Come seee us for our 10th Anniversary at DEFCON!
IoT Village:
10 Years,
1,000 Devices
Infinite Vulns
Friday, August 8th
9:00pm – 12:00am
Room w233
Join IoT Village while we party like its 2015 to celebrate 10 years of IoT Village! Join us from 9-midnight for live music, refreshments, and lots of fun.
Did we mention birthday cake?
Hosted By
IoT Village book signing
Saturday, August 10th at 2pm
Attendees will receive a complimentary signed copy of our brand new book and have the opportunity for some exclusive swag.
Labs and Activities
| Class | Kit Cost* | Start | End |
|---|---|---|---|
| Make your very own evil IoT Cat Lamp with WLED! | $80 | 8/8/2025 10:00:00 | |
| Build Your Own Meshtastic Node: Off-Grid, Encrypted LoRa Meshnets for Beginners! | $100 | 8/8/2025 12:00:00 | 8/8/2025 13:30:00 |
| Meshtastic for Hackers: Set up, Configure, & Deploy Nodes for Advanced Use | $135 | 8/8/2025 13:45:00 | 8/8/2025 15:15:00 |
| Wifi security | $180 | 8/8/2025 16:00:00 | 8/8/2025 18:30:00 |
| Learn BadUSB Hacking With the USB Nugget | $135 | 8/9/2025 10:00:00 | 8/9/2025 11:30:00 |
| Wifi security | $180 | 8/9/2025 12:00:00 | 8/9/2025 14:30:00 |
| Build Your Own Meshtastic Node: Off-Grid, Encrypted LoRa Meshnets for Beginners! | $100 | 8/9/2025 15:00:00 | 8/9/2025 16:30:00 |
| Meshtastic for Hackers: Set up, Configure, & Deploy Nodes for Advanced Use | $135 | 8/9/2025 16:45:00 | 8/9/2025 18:15:00 |
| Make your very own evil IoT Cat Lamp with WLED! | $80 | ||
| Wifi security | $180 | 8/10/2025 10:00:00 | 8/10/2025 12:30:00 |
| Make your very own evil IoT Cat Lamp with WLED! | $80 | 8/10/2025 13:00:00 |
What’s the Matter with my smart home?
Bitdefender invites you to solve a few challenges that will get you familiar with the inner workings oof the Matter Protocol.
Smart home promises seamless living with lights, locks, sensors, and thermostats, all speaking the same language.
But behind the comfort of voice commands and automated routines lies a tangled web of wireless protocols and IoT standards like Matter.
Can you disrupt, decode of dominate the smart home?
Presented by
Firmware Decryption with Open Source Clues
In this challenge, participants are given an encrypted firmware image for a D-Link access poitn alone with its publicly available GPL release.
The objective is to decrypt the firmware using clues from open source files.
This is a realistic test of practical reverse engineering and firmware analysis skills, with a focus on identifying overlooked assumptions in standard tooling.
Presented by
Staring at You, Staring Inside You
Step into the IoT Village and challenge those eyes staring at you. Break open real hardware and dive in to uncover vulnerabilities.
Try your luck to emulate those devices. Whether you’re a hardware hacking pro of just a hardware wrecker, this hands-on experience is your change to push the limits of hardware hacking.
Ready to see what’s really watching you?
Easy IoT App Hacking
In this interactive exercise, you’ll learn how easy it is nowadays to reverse engineer the apps that are used to configure and interact with IoT devices.
IoT hacking with no multimeter or soldering iron required!
Keysight CTF Challenge
Defeat the Keysight CTF challenge for a change to win a Riscuberry IoT hacking training kit that comes with a picoscope, a bus pirate, and much more!
See one of the Keysight staff for details.
Presented by
IoT Intro Labs
New to all of this?
You’re in the right spot!
Presented by
Forget the noise.
Get to JustHacking.com!
2 Mini-Workshops
Only 15 Minutes Each
Talk to Your “Things” with MQTT
Learn device comms in a virtual smarthome
Router Ruh Roh!
Find clues of an attack in OpenWRT firmware
No Schedule! Just sit down & start learning!
Presented by
Discover GE Appliances!
Join us for a self-guided interactive look at GE Applinces and get hands on with some of our most popular home appliances!
And for all Home Assistant enthusiasts!
Check us out and we will help you get started!
Find anything related to security? Contact our PSIRT by visiting our security webpage:
presented by
From Hexeditor to Root, Multi Stage Approach to Root Access
This year at Rapid7’s hands-on hardware hacking lab, you’ll dive in deep to gain root access on an IoT.
