Skip to main content

Shmoocon

Shmoo Group

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.



rss RSS

473
RESULTS


Show sorted alphabetically

Show sorted alphabetically

SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
Shmoocon 2016
Shmoocon 2016
collection
39
ITEMS
89,279
VIEWS
collection

eye 89,279

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
Shmoocon 2015
Shmoocon 2015
collection
48
ITEMS
25,745
VIEWS
by Shmoocon
collection

eye 25,745

DIFFERENT - ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It and Bring It On. AFFORDABLE - ShmooCon is about high quality without the high price. Keep in mind that space is...
Shmoocon 2015
movies

eye 8,900

favorite 0

comment 0

Knock Knock [SC2015]
Shmoocon 2008
Shmoocon 2008
collection
42
ITEMS
2,910
VIEWS
by Various
collection

eye 2,910

DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.  The first day is a single track of speed talks called One Track Mind.  The next two days bring three tracks:  Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
Shmoocon 2013
Shmoocon 2013
collection
38
ITEMS
2,465
VIEWS
collection

eye 2,465

DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.  The first day is a single track of speed talks called One Track Mind.  The next two days bring three tracks:  Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
Shmoocon 2006
Shmoocon 2006
collection
35
ITEMS
2,781
VIEWS
collection

eye 2,781

DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.  The first day is a single track of speed talks called One Track Mind.  The next two days bring three tracks:  Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
Shmoocon 2012
Shmoocon 2012
collection
41
ITEMS
3,764
VIEWS
by Shmoo Group
collection

eye 3,764

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
Shmoocon 2014
movies

eye 11,794

favorite 5

comment 0

Controlling USB Flash Drive Controllers: Expose of Hidden Features Richard Harman With stories of "BadBIOS" infecting PCs simply by connecting a malicious USB flash drive to a PC, it's time we learned about flash drives and their controllers. Consumer USB flash drives are cheap, growing in capacity and shrinking in physical size. There are only around 15 prominent controller chip manufacturers whom you have never heard of, but OEM for all the popular and respected "name...
Shmoocon 2016
by Sean Cassidy
movies

eye 1,418

favorite 1

comment 0

LastPass holds all of your secrets. Its login prompts and alerts occur within the browser window, which attackers can control. When the victim visits the target site–which can look completely inconspicuous, such as a news website–after a delay a LastPass notification will appear if the user has LastPass installed prompting the user to log in because their session has expired. The log in screen, which always appears within the browser window, is customized for each browser and operating...
Shmoocon 2009
Shmoocon 2009
collection
40
ITEMS
3,513
VIEWS
by Various
collection

eye 3,513

DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.  The first day is a single track of speed talks called One Track Mind.  The next two days bring three tracks:  Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
Shmoocon 2011
Shmoocon 2011
collection
41
ITEMS
4,703
VIEWS
collection

eye 4,703

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
Shmoocon 2014
Shmoocon 2014
collection
42
ITEMS
29,470
VIEWS
by Shmoocon
collection

eye 29,470

Shmoocon 2014: Held in Washington D.C. from January 17-19, 2014, at the Washington Hilton. This collection contains all recorded main area talks at the event. DIFFERENT - ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next...
Topics: Shmoocon, Hacker Con, Security, Presentations
Shmoocon 2007
Shmoocon 2007
collection
36
ITEMS
2,741
VIEWS
collection

eye 2,741

ShmooCon is an American hacker convention organized by The Shmoo Group. There are typically 40 different talks and presentations on a variety of subjects related to computer security and cyberculture. Multiple events are held at the convention related to cryptography and computer security such as Shmooganography, Hack Fortress, a locksport village hosted by TOOOL DC, and Ghost in the Shellcode.
Shmoocon 2016
movies

eye 5,643

favorite 2

comment 0

Every IR presents unique challenges. But–when an attacker uses PowerShell, WMI, Kerberos attacks, novel persistence mechanisms, seemingly unlimited C2 infrastructure and half-a-dozen rapidly-evolving malware families across a 100k node network to compromise the environment at a rate of 10 systems per day–the cumulative challenges can become overwhelming. This talk will showcase the obstacles overcome during one of the largest and most advanced breaches Mandiant has ever responded to, the...
Shmoocon 2010
Shmoocon 2010
collection
36
ITEMS
2,079
VIEWS
collection

eye 2,079

ShmooCon is an American hacker convention organized by The Shmoo Group. There are typically 40 different talks and presentations on a variety of subjects related to computer security and cyberculture. Multiple events are held at the convention related to cryptography and computer security such as Shmooganography, Hack Fortress, a locksport village hosted by TOOOL DC, and Ghost in the Shellcode.
Shmoocon 2008
movies

