top of page

DEFCON 31 Talk Schedule

All talks will be held in the Aerospace Village stage.

Friday 8/11

50

Minutes

11:00 AM

Hack-A-Sat 4

The Hack-A-Sat 4 Team

Hack-A-Sat 4 is quite simply the world's first CTF in space. Now in its 4th year, the Hack-A-Sat competition series aims to enable security researchers of all levels to focus their skills and creativity on solving cyber security challenges on space systems and incentivize innovation in securing these systems. Stop by and witness the 5 finalist teams compete for $100K in prizes, learn more about the history of Hack-A-Sat, and the Moonlighter satellite hosting this year's competition. Competition updates will be presented on the AV stage both Friday and Saturday morning at 11 am PT

50

Minutes

12:00 PM

Secure Micropatching on the ISS

Henry Haswell

This presentation discusses how SwRI’s secure micropatching service was recently demonstrated running on a commercial team member’s asset on the international space station (ISS). The micropatching service was able to correct insertion, deletion, or modification of data without needing to resend the full update. This work sets a foundation for securing over-the-air updates from malicious perturbation by utilizing communications between space assets.

25

Minutes

1:00 PM

Guarding the Galaxy: Ransomware Resilience in CubeSats

Peter Hansen

Delve into the world of ransomware - in space! We will explore how malicious actors might exploit vulnerabilities in research satellites: defeating built in defense mechanisms, locking up internal systems and immobilizing a CubeSat, and holding its operations hostage while demanding a ransom. Join us as we chart a course through this cosmic cybersecurity threat, shedding light on the shadows of the final frontier and guarding our satellites from danger!

25

Minutes

1:30 PM

Moving Target Defense for Space Systems

Dr. Chris Jenkins

We devised a MTD algorithm and tested its application to a MIL-STD-1553 network. We demonstrated and analyzed four aspects of the MTD algorithm: 1) characterized the performance and unpredictability of the core algorithm, 2) demonstrated experiments on actual commercial hardware, 3) conducted an exfiltration experiment where the reduction in adversarial knowledge was 97%, and 4) employed the LSTM machine learning model to see if it could defeat the algorithm.

50

Minutes

2:00 PM

Orbiting the White House: Cybersecurity as a Space Imperative

Tanya Simms and Lauryn Williams

Due to current and emerging threats in the space ecosystem, notably from the recent and ongoing war in Ukraine and even US GPS related outages, space is front and center as both an industry of intense innovation and imperative for civil, military, and commercial growth. It is often the case, that existing cybersecurity policies and frameworks do not apply to space systems. In this presentation, we hope to illuminate the current gaps in such policies and offer ways that the audience can help.

50

Minutes

3:00 PM

A Fireside Chat with the TSA Administrator

Steve Luczynski, David Pekoske

Join Steve Luczynski in a fireside chat with with David Pekoske, Administrator of the Transportation Security Administration.

50

Minutes

4:00 PM

Transportation Screening Equipment Cybersecurity Briefing

Edam Colón

This presentation discusses the Cybersecurity challenges faced when evaluating the Transportation Screening Equipment at TSA. It covers at a high level the components seem during an evaluation, what stakeholders of systems should be aware of and how we can improve the security of the systems going forward. The briefing will cover a wide variety of topics related to security testing of the equipment and how it will differ between IT and OT while still maintaining the overall security.

50

Minutes

5:00 PM

Pen Test Partners Power Hour

Ken Munro, Alex Lomas

Pen Test Partners invites you to pull up a free beer and join us for further adventures in hacking electronic flight bags (EFBs), and then a fun rant at terrible aviation hacking in the movies to close the first day at the aerospace village.

Saturday 8/12

11:00 AM

50

Minutes

Hack-A-Sat 4

The Hack-A-Sat 4 Team

Hack-A-Sat 4 is quite simply the world's first CTF in space. Now in its 4th year, the Hack-A-Sat competition series aims to enable security researchers of all levels to focus their skills and creativity on solving cyber security challenges on space systems and incentivize innovation in securing these systems. Stop by and witness the 5 finalist teams compete for $100K in prizes, learn more about the history of Hack-A-Sat, and the Moonlighter satellite hosting this year's competition. Competition updates will be presented on the AV stage both Friday and Saturday morning at 11 am PT

12:00 PM

25

Minutes

CON trolling the weather

Paz Hameiri

Weather balloons’ radiosondes measure and transmit weather data. Besides weather models and forecasts, radiosondes are also important for gathering weather data for satellite launches and human spaceflights. I’ll present a simulation framework for the most popular radiosonde model and present simulations of a jamming attack and a spoofing attack on a receiver. I'll talk about the shortcomings of the military variant of the radiosonde model and suggest a simple way to cope with spoofing attacks.

12:30 PM

50

Minutes

Building Space Attack Chains using SPARTA

Brandon Bailey

Will demonstrate how to use SPARTA to develop attack chains against space systems. This presentation will present pre-existing attack chains (e.g., CySat 2023, Hack-a-Sat 3, etc.) that have been performed as well as new attack chains leveraging the SPARTA TTPs. The presentation will include a demonstration of at least one attack chain using a digital twin simulation.

1:30 PM

25

Minutes

Elon, Twitter and the PIA: How not to achieve privacy in aviation

Martin Strohmeier

In 2022, aviation tracking privacy (or the lack thereof) has truly entered the global mainstream, with operational security and climate shaming of private jets suddenly discussed all over the world. Following up on previous work presented at the Aerospace Village, we will conduct a deep dive into how we arrived in this position, why nothing has worked so far, and how we need to change our thinking in order to achieve any meaningful privacy in aviation.

