shmoocon 2018 Jan. 19, 2018 to Jan. 21, 2018, washington,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Keynote Donna F. Dodson Donna F. Dodson is the Chief Cybersecurity Advisor for the National Institute of Standards and ...
ShmooCon Debates Jack Daniel , Elizabeth Wharton , Bruce Potter , Wendy Nather , Jack Gavigan Four players, one moderator, two topics, and a bunch of unknowns.A few weeks ago we ...
Profiling and Detecting all Things SSL with JA3 John B. Althouse , Jeff Atkinson JA3 is an open source SSL/TLS client fingerprinting tool developed by John Althouse, Josh Atkins, ...
Cyberlaw: Year in Review Steve Black A (slightly irreverent) look at the most important laws, cases, regulations, and legally relevant (or, ...
Electronic Voting in 2018: Threat or Menace Matt Blaze , Harri Hursti , Margaret Macalpine , Joe Hall Modern electronic voting systems were introduced in the US at large scale after the passage ...
AWS Honey Tokens with SPACECRAB Dan Bourke Honeytokens are really useful. AWS tokens are also really useful, for you and your attackers. ...
When CAN CANT Tim Brom , Mitchell Johnson The Controller Area Network (CAN) bus has been mandated in all cars sold in the ...
Catch Me If You Can: A Decade of Evasive Malware Attack and Defense Alexei Bulazel , Bülent Yener In this presentation we take a look at over a decade of research into the ...
OK Google, Tell Me About Myself Lisa Chang With the rise in leaks of our personal information, most of us are well-educated about ...
Time Signature Based Matching for Data Fusion and Coordination Detection in Cyber Relevant Logs Lauren Deason The ability to detect automated behavior within cyber relevant log data is a useful tool ...
ODA: A Collaborative, Open Source Reversing Platform in the Cloud Anthony Derosa , Bill Davis When a new globally menacing piece of malware is detected, consider how many separate efforts ...
Running a Marathon Without Breaking a Sweat? Forensic Manipulation of Fitness App Data. Mika Devonshire Hard core athletes and wannabes alike use the Strava app to track their runs, bikes, ...
The Friedman Tombstone — A Cipher in Arlington National Cemetery Elonka Dunin Elonka Dunin, known for her website on the World’s Most Famous Unsolved Codes, discovered a ...
Skill Building By Revisiting Past CVEs Sandra Escandor-o’keefe Revisiting past CVEs can be a useful tool for finding patterns, to increase our critical ...
Blink for Your Password, Blink Away Your Civil Rights? Wendy Knox Everette You’re arrested and your phone is held up to your face to be unlocked by ...
Someone is Lying to You on the Internet–Using Analytics to Find Bot Submissions in the FCC Net Neutrality Submissions Leah Figueroa The FCC is trying to ram through anti-net neutrality legislation and are using the submissions ...
Don’t Ignore GDPR; It Matters Now! Thomas Fischer With GDPR coming into effect on May 25, 2018, any organization handling EU citizen’s personal ...
Nation-State Espionage: Hunting Multi-Platform APTs on a Global Scale Eva Galperin , Cooper Quintin , Mike Flossman As the modern threat landscape evolves, so have the players. Cyber-warfare has become so profitable ...
CertGraph: A Tool to Crawl the Graph of SSL Certificate Alternate Names using Certificate Transparency Ian Foster SSL Certificates and Certificate Authorities are the backbone of how secure communication works online for ...
Hacking the News: an Infosec Guide to the Media, and How to Talk to Them Sean Gallagher , Steve Ragan , Paul Wagenseil Infosec researchers, experts, and hackers in general have a…fraught relationship with media, ranging from exploitive ...
Building a GoodWatch Travis Goodspeed Back in the good ol’ days there was a toy called the GirlTech IMME, which ...
Do as I Say, Not as I Do: Hacker Self Improvement and You Russell Handorf “When I was your age” advice doesn’t apply readily to modern skill growth. Gone are ...
Building Absurd Christmas Light Shows Rob Joyce Hobbyists worldwide have been developing and improving technology for awesome Christmas light shows. They are ...
Securing Bare Metal Hardware at Scale Paul Mcmillan , Matt King Less than three years after the Equation Group was discovered backdooring hard drive firmware, courses ...
The Background Noise of the Internet Andrew Morris The last five to ten years has seen massive advancements in open source Internet-wide mass-scan ...
Embedded Device Vulnerability Analysis Case Study Using TROMMEL Kyle O’meara , Madison Oliver Researching embedded devices is not always straightforward, as such devices often vastly differ from one ...
