https://forum.defcon.org/ DEF CON Forums are the main portal to the DEF CON Hacking Conference and iniatives like DEF CON Groups, the Voting Village, and DC SecureDrop. Open to all, come get involved! en Wed, 03 Jun 2026 21:00:35 GMT vBulletin 60 https://forum.defcon.org/images/misc/rss.png https://forum.defcon.org/ https://forum.defcon.org/node/255799 Mon, 01 Jun 2026 23:37:09 GMT
We have mostly completed the migration from our self-hosted GitLab Enterprise instance to Radicle. There's still further work to be done, but the most crucial bits have made it over. We're also still working on ironing out some kinks in learning "the Radicle way". I hope soon to write an article chronicling our journey thus far.

I wrote documentation on how to bootstrap Radicle's local storage directory with src and ports. If you hope to someday submit issues and/or patches, following these bootstrap instructions will certainly ease the initial pain. I plan to include an export of these Radicle storage bootstrap archives with each official build. The current exports are not signed. I'm going to include the hashes in this signed email. I am working on a candidate patch to our build scripts to perform this export. The archives exported by our builder VMs will be signed with our normal ssh key-based signing method.

Fully fixing the release image generation (chiefly fixing generation of disc1.iso) is my first priority. Radicle bootstrap archive generation is my second priority. Radicle integration in our auto-sync is my third priority. Our commit emails came from GitLab. I need to replicate that functionality but with "the Radicle way." For now, I'm performing the sync myself when time permits (usually multiple times per day.)

The past couple months have also seen a number of FreeBSD security advisories, so we've published new builds for 16-CURRENT and 15-STABLE. Installer image generation is still somewhat broken, though I've seen some success with memstick.img. I plan to continue working on this until we're 100% fixed, though it will take time. It takes quite the number of hours to test even the smallest of changes. I get pretty much at most two attempts at testing fixes per day.

I spent some time studying Reticulum's code. I'm in the process of writing a shim to abstract how its backbone interface implementation uses select and friends. Back when I last looked at it, it required use of epoll. Simultaenously while I was working on that, I did notice the Reticulum project was working on a more portable backbone interface implementation. So I need to restart that research when the time comes.

I also spent a little bit of time with hbsdfw. I started work on forward-porting our 14-stable hbsdfw-specific patches to 15-STABLE. Then GitLab died, and my priorities switched to the Radicle migration. So I need to restart this research, too, when the time comes. I think I might target -CURRENT rather than 15-STABLE. That way, we don't have to periodically forward-port patches: we just maintain our patches against the naturally-evvolving hardened/current/master.

We completed the ISP account migration. Some pain is left to resolve. We lost support for our tunneled IPv6 (via Hurricane Electric's Tunnel Broker). I need to schedule a part of my day to capture some packets and get on the phone with some tech support folks on the side of both my ISP and HE. Until then, I've removed the AAAA DNS records for the relevant bits of infrastructure.

In src:

1. FreeBSD merged llvm 21 into base. We needed to fix one compilation error in HardenedBSD's code caught by llvm 21
2. Replace FreeBSD's README.md with our main wiki-based documentation.
3. Drop the -HBSD suffix in newvers.sh
4. Migrate hbsd-update-build to Radicle
5. Revert the release/ subdirectory to a known good-ish commit. This brought back generation of memstick.img
6. The hardening.pax.kmod_load_disable sysctl node logic was enhanced
7. Fix MK_LLVM_LINK_STATIC_LIBRARIES in src.opts.mk

In ports:

1. multimedia/ffmpeg build was fixed
2. ports-mgmt/pkg was updated to 2.7.5
3. ports-mgmt/poudriere-hbsd was updated to 3.4.8
4. A patch was brought in to fix the graphics/hdr_histogram port
5. hardenedbsd/secadm was updated to account for recent MAC hook changes by FreeBSD
6. Some incredibly basic support was implemented for downloading distfiles via Radicle HTTP
7. ports-mgmt/pkg was migrated to Radicle
8. The default llvm version was bumped to 21 for latest 16-CURRENT users
9. ports-mgmt/poudriere-hbsd was migrated to Radicle
10. COMPAT32 was disable for misc/compat{14,15}
11. PIE was disabled for devel/ccache4
12. net-p2p/reticulum was migrated to Radicle
13. hardenedbsd/secadm was migrated to Radicle

I want to say a heartfelt thank you to the Radicle folks. You've spent a lot of time in helping out. You didn't have to, but you chose to. And for that, I'm incredibly grateful. It's fun to see the Radicle network evolve.

