Shmoocon 2015 Jan. 16, 2015 to Jan. 18, 2015, washington,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Keynote Address Joseph Lorenzo Hall N/A
Get Off My Lawn: Examining Change through the Eyes of The Old Guard Carole Fennelly , Ben Laurie , Space Rogue , Bruce Potter , Rick Forno The last few years have seen dramatic changes in the information security community. No longer ...
Automated Binary Analysis with Pin and Python Omar Ahmed , Tyler Bohan Reverse engineering typically involves activities ranging from reading disassembly output to playing with debuggers. However, ...
The Joy Of Intelligent Proactive Security Scott Behrens , Andy Hoernecke Netflix is amongst the largest users of the public cloud, consuming roughly 30% of all ... IncludeThinkstScapes
Analysis of POS Malware Brandon Benson With the rash of POS malware reported during the end of 2013 and 2014 this ...
NaCl: A New Crypto Library Daniel J. Bernstein , Tanja Lange NaCl (pronounced "salt") is a new easy-to-use high-speed software library for encryption, decryption, signatures, etc. ...
httpscreenshot - A Tool for Both Teams Steve Breen , Justin Kennedy httpscreenshot is a tool developed internally over the past year and a half. It has ...
Deception for the Cyber Defender: To Err is Human; to Deceive, Divine Tom ( Decius ) Cross , Gregory Conti , David Raymond Since the first conflict between man, deception has played an integral role. Today on the ...
Mascots, March Madness & #yogapants: Hacking Goes to College Zack Allen , Chris Cullison , Avi Rubin Professor Rubin gave his students an interesting assignment: conduct red-blue social media based penetration tests ...
White is the New Black: Why White Data Really Matters Irena Damsky We've already brought our malicious data collection skills to an art level, but in order ...
Understanding a New Memory Corruption Defense: Use-after-Free (UaF) Mitigation and Bypass Jared Demott Memory corruption has plagued computers for decades. These software bugs can often be transformed into ...
Cockroach Analysis: A Statistical Analysis of the Flash and Java Files that Infest the Internet David Dorsey Java and Flash are and will continue to be popular attack vectors. To combat this, ...
The Windows Sandbox Paradox James Forshaw More user applications are relying on sandboxes to limit the damage a Remote Code Execution ...
Tap On, Tap Off: Onscreen Keyboards and Mobile Password Entry Joshua Franklin , John Kelsey , Kristen K. Greene Password entry on mobile devices significantly impacts both usability and security, but there is a ...
SEWiFi: Building a Security Enhanced WiFi Dongle Ryan Holeman Securing a computer's network connection over WiFi has been a problem for years. Whether its ...
Manually Searching Advisories and Blogs for Threat Data--"Who's Got Time for That?" Elvis Hovor , Shimon Modi Threat intelligence is generating a lot of buzz, and many vendors/industry driven initiatives are focused ...
Infrastructure Tracking with Passive Monitoring and Active Probing Anthony Kasza , Dhia Mahjoub Threat intelligence is crucial in our industry to proactively monitor for attacks, detect active breaches, ...
Betting BIOS Bugs Won't Bite Y'er Butt? Xeno Kovah , Corey Kallenberg 2013 saw the disclosure of the most BIOS vulnerabilities ever. Mostly due to our research. ...
Don't Look Now! Malicious Image Spam Kathy Liszka A picture is worth a thousand words. I've also found it contains malware and other ...
Where the Wild Things Are: Encryption, Police Access & the User Whitney Merrill The government, frightened by companies' move to enable encryption by default and/or make encryption easier ...
There's Waldo! Tracking Users via Mobile Apps Patrick Wardle , Colby Moore Sure you assume the NSA can track you, but due to insecure mobile apps, it ...
No Budget Threat Intelligence: Tracking Malware Campaigns on the Cheap Andrew Morris In this talk, I'll be discussing my experience developing intelligence-gathering capabilities to track several different ...
Practical Machine Learning for Network Security Terry Nelms Machine learning is currently receiving a lot of attention in network security. There are many ... IncludeThinkstScapes
Micronesia: Sub-kernel Kit for Host Introspection in Determining Insider Threat Loc Nguyen Bootkits have long been used in an offensive manner by adversaries in order to maintain ...
Come to the Dark Side - We Have (Misfortune) Cookies Shahar Tal , Lior Oppenheim TL;DR pwn 12 million devices today--ask us how! Also--we have free cookies. TR-069 is the ...
Ask the EFF Kurt Opsahl , Nate Cardozo Get the latest information about how the law is racing to catch up with technological ...
The Dark Art of Data Visualization David Pisano Data visualization is very much a dark art. It is very dependent upon the data ...
Userland Persistence on Mac OS X "It Just Works" Joshua Pitts Got root on OSX? Do you want to persist between reboots and have access whenever ...
Quantum Computing 01100101 Tess Schrodinger We have all probably heard at one point or another that quantum computing would render ...
Knock Knock: A Survey of iOS Authentication Methods David Schuetz Almost all "interesting" mobile applications don't exist in a vacuum. They rely on external systems ...
Eliminating Timing Side-channels. A Tutorial. Peter Schwabe The traditional model of an attacker against a cryptographic primitive sees (and potentially controls) inputs ...
Five Not-Totally-Crazy Ways to Build for Usability Elissa Shevinsky As security becomes an increasingly mainstream concern, we are challenged with making our products easier ...
0wn the Con The shmoo Group For ten years we've chosen to stand up and share all the ins and outs ...
Simple Windows Application Whitelisting Evasion Casey Smith Often deployed as the new way to prevent malware and unauthorized execution, application whitelisting has ...
How Random is Your RNG? Meltem Sonmez Turan , John Kelsey , Kerry Mckay Cryptographic primitives need random numbers to protect your data. Random numbers are used for generating ...
NSA Playset: USB Tools Michael Ossmann , Dominic Spill , Jared Boone USB implants were among the most talked about gadgets in the NSA ANT catalog after ...
The Mile High Club: Getting Root at 40,000 Feet Wesley Wineberg Have you ever been stuck on a plane with no internet, and wished that you ...