DEF CON Forum Site Header Art
DEF CON Forum Site Header Art


No announcement yet.

[virtual] Aerospace Village DC29 Talk Schedule

  • Filter
  • Time
  • Show
Clear All
new posts

  • [virtual] Aerospace Village DC29 Talk Schedule

    Full schedule of talks, workshops, and events at the Aerospace Village is located here:

    All talks will be streaming on the Aerospace Village YouTube channel and available in Discord!


    Security of Electronic Flight Bags: avoiding tailstrikes and runway excursions

    9:00AM – 9:25AM
    • Ken Munro

    Why letting your kids watch Netflix on your electronic flight bag probably isn’t a good idea. EFBs are safety critical devices, yet security guidance is limited and few operators lock down devices sufficiently to prevent a determined attacker from gaining access. We’ll look at example vulnerabilities we’ve found in EFBs and apps, how they can affect flight safety and dispatch, then how EFBs can be secured without introducing new flight safety issues!

    Bio: Aviation security researcher, accident-prone pilot, safer on the ground

    The Antenny Board Design and Fabrication Saga: Sweat and Tears Along the Supply Chain

    9:30AM – 10:20AM
    • Ang Cui

    Over the past few months, Red Balloon Security has been developing and manufacturing the Antenny v5 board, and like anyone else who is putting together hardware, we ran headlong into the famous chip shortage. Listen to our story of how we overcame the shortage, found the most treasured of surprises in the most unlikely of places, and distilled all the drama into the little purple boards over in the Aerospace Village area.

    Bio: Dr. Ang Cui is the Founder and Chief Scientist of Red Balloon Security. Dr. Cui received his PhD from Columbia University in 2015. Ang has focused on developing technologies to defend embedded systems. He has also uncovered vulnerabilities within embedded devices like Cisco routers and HP printers.

    Hack-A-Sat 2: The Good, The Bad and the Cyber-Secure

    10:30AM – 11:20AM
    • Capt Aaron Bolen, Frank Pound, Bryce Kerley, Steve Wood

    Take a deep dive into the last frontier of cybersecurity: Space. We take an inside look at the Hack-A-Sat prize competition, a joint effort of the Air Force and Space Force, in collaboration with the Aerospace Village, aimed at educating and inspiring a new generation of hackers to tackle this ever-important domain. In this talk, we will discuss: Satellite hacking 101, recap HAS1 insights, provide HAS2 Quals challenge explainers, and preview the HAS2 Finals…and beyond

    Steal This Drone: High-Assurance Cyber Military Systems

    11:30AM – 11:55AM
    • Darren Cofer

    As part of DARPA’s High Assurance Cyber Military Systems program, Collins Aerospace led a team of researchers developing new tools for building aircraft software that is provably secure against many classes of cyber attack. We developed system architecture models, software components, and operating system software which have been mathematically analyzed to ensure key security properties. This talk describes the research results and demonstration in-flight on a military helicopter.

    Bio: Darren Cofer is a Fellow at Collins Aerospace. He earned his PhD in Electrical and Computer Engineering from The University of Texas at Austin. He has worked in the aerospace industry for 26 years, applying formal methods for verification and certification of high-integrity systems.

    Threat Modeling for Space Hitchhikers

    12:00PM – 12:25PM
    • James Pavur

    When you strap someone else’s satellite to your rocket, how much should you trust them? In this talk, we’ll explore threats relating to launch integration and the role of secondary payloads, such as CubeSats, in modern missions. The briefing combines strategic and policy perspectives with dynamic simulations exploring space-to-space radio attacks from compromise or malicious payloads. While it includes technical components, it assumes no prior experience with radio communications or aerospace.

    Bio: James Pavur is a Rhodes Scholar and DPhil Student at Oxford University where he researches satellite cyber-security in the Department of Computer Science’s System Security Lab.

    Evaluating Wireless Attacks on Real-World Avionics Hardware

    12:30PM – 12:55PM
    • Leeloo Granger

    In a nutshell, in this project we prove the critical vulnerabilities of GPS and ADS-B technologies which only had been theoretically discussed in the literature. To do so, we investigated the feasibility and accessibility of GPS and Mode S spoofing on an avionics lab – the Garmin’s Navigator GTN750 – and using two types of transmitters: the USRP B210 and Raceologic’s LabSat Wideband 3. We successfully spoofed the GPS position of the GTN750, as well as intruders on the Traffic detection system. Unfortunately, we were not able to attack the TCAS II. Our work shows the vulnerabilities of communication technologies that have a major role in the safety of an aircraft, hence attacks are a severe threat and all the more so if they are conducted using as few resources as we did.