Using tools like Flashrom and Hexedit, we’ll guid you through dumping SPI flash, modifying firmware dump to force single user mode, and using UART to interact with the target.
Then we’ll rebuild the environment, load drivers, and regain full acess – finishing with modifying the “CORRECT” root password file to take complete control.
Presented by
Bootloader? I hardly know her!
A practical guide to hardware hacking.
Join IoT Village for a hands-on workshop where people can learn step-by-step techniques to gain root access on a smart camera. Some of the methods involved are PCB analysis, power analysis, and exploiting debug interfaces to achieve shell access.
Presented by
Talks and Panels
Friday
10 Years of IoT Village: Insights in the World of IoT
Type: Panel | Day: Friday | Time: 10:30 – 11:00
Location: Creator Stage 1 (Room 233)
Join IoT Village co-founders Steve Bono and Ted Harrington as they discuss how the world of IoT security has evolved in the past 10 years of IoT Village. Led by panel host Rachael Tubbs, Steve and Ted will discuss with industry experts what we’ve learned in 10 years about the state of IoT security.
Speaker(s)
Stephen Bono – CEO at Independent Security Evaluators
Steve Bono is the CEO of Independent Security Evaluators, the team behind IoT Village. Now in their 20th year, Steve has grown the Baltimore-based company into a cyber-threat mitigation and solutions entity widely recognized for its thought leadership, excellence, integrity, and dedication to its clients.
Ted Harrington – Executive Partner at Independent Security Evaluators
Ted Harrington is the #1 best selling author of HACKABLE: How to Do Application Security Right, and the Executive Partner at Independent Security Evaluators (ISE), the company of ethical hackers famous for hacking cars, medical devices, web applications, and creating IoT Village. Check out Ted’s TEDXFrankfurt talk, How to Think Like a Hacker on YouTube and stop in the IoT Village for a complimentary signed copy of his newest book, Inner Hacker.
Rachael Tubbs – IoT Village Organizer
Go Malware Meets IoT: Challenges, Blind Spots, and Botnets
Type: Talk | Day: Friday | Time: 11:00 – 12:00
Location: Creator Stage 1 (Room 223)
Go malware is showing up more often, especially in IoT environments. Its flexibility and ease of cross-compilation make it attractive to attackers, but it also makes life harder for analysts and defenders. Go binaries are large, statically compiled, and structured in ways that traditional tools are not designed to handle. The runtime is unfamiliar, and things like string extraction, function identification, and behavior analysis can quickly become frustrating. This talk looks at why Go malware is hard to analyze and why some detection tools struggle to keep up. We will walk through practical tips and tools to make reversing Go malware more manageable, including how to recover types, strings, and function information. To tie everything together, we will look at a recent real-world example: Pumabot, a Go-based botnet targeting IoT surveillance devices. We will dig into how it works, what it targets, and what artifacts it leaves behind. By the end of the session, you will have a better understanding of how attackers are using Go in the wild and how to be better prepared for the next time it shows up in your analysis queue.
Speaker(s)
Asher Davila – IoT, ICS/OT, and 5G malware research lead at Palo Alto Networks
I’ve been analyzing malware since 2017, focusing on reverse engineering both firmware and malicious code across IoT devices and embedded systems. My work has supported detection teams by providing timely guidance on new threats, and I’ve published findings on emerging malware families and variants targeting x86, ARM, and MIPS architectures. I’ve also created and implemented over 300 malware-focused network signatures to help improve threat visibility and detection. Today, I lead IoT, ICS/OT, and 5G malware research at Palo Alto Networks as part of Unit 42. My work bridges low-level technical analysis with real-world impact.
Never enough about cameras – The firmware encryption keys hidden under the rug
Type: Talk | Day: Friday | Time: 11:45 – 12:30
Location: Creator Stage 2 (Room 232)
This talk covers RCEs on multiple popular Dahua perimeter cameras with a potential resounding impact on retail, banking, traffic and other infrastructure.
Speaker(s)
Alexandru Lazar – Security Researcher at Bitdefender
Alexandru Lazar is a Security Researcher at Bitdefender. He has red team and penetration testing experience and specializes in IoT and embedded systems with a focus on reverse engineering vulnerability assessment and exploitation. He has disclosed vulnerabilities to vendors such as Amazon Bosch LG with his research being covered by several media publications.
Radu Basaraba
Radu Basaraba is a seasoned cybersecurity researcher with over 9 years of experience in finding vulnerabilities in IoT devices.