==== BEGIN ARTIFACT HASHES ====
$ sha256 ports.tar.xz
SHA256 (ports.tar.xz) = b12f303b96b02b16744c1286868726ab4df43a06f6d28de3c2 47d4d1598f743b
$ wc -c ports.tar.xz
1472685664 ports.tar.xz
$ sha256 src.tar.xz
SHA256 (src.tar.xz) = 00301a70910127f4fd9564dca1be948e6b9909e864053a76b9 197565768345cf
$ wc -c src.tar.xz
2069117660 src.tar.xz
==== END ARTIFACT HASHES ====
]]> HardenedBSD shawn.webb https://forum.defcon.org/node/255799 https://forum.defcon.org/node/255793 Fri, 29 May 2026 20:47:54 GMT DC34: Communities Badbass https://forum.defcon.org/node/255793 https://forum.defcon.org/node/255792 Fri, 29 May 2026 20:47:54 GMT Which category would an expiring boot certification for win 11 be. If it is a security topic this is something that could be talked about at the confrence. Which category would an expiring boot certification for win 11 be. If it is a security topic this is something that could be talked about at the confrence. DEF CON 34 Planning Badbass https://forum.defcon.org/node/255792 https://forum.defcon.org/node/255780 Mon, 25 May 2026 13:08:31 GMT Greetings and Salutations: The registration submission form is now live! For those folks that are planning to create unofficial badges for this years DEFCON, please click the link below and provide the requested information. If you do not have all of the information requested, it is fine. Please... The registration submission form is now live! For those folks that are planning to create unofficial badges for this years DEFCON, please click the link below and provide the requested information. If you do not have all of the information requested, it is fine. Please fill in as much as you have and we will go from there. Remember, even if you think of having a badge or SAO for this year, please add it to the list. It is easier to remove a listing at the last minute than to get it added to the list when everyone's hair is on fire.

https://forms.gle/BUw34kEma5zk7GLK8
]]> #Badge Life K4rm4 https://forum.defcon.org/node/255780 https://forum.defcon.org/node/255767 Thu, 21 May 2026 06:51:42 GMT
The theme this year is DEF CON 34's theme is Agency.

Agency is self-determination. It's about making choices that increase yours, AND helping others to control theirs.

This DEF CON is about reclaiming our agency. DEF CON’s hacker community can fight to reclaim their agency. The skill set of hackers - reckless curiosity, the drive to know how systems work and a vision that sees beyond what a thing is and into what it could be after its pesky warranty is voided - is more important now than it's ever been.

As you work on your various projects, keep in mind that the future is undefeated, and it belongs to the resourceful, the brave and most of all to those who can see around the corner of what is and what might be.

For more inspiration, see: https://defcon.org/html/links/dc-news.html#dc34theme

Now. DA RULES.

The contest will open on May 25th at 12:00 (noon) LOCAL LAS VEGAS, NV, TIME ZONE and will close Wednesday, June 17th, 2026, 00:00 (midnight) LOCAL LAS VEGAS, NV, TIME ZONE.

People's Choice judges will be given stories to read and judge on June 24th and this portion of the contest will close July 1st, 2026 00:00 (midnight) LOCAL LAS VEGAS, NV TIME ZONE. Judges representing different parts of the hacker community will be chosen secretly and announced publicly when winners have been decided upon.

All stories will be posted via public links on July 1st and announced via Reddit and the BlueSky account. All winners will be announced on July 10th, 2026.

WHAT WE WANT:

Please submit to DCshortstory[at]gmail.com.

Please submit ONLY in a .txt file, all other formats will be REJECTED. You may include line breaks and specific formatting you feel is important to the tone of your story. "Bad" language is not proscribed, but do remember, your winning story will be published for all ages to read. Verify that your .txt file works across systems. What we receive is what will be put up. We will not correct spacing or specific formatting.

