Shmoocon2019 2019 Jan. 18, 2019 to Jan. 20, 2019, Washington, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Incident Response and the Attorney Client Privilege Wendy Knox Everette Oh no, you’ve suffered a computer security incident. The DFIR team you hired wrote up ...
Ad-Laundering: Bribes & Backdoors John Amirrezvani Ad-Laundering is a new tactic for exploiting social media platforms to spread fake news and ...
Machine Learning Models that Predict Mental Health Status on Twitter and Their Privacy Implications Janith Greenstadt Recent studies have shown that machine learning can be used to identify individuals with mental ...
How the Press Gets Pwned David Huerta “Journalists and Activists” is a common line in copy promoting privacy or security-enhancing technology, especially ...
Kinder Garten Security: Teaching the Pre-college Crowd Sandra Miller There is currently a shortage of cybersecurity professionals both worldwide and in the US. This ...
It’s 2019 and Special Agent Johnny Still Can’t Encrypt Matt Blaze In 2011, we published “Why (Special Agent) Johnny (still) Can’t Encrypt,” which examined protocol, implementation, ...
Firetalk #1: Shut up and Listen Kirsten Renner This is a discussion about closing the gap between the search for the right job ...
Firetalk #2: Specialists versus Jack-Of-All-Trades Nicole Schwartz Information Technology (IT) has grown up a lot, and security only really became a field ...
Firetalk #3: Équipe Rouge: The Ethics of Prosecuting An Offensive Security Campaign Tarah Iversen Those of us who conduct offensive security campaigns use all the tactics of cyberwarfare. We ...
Firetalk #4: Weapons of Text Destruction Jared Stroud Do you trust your text editor? Have you ever considered the offensive capabilities of vim? ...
Firetalk #5: Infosec and 9-1-1: When the Location of Your Emergency is in the Building Christine Giglio 9-1-1 networks are primarily closed networks with no access to the outside world. Because of ...
Firetalk #6: Whats the latest 411 on 419s? Ray [redacted] Scammers and thieves continue to develop new and innovative ways to rip you off. The ...
Writing a Fuzzer for Any Language with American Fuzzy Lop Ariel Zelivansky American fuzzy lop (afl) is one of the most prominent tools used for fuzz testing ...
High Confidence Malware Attribution using the Rich Header Kevin Bilzer , Rj Joyce , And Seamus Burke Attribution of malware is a complicated problem as there are many ways to mislead and ...
The Beginner’s Guide to the Musical Scales of Cyberwar Jessica Smith Whether you have a background in technology, law, academia, or national security, this talk is ...
CryptoLocker Deep-Dive: Tracking security threats on the Bitcoin public ledger Olivia Kseib WhiteRabbit is an open source security research tool built on top of BlockSci, a blockchain ...
BECs and Beyond: Investigating and Defending Office 365 Douglas Bienstock As organizations increase their adoption of cloud services, we see attackers following them to the ...
The APT at Home: The attacker that knows your mother’s maiden name Chris Cox While we’re fighting for our security and privacy, some are being left behind. Traditional security ...
Process Control Through Counterfeit Comms: Using and Abusing Built-In Functionality to Own a PLC Jared Rittle Programmable Logic Controllers (PLCs) are devices that factories, office buildings, and utilities, among other facilities, ...
Five-sigma Network Events (and how to find them) John O’neil Networks are complex systems and too often, despite their best effort, no one knows everything ...
Firemen vs. Safety Matches: How the current skills pipeline is wrong Amélie Koran Most of the discussion about solving the skills shortage and staffing pipeline in cyber/information/data/computer security ...
Be an IoT Safety Hero: Policing Unsafe IoT through the Consumer Product Safety Commission Andrea Kaye The persistent vulnerability of many IoT devices is a source of concern for security researchers ...
Electronic Voting in 2018: Bad or Worse? Matt Blaze Electronic voting systems used in the US are notoriously insecure, but how did they actually ...
Ground Truth: 18 vendors, 6000 firmware images, 2.7 million binaries, and a flaw in the Linux/MIPS stack Mudge , Parker Thompson , And Tim Carstens We present data on recent work conducted at CITL concerning embedded devices, IoT, and home ...