What is Dead May Never Die: The Immortality of SDK Bugs
Type: Talk | Day: Friday | Time: 13:00 – 13:45
Location: Creator Stage 2 (Room 232)
Any chip of sufficient complexity needs one thing if they want to actually get used in devices – a Software Development Kit (SDK). This collection of binaries, proprietary services, and code samples allows board designers to quickly and easily incorporate an otherwise complex chip into their existing environments. However, once this code is bundled into various product lines from various vendors, it becomes nearly impossible to make sure it gets updated with new versions. What happens if a vulnerability is discovered? Suddenly, hundreds of thousands of devices all from different vendors spanning years of releases are all affected by the same bug and it turns into a perpetual game of whack-a-mole trying to get them all patched. And botnet authors are definitely paying attention. In this talk, we will discuss the attack surfaces present in the SDKs from some major chipset manufacturers, talk about some exploits (both old-day and 0-day), and try to figure out what can be done to cleanse the internet of the zombie SDK vuln plague.
Speaker(s)
Richard Lawshae – Principal Security Researcher at Keysight Technologies
Ricky “HeadlessZeke” Lawshae is a Principal Security Researcher for Keysight Technologies. He has been hunting vulnerabilities in IoT devices for the past 15 years or so and has discovered and disclosed dozen of vulnerabilities in products from HID Global, Crestron, Meta, Mazda, Realtek, and more. His work has been featured in Wired, Forbes, Hackaday, and the CISA KEV list. He is based out of beautiful Austin, TX (AHA! represent).
Contextualizing alerts & logs at scale without queries or LLMs (opensource)
Type: Talk | Day: Friday | Time: 15:00 – 16:00
Location: Creator Stage 4 (Room 228)
IoT environments generate massive, noisy streams of logs and alerts—most of which lack the context needed for meaningful detection or response. This talk introduces a novel, LLM-free approach to large-scale alert contextualization that doesn’t rely on writing complex queries or integrating heavy ML models. We’ll demonstrate how lightweight, modular correlation logic can automatically enrich logs, infer context, and group related events across sensors, devices, and cloud services. By leveraging time, topology, and behavioral attributes, this method builds causality sequences that explain what happened, where, and why—without human-crafted rules or expensive AI inference. Attendees will walk away with practical techniques and open-source tools for deploying contextualization pipelines in resource-constrained IoT environments. Whether you’re defending smart homes, industrial OT networks, or edge devices, you’ll learn how to extract insight from noise—fast.
Speaker(s)
Ezz Tahoun – Cyber data scientist who worked with Oak Ridge National Lab, BAE Systems, IBM, Royal Bank of Canada, Orange CyberDefense, NextEra Energy, and others.
Vibe School: Making dumb devices smart with AI
Type: Talk | Day: Friday | Time: 17:30 – 18:00
Location: Creator Stage 4 (Room 228)
Smart home technology often comes with a hefty price tag, particularly for specialized devices like weather stations. So instead I did it myself, instead of buying an expensive ‘smart’ device, I integrated a conventional weather station into Home Assistant. With AI-powered assistance and “vibe coding” approach, even complex devices can be made smart. From sniffing device communications to getting Gemini to generate C++. With modern AI tools, empowering your existing “dumb” devices is more accessible and achievable than ever before, opening up a world of custom smart solutions without breaking the bank.
Speaker
Dr. Katie Paxton-Fear – Principal Security Researcher at Traceable by Harness
Dr. Katie Paxton-Fear is a Principal Security Researcher at Traceable by Harness, and Cyber Security Content Creator. She specialises in API hacking and describes herself as she used to make APIs and now she breaks APIs. She is passionate about education and teaches over 180,000 people about API security through her YouTube channel, webinars, talks and writing.
Saturday
No Brain No Gain
Type: Talk | Day: Saturday | Time: 11:00 – 12:00
Location: Creator Stage 2 (Room 232)
Traditional digital security often falls short when applied to IoT environments, where devices are limited in processing power and exposed to a wider range of threats. Human vulnerabilities—especially against deepfake-style attacks—further weaken current systems. Static biometrics like fingerprints or facial scans are no longer enough. This work proposes a new direction: using the brain’s unique electrical activity (EEG signals) as a security layer. These dynamic, hard-to-replicate patterns offer a way to authenticate users without storing sensitive data or relying on heavy computation. By grounding trust in the user’s own biological signals, this approach offers a lightweight, resilient solution tailored to the constraints of modern IoT devices.
Speakers
Mehmet Önder Key – Önder Key is a cybersecurity consultant with deep expertise in critical infrastructure protection, zero-day vulnerability hunting, and offensive security operations.
