DEF CON 30 - Michael Bargury - No-Code Malware - Windows 11 at Your Service
Windows 11 ships with a nifty feature called Power Automate, which lets users automate mundane processes. In a nutshell, Users can build custom processes and hand them to Microsoft, which in turn ensures they are distributed to all user machines or Office cloud, executed successfully and reports back to the cloud. You can probably already see where this is going.. In this presentation, we will show how Power Automate can be repurposed to power malware operations. We will demonstrate the full cycle of distributing payloads, bypassing perimeter controls, executing them on victim machines and exfiltrating data. All while using nothing but Windows baked-in and signed executables, and Office cloud services. We will then take you behind the scenes and explore how this service works, what attack surface it exposes on the machine and in the cloud, and how it is enabled by-default and can be used without explicit user consent. We will also point out a few promising future research directions for the community to pursue. Finally, we will share an open-source command line tool to easily accomplish all of the above, so you will be able to add it into your Red Team arsenal and try out your own ideas.

Develop Your Own RAT: EDR + AV Defense by Dobin Rutishauser

DEF CON 30 - Sam Bent - Tor - Darknet Opsec By a Veteran Darknet Vendor

Is Russia Actually Losing?

All About DLL Hijacking - My Favorite Persistence Method

Engineering in the Age of AI: From Manager to Multiplier

TR19: Fun with LDAP and Kerberos: Attacking AD from non-Windows machines
![Nicholas Carlini - Black-hat LLMs | [un]prompted 2026](https://i.ytimg.com/vi/1sd26pWhfmg/hqdefault.jpg?sqp=-oaymwE9CNACELwBSFryq4qpAy8IARUAAAAAGAElAADIQj0AgKJDeAHwAQH4Af4JgALQBYoCDAgAEAEYciBmKDYwDw==&rs=AOn4CLBn1sRfbeYcMnkqD2mtRZhq1TO6JQ)
Nicholas Carlini - Black-hat LLMs | [un]prompted 2026

DEF CON 30 - Lennert Wouters - A Black-Box Security Evaluation of SpaceX Starlink User Terminal

Attacking AI - Jason Haddix - NDC Security 2026

DEF CON 33 - Can't Stop the ROP: Automating Universal ASLR Bypasses - Bramwell Brizendine

DEF CON 32 - Anyone can hack IoT- Beginner’s Guide to Hacking Your First IoT Device - Andrew Bellini

DEF CON 30 - Cesare Pizzi - Old Malware, New tools: Ghidra and Commodore 64

Keynote: Cobalt Strike Threat Hunting | Chad Tilbury

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains

Cybersecurity Architecture: Five Principles to Follow (and One to Avoid)

11. Evasion in Depth - Techniques Across the Kill-Chain by Mariusz Banach

The World's Most Important Machine

DEF CON 32 - Defeating EDR Evading Malware with Memory Forensics - Case, Sellers, Richard, et al.

DEF CON 30 - Omri Misgav - Running Rootkits Like A Nation-State Hacker