Please do not include any of the DEF CON staff, goons, etc., without EXPRESS WRITTEN PERMISSION from the individual which MUST BE forwarded to DCshortstory[at]gmail.com, along with contact information. The individual will be contacted by a member of the short story contest staff before the story is considered eligible for entry.

Please keep your short stories to actual SHORT stories. That means a submission of no less than 1,000 words and no more than 20,000. If you feel you have a story worthy of, and requiring, additional length (or works just fine as a haiku), include your plea in your submission email.
Leave the manuscripts and 404 page novels to your publisher and agents.

Please keep your stories in tune with our community. We want stories about hackers hacking, science, technology, nerdy things, geeky things, zombie things, making things work the way they were never intended to work, you all know the drill. Story must include the DEF CON convention in some way, either located at it or influenced by it as a few examples.

One entry per author. Please do not spam us with the "thousands of resumes sent out is sure to get me an interview!" technique. Write one GREAT story, not lots of MEH stories. If you submit two stories, both stories will be disqualified.

Illustrations and graphics are not accepted. This contest is about the beauty of the written word. We don't want graphic novels. Show us a picture in my head that is painted with your vocabulary.

Please remember when submitting to include the TITLE OF YOUR PIECE and the AUTHOR NAME you wish to have published. Real or handle, that is up to you but include it in your .txt file. We can't be chasing you down for titles and names. It will go in as "Untitled" or "Author Unknown" if you do not.

After submission you will receive a confirmation email within 48 hours. If you do not receive a confirmation email then your submission has not been received and will be ineligible. Please contact us at the provided email if your submission is not going through.

It is your responsibility to verify that your story is included in the public listing on July 1st. Failure to contact us within 24 hours after it has gone up disqualifies your story. If you do not see your story, please contact us at the provided email.

WHAT YOU GET:

We will be putting ALL of the short story entries on the Conference media and we will be listing the winners in the online Conference program in a short blurb, letting everyone know where they can check to read more. If you do not want it online, then do not submit to the contest.

The winners will get recognition in the online program and in social media. Time permitting, the winners will walk the stage and/or be recognized at the Contest Closing Ceremony.

PRIZES:

First place winner will receive two (2) creative badges, received at con, onsite.
Second place winner will receive one (1) creative badge, received at con, onsite.
People's Choice winner (voted by the community representatives) will receive one (1) creative badge, received at con, onsite.

All entrants will get their story in the DEF CON media server.

Tips for winning:

Spell check, grammar check, watch your tenses and your "voice." Double-check your dates, your math, your facts. We are paying attention. If you misspell on purpose, make sure the reader can tell it's on purpose! Follow the rules as mentioned above. Write a good story.

*IMPORTANT: Communication/Updates/Contact at Con will be done through the BlueSky account @DCShortstory or via email DCshortstory[at]gmail.com. Follow it or you will miss things that are relevant to the contest.*

Best of luck to all of you! Now get writing!






]]> Creative Writing Contest (was Short Story Contest) SweetGrrl https://forum.defcon.org/node/255767 https://forum.defcon.org/node/255740 Mon, 18 May 2026 21:39:14 GMT ..

..
CONTEST RUNS THROUGH JUNE 21! SEE CONTEST OVERVIEW AND RULES FOR DEF CON 34 --> https://forum.defcon.org/node/255739
FULL RULES AND SCENARIO ALSO AVAILABLE AT --> https://phishstories.org

For our newest installment of Phish Stories we’re going to the movies! This time, in the great city of Chicago, Illinois. Enjoy!

The Grand Parkway 34 Multiplex opened in Chicago in the fall of 2023 with oversized ambition and a name to match. Built on the site of the old Parkway Theater, it became the largest movie theater in the Midwest, boasting 34 screens, wall-to-wall recliners, powerful sound, and blockbuster dreams.
Carved out in one wing of the theater sits eight screens devoted to a curated screening room experience run by longtime staff member and noir film fan Hank Marlowe. Carrying on the tradition he had started at the old Parkway, Hank’s double-feature nights were crafted with love. And for a while, the combination of old and new worked. Crowds showed up. Blockbusters packed the main screens while Hank’s nostalgic corner drew a respectable following.