He has advised high-assurance institutions across defense, aerospace, and finance sectors, blending hands-on red teaming with strategic security engineering. His work has been showcased in over a dozen countries, where he continues to expose overlooked systemic weaknesses and shape proactive security postures. Mehmet remains committed to challenging the boundaries of conventional cybersecurity and driving forward the global offensive security ecosystem.
Temel Demir – Cybersecurity Lead at KPMG. Works mainly focusing on offensive security for IoT and industrial systems.
Holds certifications like CISSP and GICSP. Daily work includes practical penetration testing and exploring new ways to evaluate complex environments. Spends time on cyber-physical vulnerabilities. Participated at DEFCON’s RF Village, contributing to a talk on GPS spoofing using RF devices.
Dr. Ahmet Furkan Aydogan – Assistant Professor of Computer Science at UNCW and a researcher in cybersecurity, digital forensics, and brainwave-based encryption systems.
His Ph.D. focused on using EEG signals to secure IoT devices—blending neuroscience with cryptography. Two-time award winner for research in VANET security and cognitive encryption. Contributes to IEEE’s P2834 standards on secure learning systems, and has taught ethical hacking to network exploitation. Discusses breaking, securing, and redefining trust in connected systems.
What’s Really in the Box? The Case for Hardware Provenance and HBOMs
Type: Talk | Day: Saturday | Time: 12:00 – 12:30
Location: Creator Stage 4 (Room 228)
As software supply chains embrace transparency through SBOMs, hardware remains a black box. Yet the chips inside our IoT devices carry just as much — if not more — risk. From cloned components to opaque fabs, the semiconductor supply chain is fast becoming a national security flashpoint. Governments are scrambling to respond with blunt tools like bans and onshoring, but these approaches are slow, costly, and often impractical. Traditional BOMs focus on procurement and production — what gets bought and assembled — but they rarely capture origin, integrity, or risk context. They weren’t built to expose inter-organizational dependencies or detect supply chain manipulation. Enter the HBOM Initiative — a new effort to bring visibility, traceability, and accountability to the hardware supply chain. By developing tools and practices for a hardware bill of materials (HBOM), we aim to expose hidden risks, trace chip provenance, and empower sectors to make smarter, risk-informed decisions without sacrificing adaptability or innovation. This talk will explore why HBOMs are inevitable, what makes them hard, and how the hacker and security community can help shape the future of hardware trust.
Speaker
Allan Friedman – Adjunct Professor of Informatics at the Luddy School of Informatics, Computing, and Engineering at Indiana University.
An internationally recognized expert on cybersecurity policy and supply chain transparency. Has led pioneering efforts to bridge research and practice, driving tangible, cross-sector progress on key issues such as vulnerability disclosure, IoT security, and the Software Bill of Materials (SBOM) — helping transform SBOM from an obscure idea into a cornerstone of global cybersecurity policy and practice. Before returning to academia and independent work, served in senior roles at the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Commerce. Earlier in career, spent over a decade as a scholar at Harvard’s Computer Science Department, the Brookings Institution, and George Washington University’s School of Engineering. Co-author of the widely read book Cybersecurity and Cyberwar: What Everyone Needs to Know, and holds a computer science degree from Swarthmore College and a Ph.D. from Harvard University. He is Surprisingly friendly for a technocrat.
The Things Know What You Did Last Session
Type: Talk | Day: Saturday | Time: 13:45 – 14:15
Location: Creator Stage 1 (Room 233)
I will cover the tools available in the corporate network, the limitations of remote investigations, and the signatures of threat actors. All examples are cases I have actively worked in the past two years. This will range from the individual threat- timecard fraud identified thru network logs which led to the geolocation of an automated fingerprint device hidden in a facility to large numbers of contractors working in denied areas to ultimately the identification and mitigation of North Korean IT worker fraud within the network.
Speaker
Will Baggett – Will Baggett (@iOSforensic) is a Lead Investigator for Digital Forensics and Insider Threat at a Fiscal Infrastructure organization. He is also Director of Digital Forensics at Operation Safe Escape (volunteer role), a non-profit organization providing assistance to victims of domestic abuse.
Will draws from his experience as a former CIA officer specializing in Technical and HUMINT Operations as well as a NATO SOF Cyber Security SME. He has extensive experience in the mobile and Mac forensic space as well as drone forensics and the voting machine security effort, working to mitigate misinformation in this space with digital forensic analysis and facts. His engineering background is from the Georgia Institute of Technology.
