Inaugural Hackers’ Almanack Marks Historic First Attempt to Identify Most Innovative and Impactful Findings from DEF CON

WASHINGTON, D.C. (February 6, 2025) – DEF CON and the University of Chicago Harris School of Public Policy’s Cyber Policy Initiative (CPI) have just released the first-ever Hackers’ Almanack. The Almanack curates the top technical discoveries from DEF CON that have significant potential impact on public policy.    

This year, the Almanack highlighted critical research on AI red teaming, biomedical hacking for life-saving drugs and even innovative experiments to combat ransomware actors. Several other technical findings on topics like cloud, electric vehicles and automotive security are also raised. 

For the first time in DEF CON’s 32 year history, this report aims to leverage ground breaking discoveries at DEF CON to inform public policy debates on the digital ecosystem that underpins our modern world.  It also seeks to spark new debates on some critical issues that have bedeviled policy makers across multiple administrations.           

Jake Braun, former White House acting Principal Deputy National Cybersecurity Director, said: “At the White House, we hired a small team of technologists in the cyber office to help inform our policy with cutting edge technical insights. Some of our best work came from that team.  This report is the DEF CON community’s attempt to provide the same quality of technical insights to all policy makers.”

The Almanack specifically highlights failure in AI red teaming efforts to date. As a result, DEF CON AI experts call on the AI and security industries to urgently define AI model security testing parameters, especially in the wake of DeepSeek. Furthermore, the report highlights key achievements in biomedical security research.  DEFCON experts demonstrated how ‘hacked’ biomedical formulas provide historic opportunities for the world’s poor to gain access to life saving medicines.  Finally, the authors urge reconsidering what is commonly regarded as cyber vigilantism.  A courageous DEFCON hacker infiltrated a notorious ransomware gang and warned would-be victims before they were attacked.

“Over the last 30 years the DEF CON community has grown, and like the internet, in order to thrive, it must remain open and innovative. Many of cybersecurity’s most pressing problems cannot be solved by technical experts alone, there are social and regulatory equities involved, so a broad audience needs to understand the problems at hand before we can tackle them together as a community.” said Jeff Moss, founder of DEF CON.

The report wraps up with a virtual lightning round of seven important discoveries from dozens of hackers. Those include:

• Exploiting Bluetooth - Experts discovered over sixty vulnerabilities across twenty-two different cars from major manufacturers, as well as a flight management system currently deployed across several types of aircraft.
• Hacking Millions of Modems - Investigators demonstrated how malicious attackers could execute commands and modify settings across millions of modems at once.
• Cryptographic Heist - Researchers identify vulnerabilities in one of the world’s most widely-deployed electronic physical access control platforms.
• Electronic Lockers - Researchers found they could extract firmware and keys and access all locks through access to one lock, and clone or emulate keys.
• Vulnerability Discovery at Scale - Researchers uncovered two widespread vulnerabilities in the cloud affecting thousands of major companies.
• EV Charging Network - Experts identified five linchpin technologies critical to securing energy resources and EV infrastructure.
• Voting Machine Hacking - Researchers discovered new vulnerabilities in several widely-fielded ballot-marking and DRE voting machines.

Adam Shostack, editor of the Hackers’ Almanack, said: “Hackers speak with a degree of forthrightness that’s been rare in Washington, D.C. While we delight in shocking language, the DEF CON community expects it to be backed with demonstrable facts. Products of all stripes are routinely shown to have problems, and the community expects factual demonstrations, proofs, and explanations.”

The Hackers’ Almanack is a product of Project Franklin, a joint project between DEF CON and the University of Chicago Harris School of Public Policy. Named after Ben Franklin, the project seeks to foster the DEF CON community’s commitment to both science AND civics. Just as Ben pioneered scientific research in electricity AND provided key insights for the Declaration of Independence.  As such we take inspiration from Franklin’s Poor Richard’s Almanack for our report. Project Franklin also seeks direct impact through a separate program to recruit volunteers from the DEF CON community to support under-resourced water utilities, which is supported by a generous grant from Craig Newmark.