But once the newness faded, the Grand Parkway fell victim to the same declining crowds affecting theaters across the industry. The multiplex’s parent company, BroadSwitch Studios, took notice and decided it was time to chase a new audience. Their focus fell on Hank’s screening room, which, while beloved, was not pulling in enough revenue.

Their replacement? A cloud-streamed, real-time entertainment zone known as the Digitally Enhanced Fan Connection, or DEF CON for short. The new setup will feature live sports, reality television, esports tournaments, and a rotating lineup of video podcasts. It is marketed as the next phase of moviegoing, a place where groups can react to the moment together.

The idea came from Timmy Goodson, a smooth-talking entrepreneurial minded promoter who believes the only thing holding the theater back is outdated thinking. Timmy has been installed at the Grand Parkway to oversee the rollout and make sure the launch hits on schedule.

The person trying to keep the technology from melting down is Alexis Romero. She started at the theater early on and somehow became its unofficial IT department. Now she is juggling cloud credentials, vendor instructions, and a dozen systems she was never formally trained on. Alexis is also working toward a security degree at a local community college, so she has a pretty good idea of just how wrong things can go.

The general manager, Malcolm Shaw, is doing everything he can to maintain order. He lived through the demolition of the original Parkway Theater and has no intention of letting this new version fail.

And then there is Hank, still recommending 1940s crime films to confused teens at the concession counter. He is having a hard time believing that podcast panels and influencer watch parties are replacing the classic double feature.

The DEF CON launch is only days away. The staff is tired. The systems are untested. The stakes feel high.

This year’s Phish Stories challenge invites you to explore the real-world risks that appear when a company races forward with new technology faster than its people can keep up.

We’ll grab the popcorn. You write the phish. Make someone click, make us laugh, and win your way into DEF CON this year.]]> Phish Stories Serum https://forum.defcon.org/node/255740 https://forum.defcon.org/node/255739 Mon, 18 May 2026 21:29:10 GMT

..

..



CONTEST RUNS THROUGH JUNE 21! FULL RULES AND SCENARIO ALSO AVAILABLE AT --> https://phishstories.org

I’m an avid fisherman, so I know a thing or two about a fish story. That 12-inch bass somehow becomes a 2-foot monster when you’re telling it. I’m also a hacker with a security day job, so I know a thing or two about the other kind of phishing too. Turns out both have something in common: you’re proclaiming something incredible and hoping someone bites.

Years ago, the bad ones were easy to spot. Nigerian princes, unclaimed lottery winnings, mysterious government agents with secrets only you could know. They were so bad I often wondered if the goal was ever really to get someone to click, or just to make someone laugh. I thought, why not make it both?

That’s Phish Stories. Write a phishing e-mail that gets someone to click and makes the judges laugh. We’ve set the stage with a fictional company, fictional targets, and plenty of background material. The rest is up to you.

How Do I Win?
The best entry will find a way to combine clickability with laughability, what we like to call “targeted absurdity.” A hilarious backstory paired with a phishing e-mail that would actually hook someone is the sweet spot. It’s a delicate balance, but that’s what makes it fun.
That said, you don’t have to nail both. There are three ways to win:

• The Ruler – The best overall combination of clickability and humor. A creative backstory that builds into a phish that leaves us rolling. This is our overall winner.
• The Wizard – The most convincing, technically sound phishing e-mail. Humor is optional here, it’s all about whether your target would actually click.
• The Jester – The entry that made us laugh the most. Maybe it’s not the most clickable, but it’s the one we’ll remember.

Submission Rules
Each submission has two parts:

• The backstory – Tell us about your target, why you chose them, what assumptions you made, and what happens after they click. Be creative. This is where you fill in the blanks. 600 words or less.
• The e-mail – The phishing e-mail itself. 600 words or less. Optional header information does NOT count against the word limit.