Sunday
Unveiling IoT Vulnerabilities: From Backdoors to Bureaucracy
Type: Talk | Day: Sunday | Time: 11:30 – 12:00
Location: Creator Stage 5 (Room 229)
IoT devices are ubiquitous, yet their security remains a critical concern. This talk explores over 50 real-world vulnerability cases in the IoT ecosystem, exposing systemic issues such as vendor-embedded backdoors, predictable credentials, and exploitable configuration consoles. We’ll dissect vulnerabilities like CVE-2024-48271 (CVSS 9.8) and CVE-2025-1143, favored by APT groups and scammers, that enable remote code execution and global device control. Drawing from our extensive research, we’ll reveal how even beginners can compromise critical infrastructure like ATMs and water treatment facilities by targeting poorly secured devices. Additionally, we’ll share the frustrating reality of reporting vulnerabilities to manufacturers, CNAs, and CERTs—stories of ignored reports, year-long delays, and denials despite severe risks. Attendees will gain actionable insights into vulnerability discovery, secure development practices, and responsible disclosure, empowering hackers, developers, and manufacturers to strengthen IoT security.
Speaker
Chiao-Lin Yu (Steven Meow) – Red Team Cyber Threat Researcher at Trend Micro.
Chiao-Lin Yu (Steven Meow) holds multiple professional certifications including OSCE³, OSCP, CRTP, CARTP, CESP-ADCS, LTP, and GCP ACE. Steven has presented at events such as Security BSides Tokyo 2023, HITCON Bounty House, and CYBERSEC. He has disclosed CVEs in major vendors including VMware, D-Link, and Zyxel. His areas of expertise include red team exercises, web security, and IoT security.
Kai-Ching Wang (Keniver) – Senior Security Researcher at CHT Security
Kai-Ching Wang (Keniver) specializes in red team assessments and comprehensive security reviews, with a current focus on hacking IoT devices and cloud-native infrastructure. He has presented his research on the security of cloud-connected IoT camera systems at conferences such as SECCON in Japan and HITCON in Taiwan.
Firmware Decryption: For, and By, the Cryptographically Illiterate
Type: Talk | Day: Sunday | Time: 12:00 – 12:30
Location: Creator Stage 2 (Room 232)
It’s no secret that embedded devices are rife with security bugs just waiting to be found. However, vendors increasingly encrypt their firmware to prevent analysis by researchers, professionals, and inquisitive minds. In this talk, we examine common encryption techniques in real-world devices and how to crack the code—with or without hardware.
Speaker
Craig Heffner – Senior Staff Enigneer at NetRise
Netrise Senior Staff Engineer and the creator of the popular open source tool Binwalk, Craig Heffner has over 20 years experience analyzing wireless and embedded systems. He has presented at prominent security conferences, including Black Hat and DEFCON. His former employers include the NSA, Microsoft, various government contractors, and multiple successful cyber security start-ups.
Smart Devices, Dumb Resets? Testing Firmware Persistence in Commercial IoT
Type: Talk | Day: Sunday | Time: 12:00 – 12:30
Location: Creator Stage 3 (Room 231)
The rapid proliferation of consumer IoT devices has introduced new attack vectors beyond traditional exploitation. One overlooked risk lies in firmware persistence in returned devices—an issue that could enable mass surveillance, botnet propagation, or backdoor persistence at scale. This research investigates whether major retailers properly reset IoT firmware before reselling returned products, exposing critical gaps in supply chain security.
In this experiment, commercial IoT devices are purchased, modified with custom firmware embedding a simple callback, and then returned to the store. The devices are later repurchased and analyzed to determine if retailers performed proper firmware resets or if malicious code remained intact.
Findings from this research reveal inconsistencies in retailer sanitization policies, with some major retailers failing to properly wipe and reflash firmware before resale. This talk will demonstrate examples of persistent firmware modifications, discuss the potential for IoT-based supply chain attacks, and propose real-world mitigation strategies for manufacturers, retailers, and consumers.
Attendees will leave with a deeper understanding of how IoT firmware sanitization failures create a new class of attack vectors—and how threat actors could exploit this to build persistent IoT botnets, data-exfiltration implants, or unauthorized surveillance tools.
Speaker
Matei Josephs – Senior Penetration Tester @ Happening
Matei Josephs breaks things for a living – especially if they beep, blink, or pretend to be “smart”. Printers, kiosks, routers, and random IoT junk live in fear when he’s nearby. He’s a Senior Penetration Tester at Happening, he discovered 9 CVEs and loves hacking at scale. In this talk, “Smart Devices, Dumb Resets? Testing Firmware Persistence in Commercial IoT”, Matei reveals how threat actors can implant persistent backdoors in smart devices, then return them for resale through legitimate retailers. Because factory reset processes often fail to wipe firmware-level compromises, attackers can exploit the trust users place in brand-name resellers—turning returned devices into credible, persistent attack vectors.