    Bio: Leeloo is a Swiss-French undergraduate student in Communication Systems at EPFL, currently in exchange at ETH Zürich. She is currently learning to become a private pilot and has an interest in avionics security avionics. Besides her studies, she is an athlete in archery currently training for the 2024 Olympics.

    Unboxing the Spacecraft Software BlackBox – Hunting for Vulnerabilities

    1:00PM – 1:50PM
    • Brandon Bailey

    As the commercialization of space increases or access to source code is not feasible, it is getting more common that spacecraft/embedded binaries are a black box. There needs to be a way automate code inspection in a cost effective, fast, repeatable manner which can be constantly enhanced to have the latest capability to build secure spacecraft SW. Synthetic vulnerabilities were created and analyzed with varying results.

    Bio: Brandon Bailey has more than 15 years of experience supporting intelligence and civil space customers. Brandon’s specialties include vulnerability assessments and penetration testing for space systems. Brandon was awarded NASA’s Exceptional Service Medal for his landmark cybersecurity work in 2019.

    Don’t fear the BUS, it won’t run you over.

    2:00PM – 2:25PM
    • Nicholas Childs

    This talk is a basic introduction to aircraft avionics comm/nav bus systems and the expansion of the network to more vulnerable areas than have seen before. It is more of a primer and 101 for stepping into a the larger world of aerospace networks.

    Bio: Nicholas Childs Is a USAF aircraft maintainer with experience with mechanical, electronic, hydraulic, and avionics systems with both military and civilian aerospace platforms. He has worked on C-5, C-17, KC-135, B-1, 737, 747, and L10-11 platforms. With a focus on security he scrutinizes them.

    CPDLC: Man-in-the-middle attacks and how to defend against them

    2:30PM – 2:55PM
    • Joshua Smailes

    The Controller Pilot Data Link Communications (CPDLC) protocol replaces voice-based air traffic control with a text-based protocol. With no real security protections, this system is open to a wide range of message injection attacks. It has long been assumed that air traffic controllers and flight crew should be able to detect such attacks, but this is not always the case.

    We construct a realistic threat model for CPDLC and introduce attacks on the underlying protocol, taking advantage of automated components of the system to make attacks which are difficult for human operators to detect. We also propose a number of improvements to CPDLC to mitigate these threats.

    Developing Aerospace Security Training 3D Models

    3:00PM – 3:25PM
    • Kevin Hood

    The challenge for students interested in aerospace cybersecurity is how to jump-start their learning and prepare themselves for this career path. Developing models and simulated aerospace infrastructure can enhance critical skills needed in aerospace cybersecurity. From a student’s perspective, learn how to get started in aerospace cybersecurity and the future developments of a hackable, large-scale model airport at the Aerospace Village.

    Bio: Kevin Hood is a Software Security Engineering Intern at Collins Aerospace, Project Manager for the Aviation ISAC Cyber Competition, and student at Embry-Riddle Aeronautical university. Kevin has focused his career in aerospace cybersecurity and develops events to bring more people into the industry.

    Collecting CANs: a Bridge Less Traveled

    3:30PM – 3:55PM
    • Pearce Barry

    We’ll step back a few years to early 2017, when @zombieCraig released the Metasploit Hardware Bridge as a mechanism to allow Metasploit Framework to reach into networks beyond Ethernet. While the now-defunct HWBridge initially focused on automotive targets, some of that tech, including CAN buses and RF transceivers, has commonality in aviation targets. In this talk, we’ll cover basic design and use of the HWBridge, how one can use it with CAN and RF transceivers, and what it takes to set it up.

    Bio: Having worked as a Metasploit developer and later as a manager of Metasploit development at Rapid7, Pearce currently keeps busy doing security research at Rumble, Inc. and following advances in space technologies.

    Holistic View of a Flight with Crowd Sourced Data

    4:00PM – 4:25PM
    • Allan Tart

    During the talk an overview will be given about how one can use crowd sourced data for creating a holistic view of flight. The data used for the purpose will include both ADS-B and VHF voice communications.