The 600-word limit is strictly enforced. Entries over the limit will be penalized during judging.
Save both to a single text file, attach it to an e-mail, and send it to: phishstories@protonmail.com
Contest runs May 10th through June 21st at 11:59pm Las Vegas time.
One entry per participant. If you send more than one, we’re only reading the first.
You’ll receive a confirmation within 48 hours. If you don’t hear back, reach out.
A few other things to keep in mind:

• No illustrations or graphics.
• Include your e-mail address and alias or hacker name (real name is fine too).
• Do not include DEF CON staff or goons without their EXPRESS WRITTEN PERMISSION, which must be forwarded to phishstories@protonmail.com along with their contact info. We’ll verify before allowing the entry.

---

Scoring
A panel of judges will individually stack rank all entries across six categories:

• E-Mail Clickability – Would your target actually click?
• Use of Sources – Did you read the scenario? There are nuggets in there, some not so obvious.
• After the Click – What happens when they do click?
• E-mail Humor – Did the e-mail make us laugh?
• Backstory Humor – How about the backstory?
• Creative Ingenuity – How outside-the-box did you go?

Winners are selected as follows:

• Ruler – Highest combined score across all 6 categories
• Wizard – Highest score in Clickability + Use of Sources + After the Click + Creative Ingenuity
• Jester – Highest score in E-mail Humor + Backstory Humor + Creative Ingenuity

The Ruler is named first. The remaining entries are then ranked to determine the Wizard and the Jester. One winner per category.
Judging will be completed within two weeks of the contest closing.

---

Prizes (In-Person at the Con)

• Ruler – 2 Human Badges
• Wizard – 1 Human Badge
• Jester – 1 Human Badge

Winners get recognition in the online program and on social media. If you’re on-site at DEF CON, you’ll walk the stage at the Contest Closing Ceremony. We’ll also post every entry in the DEF CON Forums for everyone to enjoy.
Check out last year’s scenario, entries, and winners if you want to see what you’re up against.

---

Stay in the Loop
Follow us for updates:

• BlueSky – @phishstories.bsky.social
• Defcon.social – serum@defcon.social
• Reddit – u/phishstories

Questions? E-mail us at phishstories@protonmail.com

Enjoy!

​
​
​
​]]> Phish Stories Serum https://forum.defcon.org/node/255739 https://forum.defcon.org/node/255723 Fri, 15 May 2026 08:27:14 GMT
I'm an embedded software engineer getting into RF hacking/security, and I'd love some guidance from this community.
What I'm struggling with online resources for RF Hacking feel very scattered compared to web/network security. There's no clear path like there is for CTFs in traditional cybersecurity. I've found PySDR, HackRf Youtube videos, rtl-sdr.com and a few DEFCON talks but that's about it.

Any pointers would be greatly appreciated. Thanks in advance.]]> General Conversations Zurga https://forum.defcon.org/node/255723 https://forum.defcon.org/node/255678 Tue, 05 May 2026 01:10:52 GMT
I wanted to keep them forever as they mean a lot ( there were a lot of memories from that place and working it ) but things happen, times change and I need to get rid of these. Here is the kicker, I don't know what I want to do with them? What I mean is, I am not necessarily trying to sell them. I want them to go somewhere they will be preserved,. somewhere they can be appreciated. I mean, I am open to offers but that's not the point for me. I just don't want them to go in the trash.

If this is the wrong place for this I apologize. I didn't know where to put this. I have a total of 4 but only 3 are framed. Adding some pictures but I can't seem to get good ones due to the reflection.

