shmoocon 2018 Jan. 19, 2018 to Jan. 21, 2018, washington,usa
Tell us about missing data
Tell us about missing data
Title | Speakers | Summary | Topic Types |
---|---|---|---|
Keynote | Donna F. Dodson | Donna F. Dodson is the Chief Cybersecurity Advisor for the National Institute of Standards and ... | |
ShmooCon Debates | Jack Daniel , Elizabeth Wharton , Bruce Potter , Wendy Nather , Jack Gavigan | Four players, one moderator, two topics, and a bunch of unknowns.A few weeks ago we ... | |
Profiling and Detecting all Things SSL with JA3 | John B. Althouse , Jeff Atkinson | JA3 is an open source SSL/TLS client fingerprinting tool developed by John Althouse, Josh Atkins, ... | |
Cyberlaw: Year in Review | Steve Black | A (slightly irreverent) look at the most important laws, cases, regulations, and legally relevant (or, ... | |
Electronic Voting in 2018: Threat or Menace | Matt Blaze , Harri Hursti , Margaret Macalpine , Joe Hall | Modern electronic voting systems were introduced in the US at large scale after the passage ... | |
AWS Honey Tokens with SPACECRAB | Dan Bourke | Honeytokens are really useful. AWS tokens are also really useful, for you and your attackers. ... | |
When CAN CANT | Tim Brom , Mitchell Johnson | The Controller Area Network (CAN) bus has been mandated in all cars sold in the ... | |
Catch Me If You Can: A Decade of Evasive Malware Attack and Defense | Alexei Bulazel , Bülent Yener | In this presentation we take a look at over a decade of research into the ... | |
OK Google, Tell Me About Myself | Lisa Chang | With the rise in leaks of our personal information, most of us are well-educated about ... | |
Time Signature Based Matching for Data Fusion and Coordination Detection in Cyber Relevant Logs | Lauren Deason | The ability to detect automated behavior within cyber relevant log data is a useful tool ... | |
ODA: A Collaborative, Open Source Reversing Platform in the Cloud | Anthony Derosa , Bill Davis | When a new globally menacing piece of malware is detected, consider how many separate efforts ... | |
Running a Marathon Without Breaking a Sweat? Forensic Manipulation of Fitness App Data. | Mika Devonshire | Hard core athletes and wannabes alike use the Strava app to track their runs, bikes, ... | |
The Friedman Tombstone — A Cipher in Arlington National Cemetery | Elonka Dunin | Elonka Dunin, known for her website on the World’s Most Famous Unsolved Codes, discovered a ... | |
Skill Building By Revisiting Past CVEs | Sandra Escandor-o’keefe | Revisiting past CVEs can be a useful tool for finding patterns, to increase our critical ... | |
Blink for Your Password, Blink Away Your Civil Rights? | Wendy Knox Everette | You’re arrested and your phone is held up to your face to be unlocked by ... | |
Someone is Lying to You on the Internet–Using Analytics to Find Bot Submissions in the FCC Net Neutrality Submissions | Leah Figueroa | The FCC is trying to ram through anti-net neutrality legislation and are using the submissions ... | |
Don’t Ignore GDPR; It Matters Now! | Thomas Fischer | With GDPR coming into effect on May 25, 2018, any organization handling EU citizen’s personal ... | |
Nation-State Espionage: Hunting Multi-Platform APTs on a Global Scale | Eva Galperin , Cooper Quintin , Mike Flossman | As the modern threat landscape evolves, so have the players. Cyber-warfare has become so profitable ... | |
CertGraph: A Tool to Crawl the Graph of SSL Certificate Alternate Names using Certificate Transparency | Ian Foster | SSL Certificates and Certificate Authorities are the backbone of how secure communication works online for ... | |
Hacking the News: an Infosec Guide to the Media, and How to Talk to Them | Sean Gallagher , Steve Ragan , Paul Wagenseil | Infosec researchers, experts, and hackers in general have a…fraught relationship with media, ranging from exploitive ... | |
Building a GoodWatch | Travis Goodspeed | Back in the good ol’ days there was a toy called the GirlTech IMME, which ... | |
Do as I Say, Not as I Do: Hacker Self Improvement and You | Russell Handorf | “When I was your age” advice doesn’t apply readily to modern skill growth. Gone are ... | |
Building Absurd Christmas Light Shows | Rob Joyce | Hobbyists worldwide have been developing and improving technology for awesome Christmas light shows. They are ... | |
Securing Bare Metal Hardware at Scale | Paul Mcmillan , Matt King | Less than three years after the Equation Group was discovered backdooring hard drive firmware, courses ... | |
The Background Noise of the Internet | Andrew Morris | The last five to ten years has seen massive advancements in open source Internet-wide mass-scan ... | |
Embedded Device Vulnerability Analysis Case Study Using TROMMEL | Kyle O’meara , Madison Oliver | Researching embedded devices is not always straightforward, as such devices often vastly differ from one ... | |
