaba signs saying as such But really I wanted to say a quick thank you to def con because without all of you It would not be possible and we've been doing this for six years together and it's getting better every year But thank you especially to hony Zant and grifter for all of the support and work that they've done to make the crypto and privacy village successful this year So It was our sixth year and we are now officially a 501c3 corporation Or a nonprofit and I just wanted to say that we are committed to never taking corporate sponsorship So you'll know that when we're talking about privacy and cryptography. We will not be Have any sort of conflict of interest so follow us on Twitter and We're Zant. We're very happy with our space. I would like to say like we felt like we had enough space this year so I'll now pass it on to my and Kevin who are the crypto and privacy villages contest leads because we're getting big enough to Have that now. So as Whitney said the the Goldberg puzzle is part of crypto privacy village is the fourth year that the puzzle has been running It's a cryptography based puzzle hunt if you're familiar with like a traditional puzzle hunt So there's a bunch of different puzzles that teams can solve And they and then they kind of solve a meta puzzle at the end which combines all of them together It's the fourth year of the contest second-year black badge very exciting We also had puzzles for junior cryptographers available So if you saw us give you a piece of paper where we weren't, you know, we wanted to get you excited about crypto We had everything from you know, simple Caesar ciphers various kinds of encodings book ciphers crosswords nonograms And mantel brought sets and Riemann's data functions So like the whole the whole gamut of cryptography is up for play and the prize Which I unfortunately don't have here is also a physical mounted bug like an actual beetle that we that are that our winners get So this year we had a really good showing we had 275 teams register those 275 teams submitted 2303 wrong answers and 27 correct answers So our winning team solved eight of the nine puzzles And we have here team gold bugs. We have a representative And the so the bbs that hosts all the puzzles is going to be online after the con So we encourage folks who haven't had a chance to play the games yet to keep going and remember there's one left Available so who will be the first to catch the gold bug Some people want you to capture a packet others want you to capture a flag Some just want you to do a puzzle That's not enough for this next group and when I mentioned their name. I expect you to respond correctly Welcome to the stage hack the planet. Let's do that again hack the motherfucking planet My name is Bryson the ICS village started about six years ago with just a couple of us I think in the real hack of tradition of just putting some shit together and Bringing it here and they kept tolerating us doing that. We kept coming back year after year We'd also just incorporated this year as a nonprofit So we're now a 501 c3 with the mission of providing education awareness around critical infrastructure security And we also happen to put on a CTF our CTF represents over 3,000 hours of work with over a hundred challenges one special call-out is one of the challenges has Involves a level of exploitation that over a thousand folks over three years have never been able to solve until today So that is the eye toaster you can follow it on Twitter. He talks a lot of shit and with that Am I supposed to give like a black badge or something? If any of you know me I usually am just told what to do and then I say it so I'm now going to not give the black badge But instead recognize third place with pony IP Second place butter overflow and then the team that truly hacked the planet team clarity I think Even though these guys are super new to this you probably know who they are Well, look, there's dungeons It's not them Where it is a dumpster fire. All right Anyway, like I said, you probably know who they are. They've been doing it for 25 years hacker Jeopardy Buddy, I'm when you know me as the people that caused pain hacker Jeopardy 25 years ago Jeff asked win him and me drinking 25 years ago grandpa comes with me everywhere we go But this year we had Contests at other cons as a precursor to Defcon tour con thought con derby con pack in Paris So it was an international competition Everybody came here not to fuck it up on the stage in Las Vegas The only casualties I have to report are one team that didn't show up mentally and a ceiling which was much too low Yeah, we were the other ones. Sorry about that. Hope the insurance policy covers it Without any further ado, I will give you your 25th anniversary hacker Jeopardy champion the church of Wi-Fi I just want to say We did this for tuna Pouring one out would actually be a sin in the church. So this one's for him. Yes. What's on the next slide? I'm over it Whatever It's all good So I believe if memory serves me correctly But these guys have done this contest. This is the second year I actually had several people come up to me to tell me specifically about How great had it been put together? It ended up on the radar, so I met with the organizers. They walked me through the contest. It's a fairly incredible challenge I'll let them