Events

Join Us at DEF CON 32!

We are excited to announce our participation at DEF CON 32 in Las Vegas. We are partnering with @SecureAerospace and @MarSecVillage to bring you immersive experiences and insightful aviation and maritime cybersecurity talks.

Immersive experiences:

• Aerospace Village: Take flight in our A320 simulator and test your skills against tampered Electronic Flight Bags (EFBs).
• ICS Village: Step aboard the virtual ship and experience the MarSec simulator. Learn how cyber attackers can jeopardize maritime safety and explore ways to safeguard our seas.

Speaker Sessions:

Talk: A Hole in One: Pwning a cruise ship from a golf simulator

• Andrew Tierney
• Date: Friday, August 9
• Time: 12:00 – 12:59 PDT
• Location: LVCC West/Floor 1/Hall 3/HW3-06-05

Description: Andrew Tierney shares a fascinating case where a misconfigured golf simulator led to the compromise of an entire cruise ship. As a Security Consultant at Pen Test Partners, Andrew specializes in hardware security, covering systems like ICS, IoT, and more. He brings extensive experience in reverse engineering and vulnerability research, helping companies secure devices and platforms. Andrew is also an accomplished speaker, presenting at major conferences, including DEF CON, BlackHat, and 44CON.

Talk: Abusing Windows Hello without a severed hand

• Ceri Coburn & Dirk-jan Mollema
• Date: Friday, August 9
• Time: 15:00 – 15:45 PDT
• Location: LVCC – L1 – HW1-11-02 (Track 2)

Description: Explore the vulnerabilities in Windows Hello, Microsoft’s modern authentication system, which uses biometrics for security. Ceri Coburn and Dirk-Jan Mollema will demonstrate how attackers can exploit secrets backed by biometrics, even without access to the biometric data itself. They will also discuss how to bypass hardware protections and the risks of identity persistency and Primary Refresh Token (PRT) theft, sometimes without needing administrator access.

Talk: I am still the captain now!

• Paul Brownridge & Andrew Tierney
• Date: Saturday, August 10
• Time: 12:00 – 13:00 PDT
• Location: Creator Stage 2

Description: Paul Brownridge and Andrew Tierney share insights from their maritime cybersecurity experiences, including a discussion on the MV Dali incident and how it could have been a cyber event. They will also highlight the evolving landscape of maritime cyber regulations and the challenges faced by operators and technology providers with new standards like IACS UR E26 & 27

Talk: GPS spoofing: it’s about time, not just position

• Ken Munro
• Date: Saturday, August 10
• Time: 12:30 – 13:00 PDT
• Location: LVCC – L1 – HW4-04-02 (Creator Stage 3)

Description: This talk explores the lesser-known impact of GPS time spoofing, which can invalidate digital certificates and disrupt electronic communications, potentially grounding entire fleets. Ken Munro will discuss these vulnerabilities and potential mitigations, as well as touch on the risks to conventional RF navigation aids.

Exclusive parties (invite only):

• Thursday, August 8: Automotive-focused party at the Cosmopolitan Hotel (19:00-24:00)
• Friday, August 9: DEFCON.run party at Double Down Saloon (20:00-24:00)
• Friday, August 9: Aerospace-focused party at the Cosmopolitan Hotel (19:00-24:00)
• Sunday, August 11: PTP DEF CON After-party at the Cosmopolitan Hotel (19:00-24:00)

DEFCON.run:

Start your mornings with a refreshing run! Join us at 6:00 AM near the convention centre’s parking lot.

Don’t miss this opportunity to connect, learn, and enjoy with the cybersecurity community.

 

Stay updated about what is going on at DEF CON 32 on our socials:

Twitter / X – https://x.com/PenTestPartners

LinkedIn – https://www.linkedin.com/company/pen-test-partners/

Facebook – https://www.facebook.com/profile.php?id=61562779844449