DEF CON 32 Recap: Navigating the latest Cybersecurity challenges and breakthroughs
Las Vegas in August has become synonymous with the excitement of hacking conferences, particularly DEF CON, the world's largest and longest-running hacking and security conference. Davinsi Labs was there once again to catch up on the latest trends, tools, techniques, and insights in the evolving world of offensive security.
Join us as our colleagues Sander and Jan share key insights and highlights from this year's edition.
DEF CON 32: Kick-off
After a long and smooth flight, we arrived in Las Vegas and checked into the hotel. Once we had adjusted to the extreme Nevada desert weather and the 9 hour time difference, it was time to get our DEF CON 32 badge at the Las Vegas Convention Center.
Long live “Empire”: A C2 workshop for modern Red Teaming
A couple of weeks in advance, we managed to reserve a spot for one of the coveted workshops on Command and Control (C2) frameworks.
The workshop offered an in-depth exploration of C2 frameworks, with a specific focus on the open-source Empire framework. C2 frameworks play a crucial role for Red Teams and Advanced Persistent Threats (APTs) by establishing persistent access and control over targeted networks.
We gained valuable insights into the deployment, features, and real-world applications of C2 in offensive security and learned how to leverage Empire to create, customize, and execute advanced attack scenarios, honing our skills as Red Team operators.
Talks, villages & challenges
Looking through the DEF CON program folder, we quickly realized that we needed to select specific topics to focus on. The size of the conference and the amount of content available were truly massive and overwhelming. Fortunately, most of the content is available at media.defcon.org
At the Physical Security Village we really got our hands dirty and learned techniques to bypass motion sensors, all kinds of door locks, and even learned how to lockpick handcuffs.
Later that day, we visited the National Renewable Energy Laboratory (NREL) booth at the ICS Village, where we attempted to solve their Wind Turbine Challenge. NREL, based in the US, specializes in the research and development of renewable energy, energy efficiency, energy systems integration, and sustainable transportation. The team at this booth specifically focuses on researching OT security for the US power grid.
The setup at the booth consisted of a set of modules that run simulated OT devices (Wind Turbines in this case) in docker containers. It allows researchers to represent a physical system, at scale, in a co-simulation environment for specific or system-wide testing and evaluation without impacting a real-world system. Each turbine posed a unique challenge, varying in difficulty from easy to hard. The objective was to bring them down by exploiting flaws in the system.
Another opportunity we encountered was the Open Architecture X-Ray Simulator hosted by the Transportation Security Administration (TSA) at the Aerospace village. TSA is most well-known for managing security at US airports. This includes screening passengers, luggage, and cargo to prevent dangerous items from being brought on board aircraft.
TSA's commitment to open architecture aims to create a more flexible, efficient, and innovative security infrastructure that can quickly adapt to emerging threats and technological advancements.
As an entire village within the village, Artificial Intelligence was very well represented at DEF CON. This makeshift village demonstrated the consequences of unsecured critical infrastructure and how AI can help secure it by mitigating vulnerabilities autonomously. A giant wall displayed the leader board of the AI Cyber Challenge (AIxCC) where teams competed with cyber reasoning systems to win large cash prizes and a qualification for the 2025 finals. The AI village even hosted its own stage with its own packed schedule.
Spread over 4 main stages, a war story stage and another 4 creator stages, we often had to make tough choices of which speaker to attend. Each talk more fascinating than the last. Insights in extensive car bluetooth assessments, SQL injection at the protocol level, the story of SSHamble and Unsaflock to name a few.
One of the last talks we attended was about finding zero-days in Vilo home routers. A group of students talked about their research and how they approached these devices from a blackbox perspective. They took us through the whole process from extracting the firmware to the communication process with the vendor. Their research is available on Github.
Conclusion
DEF CON 32 was a remarkable opportunity to immerse ourselves in the forefront of hacking and cybersecurity. The conference not only broadened our understanding of the latest vulnerabilities and emerging threats but also equipped us with cutting-edge tools and methodologies to enhance our offensive security strategies. We explored new approaches in areas such as zero-day exploitation, social engineering, and AI-driven attack vectors, which will directly inform our ongoing research and development efforts.
As we bring these insights back to our team, we are more committed than ever to applying this knowledge to fortify our defenses, innovate our security solutions, and anticipate future threats. Our goal is to transform these learnings into actionable strategies that not only bolster our internal capabilities but also deliver unparalleled value to our customers, empowering them to navigate an increasingly complex digital landscape with confidence. Stay tuned as we continue to integrate these advanced techniques into our services, driving forward the future of cybersecurity together.