    Bio:Allan Tart has worked in the field of Air Traffic Management over a decade, where he has had several roles. His latest position in OpenSky Network, has included air-ground VHF communications to his list of interests, which previously mainly concentrated only on surveillance systems.


    VDP in aviation: Experiences and lessons learnt as a researcher

    9:25AM – 10:50AM
    • Matt Gaffney

    Following a Vulnerability Disclosure to an aircraft manufacturer in 2019 little did Gaffers know that he was about to start on a journey in to a world where vulnerabilities are considered features and unless you can argue a safety impact you are not taken seriously. Without divulging the details, this talk will discuss the steps taken, what worked, what failed and some advice for anyone else who finds themselves in a similar situation.

    Bio: Following his career in the British Army, Matt has been working with clients in various industries. However, his best years were spent working in aviation, specifically systems found in the Aircraft Information Systems Domain. More recently he has turned his attention to security in UAS.

    Cybersecurity Constellations: Deciphering Satellite Cybersecurity Guidance

    11:00AM – 11:25AM
    • Olivia Stella

    The significance of cybersecurity is paramount irrespective of industry. Yet, what if you are new to small satellites? What is the best way to learn about critical cybersecurity practices and their implementation? A year ago, I had the same questions as I joined my first satellite program. Through this presentation, I will highlight my journey of finding the answers to my cybersecurity questions.

    Bio: Olivia Stella is a cybersecurity engineer for Los Alamos National Laboratory. In her current role, she focuses on agile space cybersecurity. Olivia has supported incident response, vulnerability management, pen testing, bug bounty & coordinated disclosure, risk & compliance activities in past roles.

    Defending Unmanned Aerial Systems: Practical Intrusion Detection Development & Deployment

    11:30AM – 11:55AM
    • Jason Whelan

    The UAV threat level is increasing given their reliance on wireless protocols and the simplicity and low cost to conduct attacks. As many vulnerabilities are within underlying technologies such as GPS, an IDS can help to rapidly increase the security of the UAV. Given a number of challenges, UAV IDS development is a difficult task. This talk discusses the strategic implementation of COTS IDS solutions as well as emerging techniques in UAV-specific IDS such as machine learning and onboard agents.

    Bio: Jason (OSCP, OSCE, CCNP) holds a Bachelor of IT and is currently working towards a MSc in Computer Science from Ontario Tech University. He has presented at international conferences on UAV security, and has experience in both practical security research and penetration testing of operational UAS.

    Federal Perspective on Aerospace Cybersecurity

    12:00PM – 12:25PM
    • Steve Luczynski interviews Larry Grossman

    As the Federal Aviation Administration’s Chief Information Security Officer, Larry Grossman has a unique perspective on the challenges associated with building and sustaining adequate security for IT systems within a government agency and across the aerospace sector. Join us to learn more about his experiences and gain insight into the FAA’s current efforts to sustain the public’s trust in safe air travel.

    Bio: Larry Grossman is the Federal Aviation Administration’s Director of the Office of Information Security and Privacy and Chief Information Security Officer. In this role, he provides strategic leadership of FAA’s information security and privacy programs. He chairs FAA’s Executive Cybersecurity Steering Committee which provides oversight to cybersecurity activities across the FAA enterprise. Larry leads the FAA’s security operations, compliance, governance, and risk management functions. Looking externally, he oversees the FAA’s Aviation Ecosystem and Stakeholder Engagement Office whose role is to promote awareness and improve cyber resiliency across the aviation ecosystem. He also leads the evolution of FAA’s cybersecurity strategy, Security Operations Center modernization, new program deployments, and cyber incident response activities. Additionally, he represents FAA’s cybersecurity and programs at the Department of Transportation and other agencies; he participates in government-wide and international cybersecurity initiatives and exercises; and regularly briefs Congress on FAA and aviation cybersecurity. Larry has been with the FAA for over 25 years and prior to his current role, led the deployment of Air Traffic Control and Aviation Safety systems, as well as data modernization and external data distribution efforts.

    An avid aviation enthusiast, Larry holds commercial pilot and flight instructor certificates in both land and sea, and travels in his own aircraft whenever possible.

    Lost In Space: No-one Can Hear Your Breach (Choose Wisely)

    12:30PM – 1:20PM
    • Elizabeth Wharton

    Navigating the space race is difficult enough with privately sponsored flights, internationally owned stations, and interplanetary destinations. Supply-chain vulnerabilities, ransomware threats, and other cybersecurity challenges are magnified when the galactic rules are still being written. Join an interactive adventure dodging malicious attackers, signal and software glitches, and potential liabilities trekking to Mars, highlighting cybersecurity pitfalls and pending policy issues.