Pseudo-Doppler Redux | Michael Ossmann , Schuyler St. Leger | The information security community has long suffered from a lack of effective and affordable tools ... | |
Defending Against Robot Attacks | Brittany Postnikoff | Many people have a plan to make it through the robopocalypse (robot apocalypse), but in ... | |
Deep Learning for Realtime Malware Detection | Domenic Puzio , Kate Highnam | Domain generation algorithm (DGA) malware makes callouts to unique web addresses to avoid detection by ... | |
A Social Science Approach to Cybersecurity Education for all Disciplines | Aunshul Rege | Higher education institutions have started heavily investing in cybersecurity education programs for STEM (Science, Technology, ... | |
Better Git Hacking: Extracting “Deleted” Secrets from Git Databases with Grawler | Justin Regele | Git is a widely-used Version Control System for software development projects. Because of the way ... | |
radare2 in Conversation | Richard Seymour | The command line hexadecimal editor, disassembler and debugger radare2 can be an invaluable reverse engineering ... | |
Bludgeoning Bootloader Bugs: No Write Left Behind | Rebecca bx Shapiro | An operating system’s chain of trust is a really a chain of loaders. Although loaders, ... | |
0wn the Con | The shmoo Group | For thirteen years, we’ve chosen to stand up and share all the ins and outs ... | |
Tap, Tap, Is This Thing On? Testing EDR Capabilities | Casey Smith | As organizations deploy EDR (Endpoint Detection & Response) solutions, it becomes imperative that these solutions ... | |
Opening Closed Systems with GlitchKit | Kate Temkin , Dominic “domibill” Spill | Systems that hide their firmware–often deep in readout-protected flash or hidden in encrypted ROM chips–have ... | |
SIGINT on a budget: Listening in, gathering data and watching–for less than $100 | Phil Vachon , Andrew Wong | It’s 2018 and many people are still using unencrypted wireless communications in critical systems. We ... | |
afl-unicorn: Fuzzing the ‘Unfuzzable’ | Nathan Voss | American Fuzzy Lop (AFL) revolutionized fuzzing. It’s easily the best thing out there for quickly ... | |
Pages from a Sword-Maker’s Notebook pt. II | Vyrus | This talk is an encapsulation of implemented solutions for achieving common requirements when constructing software ... | |
Getting Cozy with OpenBSM Auditing on MacOS … The Good, the Bad, & the Ugly | Patrick Wardle | With the demise of dtrace on macOS, and Apple’s push to rid the kernel of ... | |
Listing the 1337: Adventures in Curating HackerTwitter’s Institutional Knowledge | Hex Gallagher | Our community is defined by our dedication to sharing process, resources, and knowledge freely with ... | |
Your Cerebellum as an Attack Surface: How Does the Brain Stay Secure? | Avani Wildani | “Technology is the active human interface with the material world.” – UK LeGuinOnce upon a ... | |
IoT RCE, a Study With Disney | Lilith Wyatt | As desktop and server security keeps raising the baseline for successful exploitation, IOT devices are ... | |
CITL — Quantitative, Comparable Software Risk Reporting | Patrick Stach , Sarah Zatko , Tim Carstens , Parker Thompson , Peiter “mudge” Zatko | Software vendors like to claim that their software is secure, but the effort and techniques ... | |
This Is Not Your Grandfather’s SIEM | Carson Zimmerman | For many CSOCs, there was a simpler time. A time when their security event collection ... | |
Firetalk #1: That’s No Moon(shot)! | Beau Woods | We don’t need a Cyber Moonshot; we’ve got enough already. Computing technology is enabling multiple ... | |
Firetalk #2: Everything You Wanted to Know About Creating an Insider Threat Program (But Were Afraid To Ask) | Tess Schrodinger | Oh no! You just got tasked with creating THE Insider Threat Program for your organization! ... | |
Firetalk #3: Stack Cleaning — A Quest in Hunting for FLIRT | Jon Erickson | While reverse engineering, an annoying malware sample broke my Hex-Ray’s decompiler – the “cheat code” ... | |
Firetalk #4: Your Defense is Flawed (it’s only kinda your fault) | Bryson Bort | The elite hacker is a myth we’ve given power to because breaches continue to happen. ... | |
Firetalk #5: The First Thing We Do, Let’s Kill all the [CISOs] | Alexander Romero , Steve Luczynski | A former CISO, a future CISO, and a hacker walk into a bar… a profound ... | |
Firetalk #6: Patching — It’s Complicated | Cheryl Biswas | Patching – it’s complicated! As much as we like to point fingers of blame and ... | |
Firetalk #7: Libation Escalation — Scotch and Bubbles | Erin “secbarbie” Jacobs | For many years many of us “infosec” professionals have been working late into the midnight ... |