Editor's Picks

Best Talks at DEF CON 33

Hand-picked from in-depth reviewer verdicts — the top 12 talks from this conference. Skip the noise, find the signal.

← All talks at DEF CON 33

  1. 1

    Exploiting Vulns in EV Charging Comms

    Jan Berens, Marcell Szakály, Sebastian Köhler

    Electric vehicle charging infrastructure runs on a stack of aging, largely unpatched hardware. The data link that negotiates charging sessions between a car and a DC fast charger uses Power Line Commu

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  2. 2

    Journey to the center of PSTN - I became a phone company

    Enzo Damato

    Enzo Damato's DEF CON 33 talk is a tour-de-force walkthrough of the Public Switched Telephone Network (PSTN) from the inside—not from the perspective of a hacker probing someone else's infrastructure,

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  3. 3

    Metal-as-a-Disservice: Exploiting Legacy Flaws in Cutting Edge Clouds

    Bill Demirkapi

    The rise of GPU-focused cloud providers has created a new class of infrastructure security problems. Unlike established hyperscalers such as AWS, Azure, and Google Cloud — which have invested more tha

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  4. 4

    Invoking Gemini Agents with a Google Calendar Invite

    Ben Nassi, Or Yair, Stav Cohen

    A team of three researchers — Ben Nassi (Black Hat board member and Tel Aviv University faculty), Or Yair (security research team leader at SafeBreach), and Stav Cohen (Technion PhD student) — present

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  5. 5

    The UnRightful Heir - My dMSA Is Your New Domain Admin

    Yuval Gordon

    Yuval Gordon, a security researcher at Akamai Technologies, presented a critical vulnerability in Windows Server's newest identity feature: Delegated Managed Service Accounts (dMSA). Introduced by Mic

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  6. 6

    SCCM: The tree that always bears bad fruits

    Mehdi Elyassa

    Microsoft Configuration Manager — still widely known in the industry as SCCM (System Center Configuration Manager) — is one of the most privileged and most abused systems in enterprise Windows environ

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  7. 7

    Mac PRT Cookie Theft & Entra ID Persistence

    Shang-De Jiang, Dong-Yi Ye, Tung-lin Lee

    This DEF CON 33 talk—titled in full "Original Sin of SSO: macOS PRT Cookie Theft & Entra ID Persistence via Device Forgery"—presents a novel attack chain against Microsoft Entra ID (formerly Azure Act

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  8. 8

    HTTP 1.1 Must Die! The Desync Endgame

    James Kettle

    James Kettle's fourth annual DEF CON session on HTTP desync attacks represents both the culmination of a multi-year research program and a sobering conclusion: the attack class has not been resolved,

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  9. 9

    Kill List: Hacking an Assassination Site on the Dark Web

    Carl Miller, Chris Monteiro

    This talk is one of the most unusual presentations ever given at DEF CON: a meticulous account of how a darknet investigator (Chris Monteiro) and a think-tank researcher (Carl Miller) spent nearly a d

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  10. 10

    Virtualization Based Insecurity: Weaponizing VBS Enclaves

    Ori David

    Windows Virtualization Based Security (VBS) is Microsoft's flagship security architecture innovation of the past decade, isolating the most sensitive OS components — credential stores, security polici

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  11. 11

    Breaking into thousands of cloud-based VPNs with one bug

    David Cash, Rich Warren

    Zero Trust Network Access (ZTNA) products — marketed as the successor to legacy VPNs — are increasingly deployed across enterprise environments following high-profile Ivanti, Pulse Secure, and Fortine

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★
  12. 12

    No VPN Needed? Cryptographic Attacks Against the OPC UA Protocol

    Tom Tervoort

    OPC UA (Unified Architecture) is the dominant open-standard protocol for industrial automation, connecting PLCs, SCADA systems, and remote monitoring endpoints in facilities ranging from gas pipelines

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★

View all talks at DEF CON 33 →