    Bio: Liz, a cybersecurity-focused business and public policy attorney, has advised researchers, startups, and policymakers at the federal, state, and local level. Currently SCYTHE’s Chief of Staff, she was the World’s (second) Busiest Airport’s technology attorney and hosts the CISO Stressed podcast.

    Pathways into Product Security

    1:30PM – 2:20PM
    • Daniel Nguyen, Patrick Cordell

    The presentation will be in a Q/A panel format with a set of early career engineers answering questions about their entry into embedded systems product security. The engineers are from around the United States representing a diverse technical background.

    Bios: Daniel and Patrick are security engineers with experience in avionics and embedded systems.

    True Story: Hackers in the Aerospace Sector

    2:30PM – 2:55PM
    • Moderator: Steve Luczynski, Panelists: Thomas Bristow, Declyn, Ginny Spicer, Olivia Stella

    What’s it like to be a hacker working in government, for an airline, or pursuing a degree?
    When you read that question did you think, ew, why would I ever do that?! Or did you think, wow, that sounds great tell me more!

    This isn’t your typical workforce talk!

    Join a diverse panel of folks working in the aerospace sector who are just like you! Learn how they got into their roles, why they chose to work there, what motivates them, and how they gained their skills and experience.

    Bios: Thomas Bristow is a Cyber Security Certification Specialist for the UK Civil Aviation Authority where he works on a whole range of things, from cyber threat modeling to running the CyberFirst summer placement scheme. He’s a recent graduate from Royal Holloway with a degree in computer science and two back to back wins of society of the year. While his role is in cyber security he always tries to help others: whether this is educating colleagues on the LGBTQIA+ flags (and their meanings), performing careers talks at schools or just helping to make their team wiki easy to use.

    Declyn is a cybersecurity specialist for the Aviation ISAC. He taught himself basic security principles and after finding aviation related vulnerabilities and reported them to the A-ISAC. He now works in the intel team at the A-ISAC specialising in threat intelligence and vulnerability disclosure management.

    Ginny Spicer is a master’s student studying information security at Royal Holloway University of London. She is a packet nerd and likes to focus on network analysis, Wireshark, new protocols, and interplanetary communications. Ginny is a member of the technical documentation working group in the Interplanetary Networking SIG and an advisor for the California Cyber Innovation Challenge. Her particular areas of interest are DTN and encrypted DNS. This is her second year helping out with the DEF CON Aerospace Village.

    Olivia Stella is a cybersecurity engineer for Los Alamos National Laboratory. In her current role, she focuses on agile space cybersecurity. With over twelve years of experience, she’s worked for multiple companies in the aerospace industry including an in-flight entertainment company, major US airline, and government contractors. Olivia has supported incident response, vulnerability management, pen testing, bug bounty & coordinated disclosure, risk & compliance activities. Her academic background includes degrees in computer science and software engineering, along with an alphabet soup of security certifications. When she’s not wearing her security hat, she loves to curl and is an avid toastmaster. (That’s right, ice curling.)

    Drone Security Research Series – Ep6 Hacking with drones

    3:00PM – 3:50PM
    • Matt Gaffney

    In this series we have uncovered weaknesses in the MAVLink protocol, now we attempt to overcome physical security controls by getting within range of WiFi networks with a drone. In this episode we use a drone to get close to our target by taking the tools airborne and flying over our target. Let’s rewrite the physical security model!

    Bio: Following his retirement from the British Army, Matt has been working in various institutions including industrial, government and financial. However, his best years were spent working in aviation and directly on systems found in the Aircraft Information Systems Domain.

    Fuzzing NASA Core Flight System Software

    4:00PM – 4:25PM
    • Ronald Broberg

    NASA Core Flight System (cFS) provides an open source software framework used in multiple NASA missions including the Lunar Reconnaissance Orbiter, the Parker Solar Probe, and the protoype Mighty Eagle robotic lunar lander. The cFS suite includes Command Ingest (CI_Lab) and Telemetry Output (TO_Lab) applications which are only representative of similar applications in actual mission software. Fuzzing techniques applied to cFS reveal issues in the Command Ingest application (CI_Lab).