Hackcenter

Meet with like-minded people, share your knowledge and present your projects or attend a free workshop.

area41

Free Workshops

During the conference we offer various free mini workshops, with hands-on experience. Bring your laptop. First come, first served. They are free but you need a conference ticket to enter.

You can read the details/abstract here.


Workshop 1: Workshop Adversary Simulation
Teacher: experts from SCIP
This workshop gives you an opportunity to test your hacking skills in an Active Directory (AD) environment. We set up an AD infrastructure and placed several vulnerabilities and insecure configurations on some of the servers. The vulnerabilities are built on different levels of difficulty, in order to become domain admin different flaws have to be exploited and combined. Here you can train and explore your skills in exploitation, privilege escalation and lateral movement. We have a special challenge for more advanced hackers to prove your ninja skills and stay under the radar of our monitoring system. We help you using tools like Bloodhound, Mimikatz or the PowerSploit framework and present you the chance to do all the nasty stuff in an AD environment.

Workshop 2: UploadScanner workshop - Filing Fiddly Files
Teacher: Tobias "floyd" Ospelt
Testing web applications is a standard task for every penetration tester. Various automated and semi-automated security testing tools exist. However, they all lack suitable tests for web-based file uploads. Web-based file uploads are critical components of web applications, provide a large attack surface and therefore require proper security testing. While a lot of techniques for file upload testing are known, they often lack proper documentation, are very specific to one use case and require extensive hand-tailoring to each application. Therefore, a file upload testing extension for most pentester's favorite tool - Portswigger's Burp Proxy - was implemented.


Workshop 3: Introduction to Kali
Teacher: experts from BoT - Lucerne
This workshop gives you an insight into the world’s best-known hacker distribution Kali Linux. Not only will you learn how to use Kali Linux and the most important tools, but you will also be able to apply the knowledge gained in a lab environment. In particular you will learn how to use NMAP, the best port scanner from Fyodor, Metasploit Framework from Rapid7, Hydra from THC as password cracker, OpenVAS as vulnerability scanner, and WPScan - Wordpress Vulnerability scanner. The Lab environment is designed in such a way that vulnerabilities can be exploited on the different workstations and servers. This workshop is aimed at people with little experience and lots of interest in Kali Linux and the various tools.

Workshop 4: Security Fabric Challenge
Teacher: experts from Fortinet
Fortinet will host a Security Fabric Challenge you should not miss out on! The Fortinet Security Fabric is a security architecture which delivers broad protection and visibility to every network segment, device, and appliance, whether virtual, in the cloud or on-premises. Automatically synchronize your security resources to enforce policies, coordinate automated responses to threats detected anywhere in your network, and easily manage all of your different security solutions and products through a single console.
The goal of this challenge is to introduce you to the Fortinet Security Fabric functionalities within FortiOS 6.0. As part of the challenge, you will be required to harden your current security standing and use all the new FortiOS features in the attempt to improve the overall security posture of a fictional customer. The challenge is time based, and the team with the highest score within the given time will win. 2 individuals build one team.
area41

Lockpicking

Lockpickers promote improvements in physical security and aid consumers in making suitable decisions about their own security. Accordingly, those who choose to participate in locksports often seek to discover security vulnerabilities and notify them to lock manufacturers and in some cases to the public. At the core of locksport is the belief in responsible full disclosure. Locksport enthusiasts combat the philosophy of "security through obscurity" that unfortunately is still common within the locksmith industry and lock manufacturers.

area41

DEFCON Switzerland booth

At the DEFCON booth you can get free lanyards and buy tshirts

This is also the place to return your feeback forms.

Sponsor Area

Our valued Platinum and Gold sponsors (Sponsors) have their booth in the lobby. Many of them have interesting demos of their products and services or employees to talk with. If you want to find out more then have a look!