Ok, be nice ;) Thank you ]]> General Conversations Dotcomdewd https://forum.defcon.org/node/255678 https://forum.defcon.org/node/255651 Thu, 23 Apr 2026 09:34:13 GMT Just checking in and would like to provide a challenge.. can anyone answer the following? In context to defcon.. when, where and how drink came to be? Love to hear everyone’s perspective and feedback.. may the streams flow purple!!! ]]> General Conversations 4rsin https://forum.defcon.org/node/255651 https://forum.defcon.org/node/255596 Thu, 09 Apr 2026 00:22:43 GMT Hey I notice the forums are a little dead but ill try anyway. This is going to be my first time attending defcon and im still a begginer. I am currently transitioning from accounting work to security. Ive started with my Google cs cert and am doing try hack me now and will go for my comptia +... Hey I notice the forums are a little dead but ill try anyway. This is going to be my first time attending defcon and im still a begginer. I am currently transitioning from accounting work to security. Ive started with my Google cs cert and am doing try hack me now and will go for my comptia + after. My questions are first any suggestions on what villages I should focus on as someone in my position and begginer skill level . Im aiming to get Soc level 1 job to start when I can get my foot in the door. Second is there potential for job networking ? Also I noticed there are classes the week after is that just a more in depth teaching conference or ? Any advice I would appreciate it as a first timer . Any recommendations of things I should bring with me . General Conversations TheeBattousai https://forum.defcon.org/node/255596 https://forum.defcon.org/node/255574 Wed, 01 Apr 2026 19:42:16 GMT DEF CON Training Las Vegas 2026 Course Lineup is now live! We’re thrilled to share the full slate of courses for DEF CON Training in Las Vegas! Join us in August for hands-on courses led by top practitioners from across the community. For the first time ever, we will offer 1-day, 2-day, and...
We’re thrilled to share the full slate of courses for DEF CON Training in Las Vegas! Join us in August for hands-on courses led by top practitioners from across the community.

For the first time ever, we will offer 1-day, 2-day, and 4-day classes! Whatever your needs, whether you’re sharpening fundamentals or diving deep into advanced techniques, there’s something here for you!

Explore the full lineup and course details here: https://training.defcon.org/

Explore our offerings, grab your seat, and get ready to learn and build.


]]> Announcements sleestak https://forum.defcon.org/node/255574 https://forum.defcon.org/node/255567 Mon, 30 Mar 2026 19:54:39 GMT
Not staying at a hotel nearby, but instead about 10 minutes away. Hotel prices are considerably cheaper. How bad is parking at the convention center? Will it be an issue finding a place to park? If I need to park way out in the boondocks, I'll live. I just have no idea on LVCC parking conditions.

I'm buying my tickets ahead of time online. Will I need to worry about badge availability? Will I need to worry about linecon if I already have my ticket/badge?]]> General Conversations Bart https://forum.defcon.org/node/255567 https://forum.defcon.org/node/255560 Fri, 27 Mar 2026 18:08:51 GMT
https://defcon.org/html/defcon-singa...-demolabs.html

There's a full slate of fascinating open-source tools and projects to learn about, so make sure to schedule some into your DEF CON plans.

See you soon. Just a month to go!
]]> Announcements sleestak https://forum.defcon.org/node/255560 https://forum.defcon.org/node/255509 Fri, 13 Mar 2026 03:03:52 GMT Announcements sleestak https://forum.defcon.org/node/255509 https://forum.defcon.org/node/255508 Fri, 13 Mar 2026 02:51:17 GMT Announcements sleestak https://forum.defcon.org/node/255508 https://forum.defcon.org/node/255503 Tue, 10 Mar 2026 22:52:27 GMT General Conversations GhostOfNoNation https://forum.defcon.org/node/255503 https://forum.defcon.org/node/255501 Tue, 10 Mar 2026 01:16:57 GMT DEF CON 34’s theme is ‘Agency’. We’re focusing on self-determination in our use of tech. Charting our own course and helping others do the same. Let’s start moving our valuable attention to tech that supports our agency. Let’s find the places we can help and choose to act. Read more at:... DEF CON 34’s theme is ‘Agency’. We’re focusing on self-determination in our use of tech. Charting our own course and helping others do the same.

Let’s start moving our valuable attention to tech that supports our agency. Let’s find the places we can help and choose to act.

Read more at: https://defcon.org/html/defcon-34/dc-34-theme.html

Visual style guide and homework assignments coming soon!
]]> Announcements sleestak https://forum.defcon.org/node/255501 https://forum.defcon.org/node/255479 Wed, 04 Mar 2026 21:39:21 GMT
As I write this, I'm narrowing that down further to the specific commit. I'm hoping to have this resolved this month. If I find and fix the problem this week, I will create new builds for folks to use. Otherwise, the next scheduled regular quarterly build is for 01 Apr 2026.

I appreciate everyone's patience on this. This has been a tricky bug (at times, it fit the description of a "heisenbug"). My spare time is limited (I have a rather large amount of tasks/obligations in everyday ${LIFE} right now), so it has naturally taken a long while to get to this point.