explain it to you Open sock Thanks, electricer. So first off for anybody that doesn't know about open sock So we are very humbly located with the the new but powerful blue team village It's the second year for the village. It's also the second year for open sock at Defcon But it's actually our first year as an official Defcon contest So we couldn't be more excited to be recognized as a black badge competition this year So so a little bit about open sock We are very very thrilled to be one of the probably most defensive focused Competitions here at Defcon. We are a live fire incident response and threat hunt simulation We have a gigantic virtualized corporate environment with everything you can imagine out of the sun from simulated users email internet the whole nine and then of course many many back-to-back nation-state adversaries just wreaking havoc in this environment and what we do is we turn several open source threat hunt platforms over to what ended up being nearly six hundred of you To understand what was taking place inside the environment. So essentially it's a sock The reason we call it open sock is because we very proudly put open source tools at the forefront of this project So every single one of the platforms that our participants used gray log Collide OS query OS sec These are all open source tools so the participants are getting real hands-on experience with the amount of the incredible amount of visibility we can deploy in environments with little to no investment and and track no kidding nation-state adversaries so a cool really a few really awesome stats So if anyone here's ever worked a an incident response with a non-trivial threat actor You know how much time can go into something like that, right? I mean anywhere from 48 72 hours. I mean days weeks We had 12 of those type of breaches in this environment at Defcon our participants spend Up to 31 consecutive hours working through intrusions in this environment We had 248 teams 570 players Can you imagine the kind of elastic stack you need to support 500 consecutive players? It was it was a beast. I couldn't have done it without a very large team of Awesome folks threat analysts security architects you name it I've got a lot of support to make this happen but honestly we want to really thank the blue team village for giving us a really awesome place to run this event and most of all I want to thank all of the Nearly 600 people that gave us almost their entire con to sit there and play through our scenarios is incredible So our finalists we took the top 15 teams from the general category and we let them play through two nation-state actors Finn 7 and APT 34 and they ran through two simultaneous intrusions and We had some incredible stats, so I'll just go ahead and start with our number three team was brute force with 1735 points did incredible job with only three team members second place should have slept in with 1860 points with only two team members and then our first place our first place with five team members 2090 points Walmart greeters Now there's one more thing that I want to cover because it's very near and dear to my heart and the hearts of many others That are here with me on stage and those of you that are in the crowd with the blue team village I want to mention a a member of the blue team village the inaugural year last year Nolan Barry some of you may know him as Dev Null Nolan's no longer with us he passed away this year and so we did several things to commemorate the memory of Nolan and including including the Badges that you probably see a lot of blue team village members wearing But we also had a custom scenario in open sock called neutrino cannon And what we did was we took many different awesome aspects of Nolan's life Including his previous role as a DNS architect for rack space So we use DNS for our C2 mechanism and we took many other awesome attributes of Nolan's life and we rolled it into this scenario and we let 600 of you play through it and Enjoy an incident response intrusion where you're getting to commemorate a really awesome hacker in this community that we are all very missing This year, so that's all I have. Thank you so much Anything could be on this next slide. I'm gonna go with who's standing near the stage so This next contest has been a Part of the contest and events Family for several years They've been a black badge contest for several years and that's because they bring it and they also bring it in a way That includes as many people as humanly possible the challenges are highly technical to the absurd So if players get stuck on something they can essentially pass and move on to something else They just might not like what they get This year I walked by and there were people doing burpees and sit-ups and push-ups and I was like What the hell is that and they're like they're hacking fitness Warlock games Hello DevCon It's been an awesome year. It's been an amazing time. So this year for Warlock games. We did incorporate Hack fitness five events total of 300 points where basically you could do push-ups Sit-ups do a full plank wall sit burpees that kind of thing for as much as you can for two minutes and we actually had some pretty interesting participants that came along and It kind of went a little bit slow in the beginning I think folks are kind of figuring out what it