Trip Wire(less) Omaha At DEF CON 26, multiple guests of Caesars Entertainment properties were taken off-guard by the ...
Analyzing Shodan Images With Optical Character Recognition Michael Portera Shodan Images is a collection of screenshots from RDP sessions, VNC sessions, and Webcams that ...
Advancing a Scientific Approach to Security Tool Evaluations with MITRE ATT&CK™ Francis Duff As security practitioners we struggle with what products we should buy and how we can ...
Social Network Analysis: A scary primer Andrew Vachon Everywhere you go, who and what you associate with says a lot about you. Your ...
Security Response Survival Skills Ben Ridgway Despite the many talks addressing the technical mechanisms of security incident response (from the deep ...
Mentoring the Intelligent Deviant: What the special operations and infosec communities can learn from each other Nina Brister There are unique challenges to developing and mentoring communities of practitioners whose jobs are, by ...
Three Ways DuckDuckGo Protects User Privacy While Getting Things Done (and how you can too) Marc Soda At DuckDuckGo we believe in privacy–this belief is in everything we do. Also, like many ...
iPhone Surgery for the Practically Paranoid Evan Cuevas Is there a point past which the risks generated by high fidelity sensors in smartphones ...
A Little Birdy Told Me About Your Warrants Avi Zajac An overview on the history and current state of warrant canaries; why they were abandoned ...
Post-quantum Crypto: Today’s defense against tomorrow’s quantum hacker Christian Paquin Quantum computers pose a grave threat to the cryptography we use today. Sure, they might ...
A Code Pirate’s Cutlass: Recovering Software Architecture from Embedded Binaries Evm Reversing large binaries is really hard, but what if we could automatically recover the software ...
A Tisket, a Tasket, a Dark Web Shopping Basket Emma Meriwether We regret to inform you that much of what you’ve been told about dark web ...
24/7 CTI: Operationalizing Cyber Threat Intelligence Xena Olsen Reese Witherspoon said, “With the right kind of coaching and determination you can accomplish anything.” ...
0wn the Con The shmoo Group For fourteen years, we’ve chosen to stand up and share all the ins and outs ...
Behind Enemy Lines: Inside the operations of a nation state’s cyber program Andrew Flossman We’ve all heard about Nation State surveillance programs and their capabilities throughout the world, but ...
Building and Selling Solo, an Open Source Secure Hardware Token Conor Patrick Solo is a low-cost security key that implements U2F and FIDO2–FIDO Alliance protocols that are ...
Looking for Malicious Hardware Implants with Minimal Equipment Falcon Darkstar We’ve all seen a lot of hype about malicious hardware and hardware implants this year. ...
Deconstructing DeFeNeStRaTe.C Soldier Of Fortran In 2012, hackers were running rampant in Swedens federal mainframes. During the course of the ...
IPv666: Address of the Beast Christopher Newlin IPv6 comes with a slew of improvements from larger address space to self-organizing addressing to ...
Un-f*$#ing Cloud Storage Encryption Adam Everspaugh Individuals, enterprises, and government agencies encrypt information before uploading to commodity cloud storage systems like ...
Reversing SR-IOV For Fun and Profit Adir Abraham We are surrounded with PCIe devices everywhere. They are in charge of interconnecting extremely important ...
Patchwerk: Kernel Patching for Fun and Profit Parker Seay With the proliferation of inexpensive IOT devices running insecure Linux kernels on corporate networks, maintaining ...
IMSI Catchers Demystified Karl Koscher IMSI catchers (sometimes known by the popular brand name “Stingrays”) are shrouded in mystery. Originally ...
Encrypting the Web Isn’t Enough: How EFF Plans to Encrypt the Entire Internet Jeremy Gillula In 2009, the EFF set out on a long-term mission to encrypt the Web. Our ...
Between Two Moose Andrew Morris , Lost , Whitney Merrill , And (interviewer) Join us as we close down ShmooCon 2019 in the inaugural episode of “Between Two ...