Pseudo-Doppler Redux Michael Ossmann , Schuyler St. Leger The information security community has long suffered from a lack of effective and affordable tools ...
Defending Against Robot Attacks Brittany Postnikoff Many people have a plan to make it through the robopocalypse (robot apocalypse), but in ...
Deep Learning for Realtime Malware Detection Domenic Puzio , Kate Highnam Domain generation algorithm (DGA) malware makes callouts to unique web addresses to avoid detection by ...
A Social Science Approach to Cybersecurity Education for all Disciplines Aunshul Rege Higher education institutions have started heavily investing in cybersecurity education programs for STEM (Science, Technology, ...
Better Git Hacking: Extracting “Deleted” Secrets from Git Databases with Grawler Justin Regele Git is a widely-used Version Control System for software development projects. Because of the way ...
radare2 in Conversation Richard Seymour The command line hexadecimal editor, disassembler and debugger radare2 can be an invaluable reverse engineering ...
Bludgeoning Bootloader Bugs: No Write Left Behind Rebecca bx Shapiro An operating system’s chain of trust is a really a chain of loaders. Although loaders, ...
0wn the Con The shmoo Group For thirteen years, we’ve chosen to stand up and share all the ins and outs ...
Tap, Tap, Is This Thing On? Testing EDR Capabilities Casey Smith As organizations deploy EDR (Endpoint Detection & Response) solutions, it becomes imperative that these solutions ...
Opening Closed Systems with GlitchKit Kate Temkin , Dominic “domibill” Spill Systems that hide their firmware–often deep in readout-protected flash or hidden in encrypted ROM chips–have ...
SIGINT on a budget: Listening in, gathering data and watching–for less than $100 Phil Vachon , Andrew Wong It’s 2018 and many people are still using unencrypted wireless communications in critical systems. We ...
afl-unicorn: Fuzzing the ‘Unfuzzable’ Nathan Voss American Fuzzy Lop (AFL) revolutionized fuzzing. It’s easily the best thing out there for quickly ...
Pages from a Sword-Maker’s Notebook pt. II Vyrus This talk is an encapsulation of implemented solutions for achieving common requirements when constructing software ...
Getting Cozy with OpenBSM Auditing on MacOS … The Good, the Bad, & the Ugly Patrick Wardle With the demise of dtrace on macOS, and Apple’s push to rid the kernel of ...
Listing the 1337: Adventures in Curating HackerTwitter’s Institutional Knowledge Hex Gallagher Our community is defined by our dedication to sharing process, resources, and knowledge freely with ...
Your Cerebellum as an Attack Surface: How Does the Brain Stay Secure? Avani Wildani “Technology is the active human interface with the material world.” – UK LeGuinOnce upon a ...
IoT RCE, a Study With Disney Lilith Wyatt As desktop and server security keeps raising the baseline for successful exploitation, IOT devices are ...
CITL — Quantitative, Comparable Software Risk Reporting Patrick Stach , Sarah Zatko , Tim Carstens , Parker Thompson , Peiter “mudge” Zatko Software vendors like to claim that their software is secure, but the effort and techniques ...
This Is Not Your Grandfather’s SIEM Carson Zimmerman For many CSOCs, there was a simpler time. A time when their security event collection ...
Firetalk #1: That’s No Moon(shot)! Beau Woods We don’t need a Cyber Moonshot; we’ve got enough already. Computing technology is enabling multiple ...
Firetalk #2: Everything You Wanted to Know About Creating an Insider Threat Program (But Were Afraid To Ask) Tess Schrodinger Oh no! You just got tasked with creating THE Insider Threat Program for your organization! ...
Firetalk #3: Stack Cleaning — A Quest in Hunting for FLIRT Jon Erickson While reverse engineering, an annoying malware sample broke my Hex-Ray’s decompiler – the “cheat code” ...
Firetalk #4: Your Defense is Flawed (it’s only kinda your fault) Bryson Bort The elite hacker is a myth we’ve given power to because breaches continue to happen. ...
Firetalk #5: The First Thing We Do, Let’s Kill all the [CISOs] Alexander Romero , Steve Luczynski A former CISO, a future CISO, and a hacker walk into a bar… a profound ...
Firetalk #6: Patching — It’s Complicated Cheryl Biswas Patching – it’s complicated! As much as we like to point fingers of blame and ...
Firetalk #7: Libation Escalation — Scotch and Bubbles Erin “secbarbie” Jacobs For many years many of us “infosec” professionals have been working late into the midnight ...