was what to do and then it just took off and it was literally busy the Entire time that we were there literally line ready to go next person ready to go doing two at a time Sometimes three at a time just to get everybody through and they were doing great The highest score that we got out of this and we actually had three of them was 290 points that folks came through and they did these exercises and it was fantastic So that hack fitness was part of the overall Warlock game CTF So we have the physical challenge of lockpicks. We do mindless things like putting Legos together for speed And then we have the packing analysis Forensics malware analysis reverse engineering binaries those kinds of things The teams that you see standing here behind me were our third Three teams. They were our finalists in third place. We had F2 TC with a score of 48 64 our second place team is ambush with 4934 and it was a fierce competition Literally right down to the very end taking all things into account our finalist PTFS with 52 94 Congratulations So I'd like to say thank you very much to grifter DT. Thank you deaf con in general Be fit stay healthy stay strong. We look forward to seeing you at deaf con 28 The next contest doesn't really need any introduction I will make a comment though about the fact that this year any contest that wasn't located in a village We had over at planet Hollywood, right? We had a contest stage out there on the mezzanine We had the contest area just packed with all different kinds of contests and events This particular contest we put as close to the casino as possible Capture the flag Hello hackers We are the order of the overflow We're back. This is our second year hosting deaf con ctf And it is an honor to be here talking to all of you again last year you might remember I was barely coherent from sleep deprivation this year is a little better so We are as last year still a bunch of nukes Hackers engineers professors and really very silly people for agreeing to do this Even though it is incredibly Touching that we were given this trust as as silly as that was Um Our first deaf con ctf hosting experience last year. We ruled the ctf with an iron fist Surveillance was everywhere Cyber citizens were punished harshly for any missteps And the world was fully secure except for the huge amount of insane hacks carried out by Rebel factions among the teams In the year since then we started looking to the future We have Filled our hearts with hope for humanity And we have decided to lead these hackers Into the future into a world without security vulnerabilities We could not do this without the support of a lot of people First of all dark tangent. Thank you. You're incredible The goons. Thank you so much for hosting this event deaf con and helping us host this small event deaf con ctf inside it The prior deaf con organizers so as you know deaf con organizers swap out every couple of years Our prior deaf con organizers legit BS gave us a lot of wisdom and help To help make this event a success Our families who haven't seen us almost at all in a very long time and I hope to see us at least sleeping next week And our friends Who couldn't be here? You're seeing part of the order of the flow behind me We also have dr. Tiffany bow who is in china at the moment. Maybe she thought this was deaf con china weekend And we have jackie debbie and jamie back at asu who Make this possible for us to do so I was supposed to say all that to that slide. I don't see the slide anyways. Oh brilliant. All right, so I'll talk a bit about how The teams show up at deaf con because you can't have a ctf without the top hackers in the world so as previous years decided to make Five top events around the world pre qualifiers plus deaf con ctf from last year These events all over the world some of the best events In ctf you should go and play them over the next year and join the teams up on stage up on the contest area We also ran our own ctf qualifiers in which we Created a new category for deaf con ctf qualifiers speedrun We watched some Amazing hackers solve challenges as quickly as five minutes from release which was incredible to see and using this we amassed A group of participants that represented some of the best hackers on the planet out of the 1,200 teams That participated on our qualifiers Estimated 20,000 hackers participating in the qualifiers We invited 16 teams to join us here at deaf con finals. This is them in alphabetical order They're incredible as I announced the results. Please remember That these are the best hackers on the planet Well Plus all of you, but these are the best acting on the planet that also decided to show up to this ctf so Even the last place team They're incredible. They are the last place team at the olympics And of course it only gets even cooler from there Mentioned quickly about the challenges. We had a lot of firsts this year. We decided to focus on cutting edge challenges And a spectatability So we had Some very interesting things. We had I think the first attack defense challenge running on ios of iPhone not cisco fame We had an attack defense challenge that was a machine learning classifier We had a king of the hill challenge where we handed out the original xbox to all the teams and had them go at it On a crazy patched up version of doom Of course all the network