ShmooCon 2017 Jan. 13, 2017 to Jan. 15, 2017, washington,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Keynote: Seven Things: Frank Zappa, T. Coraghassen Boyle, and Twenty-one Years in Security Gary Mcgraw When I joined Cigital in 1995, it was known as Reliable Software Technologies (or RST) ...
ripr – Run Slices of Binary Code from Python Patrick Biernat Ripr takes a user selected slice of binary code and creates a Python script with ...
The Metadata is the Message (and Sometimes the Message is the Metadata) Matt Blaze US wiretap and electronic surveillance law heavily depends on drawing distinctions between content and metadata. ...
The State of Secure Messaging Sze Chuen Tan , Nikita Borisov It seems that every month, a new secure messaging network arrives on the scene. Signal, ...
Excuse me, Server, Do You Have the Time? Brian Cardinale Applications are happy to tell you their current time, often accurate to the millisecond, to ...
A Nickel Tour of the Ad Fraud Ecosystem Ryan Castellucci US spending on digital advertising was estimated at $72 billion for 2016. With all this ...
Defeating Sandbox Evasion: How to Increase Successful Emulation Rate in Your Virtualized Environment Alexander Chailytko , Stanislav Skuratovich Sandboxed environments are commonly used nowadays to automatically analyze malware behavior. Most modern malicious application ...
Can a Drunk Person Authenticate Using Brainwaves? #NotAlcoholicsJustResearchers Tommy Chin , Peter Muller Electroencephalography (EEG) is an emerging factor for biometric authentication due to quantifiable brainwave signaling behaviors ...
WaveConverter – An Open Source Software Tool for RF Reverse Engineering Paul Clark WaveConverter is a tool that helps you extract digital data from RF transmissions that have ...
Dig Out Your Brick Phone! Bringing AMPS Back with GNU Radio Brandon Creighton AMPS, the first widely deployed cellular network in the US, was old enough that it ...
Introducing Jak: Safely Share Sensitive Files via Git Chris Dilorenzo Web applications use secret keys to connect to lots of important external things like payment ...
Cyborg Self-Hacking: An Examination of Cochlear Implants Jeff Dodge Cochlear implants are neural prostheses used to restore sound perception to the deaf. Jeff has ...
Ask the Feds Allan Friedman , Nick Leiserson , Eric Mill , Jessica Wilkerson Government technologists and policymakers today need to work with the security community—and many even want ...
Does a BEAR Leak in the Woods? The Democratic National Committee breach, Russian APTs, and the 2016 U.S. Election Toni Gidwani 2016. Am I right? The June 2016 revelations of the DNC breach by two Russia-based ...
Plug-in Electric Vehicle Fingerprinting: Authentication for Plug-in Electric Vehicles Rebekah Houser With increasing options for connectivity and reliance on drive-by-wire systems, automobiles have become targets for ...
A Widening Attack Plain: Threatcasting Tomorrow’s Threats Brian David Johnson , Natalie Vanatta A glimpse of our digital future includes diverse actors operating on a widening attack plain ...
Challenges and Opportunities: Application Containers and Micro Services Anil Karmel , Andrew Wild Virtualization has fundamentally altered the computing landscape over the past ten years, abstracting infrastructure from ...
I Have a Graph Database. Now What? Shimon Modi , Nicolas Kseib Graph data models have been a hot topic in security for a few years but ...
The Threat Intel Results are in… You are NOT the hacker! : Disinformation Campaigns vs. Attribution Claims Mark Kuhr Attribution is big business these days…but can we trust it? Is it more than a ...
Implantable Logic Analyzers and Unlocking Doors Kenny Mcelroy This talk will cover everything you need to know about facility access control systems in ...
Goodnight Moon & the House of Horrors: A look at the current IoT ecosystem and the regulations trying to control it Whitney Merrill , Aaron Alva The children’s classic Goodnight Moon said “goodnight” to quaint products like red balloons, mittens, and ...
LangSec for Penetration Testing: How and Why Sergey Bratus , Falcon Darkstar Momot When reviewing code or protocol specifications, have you ever had a feeling that it might ...
So You Want to Hack Radios Marc Newlin , Matt Knight The year was 2017, and proprietary wireless protocols roamed the the earth. The age of ...
Ask the EFF: Protecting Tomorrow Kurt Opsahl , Andrew Crocker Get the latest information about how the Electronic Frontier Foundation, the nation’s premiere digital civil ...
U2F Zero: Secure Hardware Design, DIY Mass Production, and Amazon Prime Conor Patrick I’ve designed the first production quality, open source U2F token. I’ve designed it to be ...
Flailing is Learning: My First Year as a Malware Analyst Lauren Pearce This isn’t a typical ShmooCon talk. I’m not an expert. I haven’t developed a new ...
Who Wants to Allow Arbitrary Code Execution on Their Boxes? We Do It Every Day. Brian Redbeard , Brad Ison As users of Linux containerization have become well aware, it provides a rapid deployment mechanism ...
Safety Bot Guaranteed Rich Seymour Chat bots been have popping up everywhere for silly things, but what if they can ...
0wn the Con The shmoo Group For twelve years, we’ve chosen to stand up and share all the ins and outs ...
Anti-Ransomware: Turning the Tables G. Mark Hardy , Gal Shpantzer “ZOMGWTFBBQ! We just got hit with Ransomware!” What you don’t usually hear next is, “LOL!” ...
35 Years of Cyberwar: The Squirrels are Winning Cyber Squirrel 1 Despite years and years of rhetoric concerning the weaknesses in the electronic defenses of the ...
Exploring The Infrared World Michael Ossmann , Dominic Spill There have never been more infrared signals, from the remote control toys and televisions that ...
(In-)secure messaging with SCIMP and OMEMO Sebastian Verschoor Many secure end-to-end messaging protocols exist in the wild, most of which claim to provide ...
Designing and Executing the World’s First All-Computer Hacking Competition: A panel with the development team Brian Caswell , Tim Vidas , Chris Eagle , Jason Wright , Mike Thompson , Holt Sorenson On August 4th, 2016, in conjunction with the DEF CON hacking convention, seven fully autonomous ...
User Focused Security at Netflix: Stethoscope Andrew White , Jesse Kriss User Focused Security is an approach we are using to address employee information security at ...
Know Normal, Find Evil: Windows 10 Edition Jake Williams Malware is nothing but a counterfeit process. Imagine trying to find counterfeit bills with only ...
A Context-Aware Kernel IPC Firewall for Android Sergey Bratus , David J. Wu Our phones go wherever we go. Ever present, and with ever more data and connections, ...
Firetalk #1: How to Spoil all Movies and Give an Unforgettable Presentation Jason Blanchard This talk will cover the essence of storytelling, psychology behind how information is perceived by ...
Firetalk #2: Quick and Dirty Emulation of ARM Firmware Travis Goodspeed Emulators are useful but mistakenly thought to be too much trouble to write when reverse ...
Firetalk #3: NAVRIE Athena — A graph database solution to unify InfoSec data and workflow Peter Clemenko This presentation will reveal NAVRIE Athena, an open source graph database based tool to unify ...
Firetalk #4: 22 Short Films About Security Charlie Vedaa This talk delivers a fast-paced summary of a decade’s worth of rejected presentation pitches. Not ...
Firetalk #5: Slash AppSec Costs, Free Threat Modeling & Compliance Data Output John Willis A work in progress tool will be demonstrated. It enables modeling application/system security requirements, then ...