2:00 PM

25

Minutes

Labs and Trust: How to build a successful aviation cybersecurity research programme

Martin Strohmeier

Over the past 10 years, armasusisse Science + Technology has been successfully conducting open security research with real avionics hardware, working closely with industry and regulators. The talk will cover our technical results as well as our approach to building trust with regulators and the industry by working as responsibly as possible while still maintaining the openness required to obtain the necessary results and drive change in the wider ecosystem.

2:30 PM

25

Minutes

Stories from the Trenches: Operating a Aeronautics Cyber Range

Christopher Ottesen

The Aeronautics Cyber Range performs penetration testing on DoD aviation weapons systems. Since becoming operational in 2019, the team has accumulated many lessons learned and best practices to support testing of aerospace embedded systems. This talk details how to deal with fundamental challenges of operating this type of facility. Brace yourselves for an incredible journey filled with the obstacles we encountered and the strategies and tactics you can use to avoid our growing pains.

3:00 PM

25

Minutes

Space Pirates on the Loose! - Space-Based Threats to US Interests

Sage Meadows, Henry Danielson

Many US interests heavily depend on space assets. With the rapid development of space technology, security is often overlooked. This talk covers a range of space-based attack scenarios, developed via extensive threat modeling efforts (attack trees, PnGs, etc). The paper being produced from this research effort will be presented to the National Space Council. By addressing these issues, the US can strengthen its resilience in space and ensure the security of critical space-based infrastructures.

3:30 PM

50

Minutes

Wingin' It - Pentesting a 737

Alexander Dodd

In January 2023, Attack Research was invited to perform an on-wing penetration test of a Boeing 737NG that was being decommissioned. Come, listen, and be taken on a journey through this little-explored realm of aviation security. Discover some of our secrets from the decades of combined experience working on in-flight entertainment systems and various aircraft as well as the reasons why airlines and OEMs are urged to open their minds to external expertise and embrace the insights presented.

4:30 PM

25

Minutes

A Fireside Chat with Chris Roberts and Pete Cooper

Pete Cooper, Chris Roberts

Join Pete Cooper in a fireside chat with Chris Roberts about his role as the CISO for Boom Supersonic and how he is approaching the challenges of securing a flying platform from the ground up using everything from digital twins to AI. It will also be a chance to discuss what he has learnt across his career and his advice for the next generation coming through.

5:00 PM

50

Minutes

Aerospace Village - 5 Years On

Pete Cooper, Beau Woods, Jen Ellis, RoRo, Katie Trimble-Noble

This is the 5th year of the Aerospace Village and the landscape now is totally different to what it was at the start. This is the story of how a diverse bunch of hackers, engineers, pilots, policy leaders and more from across both the public and private sectors founded and built the Aerospace Village to promote safe, reliable, and trustworthy aviation and space operations.

Sunday 8/12

10:30 AM

50

Minutes

The Looming Perils for End Users in Satellite Communications

Vincent Lenders

Satellite communication has gained importance in our mobile and hyper-connected society, but end users are exposed to various security threats that are often not well understood. In this talk, I will present several practical attacks targeting the security and privacy of satellite end users. These attacks target satellite systems such as DVB-S, Inmarsat, Iridium, and GPS. The attacks have been developed and performed in our satellite security research labs at the Swiss Cyber-Defence Campus.

12:00 PM

50

Minutes

Hack-A-Sat 4 Awards Ceremony

The Hack-A-Sat 4 Team

Hack-A-Sat 4 is quite simply the world's first CTF in space. Now in its 4th year, the Hack-A-Sat competition series aims to enable security researchers of all levels to focus their skills and creativity on solving cyber security challenges on space systems and incentivize innovation in securing these systems. Stop by and witness the 5 finalist teams compete for $100K in prizes, learn more about the history of Hack-A-Sat, and the Moonlighter satellite hosting this year's competition. The competition culminates with the HAS4 Award Ceremony on Sunday at 12 pm PT.

1:00 PM

50

Minutes

Hacking Satellites: Houston, We Have a Problem

Jacob Oakley

The intersection of the space and cyber domains presents a complex emerging challenge to cybersecurity and space professionals. This talk covers an introduction to satellites and space operations, the attacks that space assets face, and the vectors used to facilitate malicious activity. It discusses adversarial campaigns against space vehicles at a micro and macro scale and outlines the foundational issues to securing-space resident attack surfaces.

Presentations

We will add more presentations as they become available.

Edam Colon - Transportation Screening Equipment Cybersecurity Briefing

Brandon Bailey - Building Space Attack Chains using SPARTA

Henry Haswell - Secure Micropatching on the ISS

Dr. Chris Jenkins - Moving Target Defense for Space Systems

Martin Strohmeier - Labs and Trust

Martin Strohmeier - Elon, Twitter and the PIA

Vincent Lenders - The Looming Perils for End Users in Satellite Comms

Paz Hameiri - CON trolling the weather

Alexander Dodd - Wingin' It - Pentesting a 737

Tanya Simms and Lauryn Williams - Orbiting the White House

Special thanks to our Sponsors for DEFCON 31

Boeing_RGBblue_standard_142.png
TSA_Insignia_CMYK.jpg
united_logo_v_rgb_r.png
AIAA Logo.jpg
PenTestPartners_Logo_edited.png
CCI_logo_cmyk_grn (1).jpg
USE THIS ONE_CTCubed_LargeText_Horizontal.png
IntelliGenesis LLC_TOP (1).png
SPACEX_LOGO_BLACK-text-TRANSPARENT-BG-01_1080x1080.png
T2S Logo_Version 2.png
bottom of page