• All content is in person only.
  • Unless otherwise specified, all other times of the content are:
    • Friday August 12, 2022: 10:00 - 18:00 PST
    • Saturday August 13, 2022: 10:00 - 18:00 PST
    • Sunday August 14, 2022: 10:00 - 14:00 PST




Hackable Book Signing

Ted Harrington

3:30 - 4:00pm PT Saturday, August 13th

Location: IoT Village Alliance Ballroom

Get a free signed copy of the #1bestseller Hackable and meet the author!

Hands on Hacking Labs:

Loudmouth Security

All Day

IoT Hacking 101 is a set of quick, hands-on labs developed to teach the tools techniques for discovering and exploiting some of the common weaknesses found in loT devices today. Whether you're a pentester that has never hacked loT devices or even someone that has never hacked anything (!), these self-guided labs will walk you through all the steps in order to successfully pwn loT.

IoTV: Capture The Flag

Loudmouth Security

All Day

The IoT Village CTF has over 30+ devices and challenges to find and exploit vulnerabilities in real IoT devices. Players, or teams up to 6 people, can register and compete against one another to win great prizes!. With an overall focus on real-life consequences, this year's CTF is the newest and best IoT Village CTF yet! The challenges will require creative thinking, knowledge in networking, and competency in exploit development to claim the top prize. Prizes will be awarded to the top 3 teams/players at the end of the event.

Hack the Box CTF Challenge

Hack the Box

All Day

Dive into hacking challenges with HTB at the IoT Village DEFCON 30 CTF. “House Edge” is a themed CTF challenge that aims to have the players travel through a mission inside a space casino with the final goal of accessing a safe box to retrieve its contents. Each challenge is a standalone and does not require to have solved any other challenges. That said, the content is structured in a specific order that helps facilitate the scenario, which at a high level can be broken down into the following side-tasks of the mission:

  • Gain access to the main security system to avoid being identified
  • Steal RFID credentials of the reads in the open areas to gain access to restricted areas
  • Disable the additional motion sensors in the restricted areas to avoid triggering an alarm
  • Open a safe box and retrieve its contents.

Sixgen Challenge


All Day

A handcrafted IoT challenge that will put your skills to the test. Be prepared to hack devices over bluetooth low energy, break into Wi-Fi networks, and exploit binaries. If you avoid the deadly sharks and laser beams you may be able to access smart locks, conduct electronic warfare, and fly drones.

Hacking Product Security Interviews


11:00am and 11:30am PT Friday, August 12th

Cybersecurity is a complex, multi-faceted field and pursuing a career in it requires the acquisition of a number of different skill sets. Product Security interviews can be particularly challenging due to the expectation that candidates possess both hacking AND software engineering intuition and skills.

Zoox will take a software engineering perspective and unpack this topic in an interactive talk. They focus on big-picture as well as tactical insights that will help you invest your time when preparing for your dream Product Security job. Join Zoox at 11:00am and 11:30am PT Friday, August 12th!

BURP Suite, Forensics Tools & 0-day Exploit Development

Ken Pyle

10:00am - 2:00pm PT Saturday, August 13th

These exercises from Cybir's Ken Pyle will show how simple security flaws and exposures become critical, world wide exposures in systems like the Emergency Alert System and network infrastructure from Cisco & Dell. Recreate some of the most impactful kill chains ever, learn new IOT / appsec skills, enumerate a supply chain network with a text editor, and "live off the land" with a few simple free tools like BURP SUITE. Join Ken from 10:00am - 2:00pm PT on Saturday, August 13th!

Hands on Hardware Hacking – eMMC to Root


All Day

Hardware hacking with Rapid7! Rapid7 guided exercises will lead you through the hands-on hardware hacking process to gain root level access to embedded IoT technology. This series of exercises will cover multiple steps including embedded multimedia controller (eMMC) interaction, making binary images copies of flash, interaction with read only squash files systems to unpack and repack systems, and altering startup files systems within the devices’ file system to allow you to eventually gain root level access over SSH.

Revolutionary Lab Experience


All Day

Dive into our browser-based lab platform and experience 2,000+ real-world engineered labs covering everything from the basics to expert-level skills. Explore INE’s newest learning path, Penetration Testing Student v2, with all new dynamic labs in a sandbox-style playground for risk-free practice.. When cyber threats emerge, learn to combat them as they’re unfolding in INE’s Cyber Vulnerabilities Training Library, a rapidly deployed hands-on lab environment featuring some of the industry’s biggest challenges like Log4j, Spring4Shell, WannaCry Ransomeware, and more! Crush your training goals and get ready to nail your next project — all you need to do is press play!

CTF Creators Contest

Got a cool new exploit on an IoT device and don’t know what to do with it? The CTF Creators Contest is just the thing! Show us your research, put the device in the CTF and see if others can pop it. Oh, and did we mention the great prizes (See below)?