While inbetween clients at my dayjob, I have been granted the opportunity to research meshtastic and other mesh networking projects. I'm getting a lot closer in my censorship- and surveillance-resistant mesh network proof-of-concept. I'm now at the point where I need to port Linux-specific code to HardenedBSD. I'm hoping to get normal tcp/ip packets flowing through Reticulum nodes on the inside of six months. This project, announced in partnership with Protectli one-and-a-half years ago[1], is starting to move along at a nice pace. I will have more to share on that by the next status report.

On Saturday, 28 Feb 2026, I had given my local Hackers N' Hops chapter a little show & tell of Meshtastic, Reticulum, and HardenedBSD. I met with a bunch of really cool hacckers there, and demoed two Reticulum RNodes backed by Reticulum instances on two HardenedBSD laptops. I demoed an exec-over-meshtastic Python script I wrote the day prior. The script is available on Radicle as rad:z44pvAJS7SiQf2CGtpn8hY44GDMyu.

Speaking of Radicle, I plan to migrate some of my personal repos away from our self-hosted GitLab and onto the Radicle network. With time, I'm hoping to migrate us completely towards Radicle. Now would be a good time for those who want to contribute to HardenedBSD to start playing around and experimenting with Radicle.

In src:

1. Contributor "gmg" hardened the kernel crashdump interface.
2. Opt zlib kernel module into -ftrivial-var-auto-init=zero.
3. bsdinstall(8): Align us more closely with FreeBSD.

In ports:

1. net-p2p/reticulum was updated to 1.1.3_2
2. Disable PaX PAGEEXEC and PaX NOEXEC for science/zotero
3. Bring in candidate patch to fix dns/unbound
4. Hook hardenedbsd/ctrl into the build
5. 0x1eef added a new port: hardenedbsd/ctrl
6. Bump ports-mgmt/pkg to 3.5.1_1
7. 0x1eef updated a port: portzap v2.1.1
8. 0x1eef updated a port: sourcezap v2.1.1

Once I have figured out what's going on with the 15-STABLE panic and have a proper fix in place, I plan to quickly switch gears towards hbsdfw. I haven't produced a working hbsdfw build in a long time, and it's far past due. After that, I plan to switch right back to the Reticulum research and development.

I'll make sure to keep the community informed of the 15-STABLE findings and fixes.
]]> HardenedBSD shawn.webb https://forum.defcon.org/node/255479 https://forum.defcon.org/node/255478 Wed, 04 Mar 2026 15:53:35 GMT The wait is over. Preregistration for DEF CON 34 opens TODAY! Reminder – the cash route is unchanged: Cash at the door registration (LineCon) will continue in its traditional, vibey fashion (think hacker slumber party). Doors open Thursday, August 6 and the price is $520. Those who...

The wait is over. Preregistration for DEF CON 34 opens TODAY!

Reminder – the cash route is unchanged: Cash at the door registration (LineCon) will continue in its traditional, vibey fashion (think hacker slumber party). Doors open Thursday, August 6 and the price is $520.

Those who pre-register are guaranteed a human badge, even if we run out. To receive this badge, you must redeem your ticket onsite. The badge entitles one human full access to the DEF CON floor during open hours. Tickets are fully transferrable, so which human gets that access is up to the purchaser.

Pre-reg is open at shop.defcon.org until July 31 at 8:59 PM EDT. After that date registration is LineCon only. If you have any questions or need to make bulk purchases please email us at info@defcon.org.

There are some pricing benefits to early registration, too. Early bookers save money, so don’t procrastinate. August will be here before you know it.