cheating all the binary patching that they could imagine We had a challenge running on a lisp machine Created in the 1980s or an emulator thereof We have we had a lot of really crazy stuff And the teams really hit it hard They hacked non-stop from 10 a.m. Friday to 1 p.m. Today They gave it their best So we'll move on to announcing how they did So these are the 11 teams that play six through sixteenths From all over the world really great Hackers like I said, but of course we're all interested to see how People did in the top five. So let's see in fifth place Macaroni From Italy in fourth place From china third place And now they will start coming up Tea deliverers from china in second place One of the heavy hitters of defcon ctf and the ctf community worldwide awesome team Hitcon And bf kinesis Hailing from taiwan first place Hailing from the united states multi-time ctf champions The plaid parliament of ponig The plaid parliament of ponig of course as every year The winner does wins eight black badges and eight custom defcon leather jackets And eternal glory Thank you for coming by and watching Rooting for these guys whoever else It was an honor hosting this year And we hope to see you again and have some awesome stuff for you next year. Thank you as always We are releasing everything the full data set pcaps Flags of missions logs gigabytes and gigabytes of insane stuff Uh after we get a little bit of sleep and scrub some unreleased challenges from The database and you'll see it all on our twitter and on the defcon website Thank you. Thank you all Look what I've got in here No, no, I think I've got it. I think I might I had the uh a winning black badge from the counterfeit badge contest Okay, I want to thank everybody that made this possible. You see a lot of departments here Um, everybody is a small piece of the whole some work all year round Some are just on site, but I just want to have everybody give it up for everybody who's made this possible Zance wondering how many people here by show of hands did not make it to a village Oh, nobody did not make it to planet hollywood or flamingo Okay, so we do something every year just like we have black badges that get you in for life If you serve as a goon successfully Um For 10 years, uh, you get a gold badge and that's sort of the the goons version of the uber badge It gets you in for life for all of you that you've contributed all the time you've put into making the conference happen So, um, one of the goon, uh, gold badge Uh, recipients this year is going to be pyro He's put in way more than 10 years Do you know pyro? Thank you all deaf gone everybody have an amazing time as a human next year technically gold badges and human but Thank you all very very much for everything that you have all ever done Um, thank you for your attendance. We we couldn't do this without you obviously we come and do this for you And and thank you very much to all of the goons who have worked with me over all the years supporting contests and events workshops Registration parties everything else You guys are really what's kept me here this long and and I just I can't thank you all enough. Thank you so much I love you pyro kill him Who was that? And then finally we have the back end staff of the uh the deaf gone hq That's me nakita jennet kneel dinda will dangton and all the department heads That deal with this planning all year round But as we talked about earlier All good things must come to an end And deaf gone is canceled Much like much like the uber raffle. Yeah deaf gone is canceled So, uh, we only knew this hotel for one brief year But next year we're moving Moving into what we hope to be our home for quite a while Which is the caesar's forum not the caesar's forum's shop the caesar's forum That's not confusing is it? Yes Oh, they could you put it on the screen, please Okay, there we go the caesar's forum Which is a giant hole in the ground next door where they're building the largest Structure without a pillar in the room in north america And it will be connected to three hotels Um, and that hope it's like I think it's the link flamingo and haras So those three hotels combined with our new mega space should provide us, uh, really in uh Some room to grow a more flexible space And by the way, it's happening next year 8th to the 11th in 2020 registration opens on monday And we really hope to see you there. We're taking feedback We're trying to improve the con and something we didn't mention earlier Who here remembers the def con forums from years ago? Okay, so they died for a while a year and a half or two and the forums are back And if you want to provide us feedback if you want to ask questions to the workshop Uh instructors if you want to give us, uh drop your docs on how you solved the challenge We're collecting it all there. So we have a repository. So for example, all of the cheats and wins for the badge are posted there from every historical year Um, so jump on the forums. My dates are wrong. Who did that? It's a six. It's the sixth, right? Yeah, yeah, six. Okay. Don't don't we get off that slide six through ninth. You didn't see that slide six through ninth Didn't see that do it live Whoo Just edit the slide. No, no, no. Okay with that I would like to officially call def con 27 to a close. Thank you very much and we'll see you next year