Starting Friday July 1st, until August 12th, 4pm PDT


Submit a detailed write-up of ORIGINAL research. Use the disclosure template provided. Submissions must include:

  • Completed submission template
  • Any PoC scripts used for exploit
  • Copy of vulnerable device firmware

GPG Key Submission Template

All submissions must be GPG encrypted with the following key:

Comment: User-ID:	Village Idiot Labs 
Comment: Created:	2022-07-04 10:09 AM
Comment: Expires:	2024-07-04 12:00 PM
Comment: Type:	3,072-bit RSA (secret key available)
Comment: Usage:	Signing, Encryption, Certifying User-IDs
Comment: Fingerprint:	CC03E4E490E4F4CD14BFA1ACFA7634C3CAFF9478


[email protected]


Show up to IoT Village with your device before August 12th at 4pm PDT. You must bring:

  • Device, pre-configured for the exploit
  • Reset script to revert the device back to exploitable condition
  • The device must support DHCP
    • *Except any devices that are attacked over Bluetooth or Zigbee interfaces

After DEF CON:

Devices can be picked up after the CTF on Sunday August 14th, 1pm local time (PDT)


Entries will be assigned an initial score, based on the following:

  • CVSS 3.1 base score X 100
    • If the attack includes a chain of exploits, CVSS scoring should be done on the full chain
  • Discretionary modifier of 0 - 2X base score, based on:
    • Type of device (unique, rare, difficult to source devices will score higher)
    • Exploit method
    • Perceived level of difficulty

After being entered into the CTF, scores will be decremented by the number of times it is exploited by CTF players.

  • -50 pts for each exploit by teams in the CTF.
Final scores will be released at the end of CTF, on Sunday August 14th. Results will be released via Twitter and in-person in IoT Village.


Winner of the CTF Creator Challenge will receive free entry into DEF CON 31 2nd & 3rd place will receive $180 and $90 Amazon gift cards, respectively.

1st Place

Free Entry into DEF CON 31

2nd Place
$180 Amazon Gift Card
3rd Place
$90 Amazon Gift Card

In partnership with:



With Microsoft, you can achieve digital transformation for the intelligent cloud and intelligent edge. Securely managing this digital estate requires a holistic approach that protects identities, networks, data, apps, infrastructure, and all of its endpoints. This has made Microsoft a leader in all of these domains - including the visibility and protection of the Internet of Things (IoT) and business critical industrial control systems (ICS/OT) and it provides a complete integrated end-to-end solution for the protection of your entire digital environment, wherever it resides.

Learn More


INE is the world’s leading provider of hands-on, role-based technical training, maniacally focused on developing experts in the areas of cyber security, networking, cloud, data science, et al. We’re experts in making you an expert. The INE Starter Pass is 100% free and grants access to not only numerous snippets of all of our course categories but also a full, introductory security learning path, Penetration Testing Student (PTS). PTS comes with slides, videos and unlimited time in our virtual labs to prepare you for eLearnSecurity’s Junior Penetration Tester (eJPT) certification exam (not included). You’ve got nothing to lose and a life-changing career move to gain!

Starter Pass


CUJO AI is the global leader of cutting-edge cybersecurity and network intelligence solutions that enables network operators globally to improve the digital life protection of their customers in and outside the home. By pioneering AI-powered cybersecurity and empowering a growing ecosystem of OEM partners, CUJO AI is at the forefront of supplying protection to billions of network service subscribers around the world. Mobile and fixed network operators use CUJO A's holistic capabilities to improve their customer value proposition, monetize their networks, and reduce operating complexity and costs.

Learn More


Hack The Box is a massive, online cybersecurity training platform, allowing individuals, companies, universities and all kinds of organizations around the world to level up their hacking skills.

Check out House Edge, the Hack the Box custom CTF challenges in the IoT Village DEF CON CTF.

Learn More

Nozomi Networks

Nozomi Networks is the leader in OT and IoT security and visibility. We accelerate digital transformation by unifying cybersecurity visibility for the largest critical infrastructure, energy, manufacturing, mining, transportation, building automation and other OT sites around the world.

Learn More


Partnering with Rapid7 gives you solutions you can count on, seamless controls, and the strategic guidance you need to stay ahead of attacks. The Insight Platform also helps unite your teams so you can stop putting out fires and focus on the threats that matter. Security, IT, and DevOps now have easy access to vulnerability management, application security, detection and response, external threat intelligence, orchestration and automation, and more.

Learn More


Sixgen provides world-class cybersecurity services and products to protect government organizations and commercial industries. Their highly skilled operators conduct research and assessments based on real-world threats. They emulate global adversaries and malicious actors to report detailed and actionable findings on critical assets and infrastructures. Using innovative processes, tools, and advanced techniques, they predict and overcome cybersecurity vulnerabilities. Sixgen prioritizes security best practice, customer requirements and privacy, and overall mission impact.

Learn More


Zoox was founded to make personal transportation safer, cleaner, and more enjoyable—for everyone. To achieve that goal, the team created a whole new form of transportation.

Learn More