TIcket Pricing:

Early BIrd - $560 ($540 + $20 CC Processing Fee) - Good until May 22 at 8:59pm EDT

Regular - $580 ($560 + $20 CC Processing Fee) - Good from May 23 to July 17 at 8:59pm EDT

Late - $600 ($580 + $20 CC Processing Fee) - Good from July 18 to July 31 at 8:59pm EDT

Ticket Cancellation Fee:

Before July 18 - $34

After July 18 - $84














]]> Announcements sleestak https://forum.defcon.org/node/255478 https://forum.defcon.org/node/255475 Tue, 03 Mar 2026 21:07:03 GMT https://bbbirds.org. Info about our legendary CTF can be found at https://www.defcon.org/html/links/dc-ctf.html. We hope we'll see you in the arena.]]> Announcements sleestak https://forum.defcon.org/node/255475 https://forum.defcon.org/node/255428 Mon, 16 Feb 2026 00:08:39 GMT Good news, everyone! The DEF CON 34 room blocks are live! While supplies last, you can get a special room rate at the following hotels: Fontainebleau Swanky, luxurious and conveniently located across the street from the LVCC. For those who must be first in line.
The DEF CON 34 room blocks are live! While supplies last, you can get a special room rate at the following hotels:

Fontainebleau

Swanky, luxurious and conveniently located across the street from the LVCC.

For those who must be first in line.

https://book.passkey.com/go/DefCon2026FBLV

Sahara

Legendary Vegas spot with next-level pools and right on the monorail.

https://book.passkey.com/e/51206158

Wynn and Encore

Lovely accommodations and tons of cool places to eat and be entertained.

https://book.passkey.com/go/DefCon26

Circus Circus

Budget friendly and has a haunted house AND an arcade. We promise the clowns are friendly.

https://book.passkey.com/go/DEF6CC

We’re halfway there. DEF CON 34 will be upon us before you know it - be prepared and save yourself some coin.

See you soon!
]]> Announcements sleestak https://forum.defcon.org/node/255428 https://forum.defcon.org/node/255389 Wed, 04 Feb 2026 16:50:03 GMT
Now that we have the new quarterlies, I plan to "MFC" (old FreeBSD CVS/SVN term for "Merge From Current".) Kids these days call it `git cherry-pick`. MFC is shorter to type, so that's what I'll use. I plan to MFC a number of commits made in hardened/current/master to the hardened/15-stable/main branch this week.

I've also received multiple reports of crashes with the 15-STABLE installer. I haven't been able to work on this just yet, but am hoping to in the next two weeks. It is almost my current first priority (the MFCs being first.) I figure that if testing the cherry-picked code proves successful, I could cherry-pick those commits into the relevant quarterly branch. Kind of a "thank you" gesture for being patient with me. :-)

I applied relevant updates across the entire infrastructure. I migrated the package repos from being served by a leased server with limited storage to out of my home with plenty of storage. My next goal is to fully automate the build, including syncing. This will mark a good next step to eventually supporting mirroring our package repos. It's much easier to transfer a 140GB package repo over a local 2.5Gbps LAN than a 150Mbps link upstream.

I spent some time experimenting with Meshtastic and Reticulum. I'm getting a better picture from a user's perspective on the current state of mesh networking. My next goal is to teach Reticulum's BackboneInterface implementation how to work on FreeBSD/HardenedBSD.

Two of the four donated Protectli devices are providing the testing lab for this Meshtastic and Reticulum research. Even though the timeframe has shifted pretty dramatically, I'm grateful for their donations and their support.

In src:

1. Opt ipfw into -ftrivial-var-auto-init=zero
2. Remove our old MAC hook for jail/prison destruction (this commit breaks building secadm. I'm waiting on upstream to implement a specific MAC hook, and a patch for (for src, not for secadm) is being worked on by FreeBSD's Kyle Evans.)
3. Disable WITNESS' checking of vnode locks by default. FreeBSD changed some vnode locking semantics and not all filesystem code paths have been updated. As such, we are seeing vnode locking-related panics. I need to get a consequtive block of time to dive in. I'm not a filesytems developer, so this one might take a while to figure out unless someone beats me to it.
4. rc.subr: Ignore required_modules failures in jails (patch submission by leper4{ _AT_ }protnmail.com.)

In ports:

1. Bump ftp/curl to 8.18.0
2. Update Reticulum to latest git HEAD
3. Disable HARDCFLAGS for devel/avr-gcc
4. Enable ZEROREG for security/openssl3*. This could induce a noticeable performance hit. Please let me know if you have any serious performance issues after this next package build.

]]> HardenedBSD shawn.webb https://forum.defcon.org/node/255389