eye 1,044

favorite 0

comment 0

I Piss on Your AV shmoocon presentation 2008
Shmoocon 2009
movies

eye 647

favorite 0

comment 0

The Gentlemen's Agreement
Shmoocon 2015
movies

eye 9,278

favorite 1

comment 0

NSA USB Playset [SC2015]
Shmoocon 2008
movies

eye 68

favorite 0

comment 0

Forensic Image Analysis to Recover Passwords d Smith
Shmoocon 2016
by Andrew Kalat
movies

eye 23,713

favorite 7

comment 0

Most hackers have a massive digital footprint: social media, servers at co-location sites, servers at home, overly-complicated IT infrastructure, and various other IT gear connected in crazy ways. What happens when one of us suddenly dies? How do our loved ones pick up the pieces, figure out all of our random IT crap that we’ve setup, and move forward? This talk explores the challenges, opportunities, and lessons learned as I aided in figure out the IT gear after the passing of a dear friend...
Shmoocon 2011
movies

eye 290

favorite 1

comment 0

The Google Web Toolkit (GWT) provides developers with a framework to easily create Rich Internet Applications that use AJAX. The beauty of GWT lies in the ability to write client side components in Java that get automatically compiled into optimized browser Javascript. Once deployed, this client side code has the ability to perform remote procedure calls to all implemented GWT RPC methods. From an attacker's perspective, GWT introduces several problems. Most notably, GWT RPC request use a...
Shmoocon 2014
movies

eye 1,323

favorite 0

comment 0

An Open and Affordable USB Man in the Middle Device Dominic Spill With the introduction of FaceDancer, there has been a surge of interest in USB security. USBProxy is an open framework for the BeagleBone Black to make it simpler for anyone to monitor, inject or modify data carried over a USB connection. While the FaceDancer will allow devices to be written on a host system, we are able to go further and man-in-the-middle connections to existing devices as well. The BeagleBone Black also enables...
Web Portals Gateway to Information or a Hole in our Perimeter Defenses Deral Heiland
Shmoocon 2012
movies

eye 98

favorite 0

comment 0

Android Mind Reading
Shmoocon 2014
movies

eye 391

favorite 0

comment 0

Introducing DARPA's Cyber Grand Challenge Mike Walker Could a purpose-built supercomputer play DEFCON capture the flag? Mike Walker joined DARPA as a Program Manager in January 2013. His research interests relate to machine reasoning about software in situ and the automation of application security lifecycles. Mr. Walker has extensive industry experience. Prior to joining DARPA he worked as a security software developer, enterprise security architect, and research lab leader.
Shmoocon 2016
movies

eye 856

favorite 2

comment 0

Are you a Bond villain, whistle-blower, clandestine operative, secret courier, paranoid schizophrenic or generally sketchy character who wants the ability to make your data go up in a puff of smoke at the drop of a hat when the bad guys close in? This talk will focus on implementing practical, low cost, and not entirely unsafe mobile data destruction solutions for your hopefully imaginary needs. Going beyond Shane Lawson, Bruce Potter, and Deviant Ollam’s 3U rackmount requirements from DEFCON...
Shmoocon 2007
movies

eye 137

favorite 0

comment 0

Welcome
You Must Be This Tall to Ride the Security Ride Joel Wilbanks and Pete Caro
Shmoocon 2011
by Georgia Weidman
movies

eye 125

favorite 0

comment 0

Your mom's cellphone has as much power and functionality as all the PCs at my old government job. Thousands of new smartphones are joining the network every month just begging to be made to run indiscernibly slower with just one more root level program. A botnet control scenario is presented in which smartphone bots receive instructions through sms that are processed by a proxy between the GSM modem and the application layer, making the botnet messages transparent to the user. An Android...
Advanced Protocol Fuzzing What We Learned when Bringing Layer2 Logic to SPIKE Land Enno Rey and Daniel Mende
Shmoocon 2016
movies

eye 1,232

favorite 0

comment 0

In the system hardening space, we’ve been using chroot jails to contain compromised programs. These jails were better than nothing, but were easily escaped by many attackers. As Linux containers become more mature, we can use them to replace these jails. This talk will teach you how to use Linux Containers, through both Docker and Ubuntu’s new LXD, to create far better jails for programs, containing their compromise. You will leave this demo-heavy talk immediately able to use both...
Shmoocon 2009
movies

eye 122

favorite 0

comment 0

RFID Unplugged
Shmoocon 2013
movies

eye 47

favorite 0

comment 0

Shmoocon 2013 0wn The Con
Shmoocon 2014
by Jake Williams and Alissa Torres
movies

eye 441

favorite 0

comment 0

ADD -- Complicating Memory Forensics Through Memory Disarray Jake Williams and Alissa Torres In this presentation, we'll present ADD (attention deficit disorder), a tool that litters Windows physical memory with (configurable amounts and types of) garbage to disrupt memory forensics. Memory forensics has become so mainstream that it's catching too many malware authors during routine investigations (making Jake a sad panda). If memory forensics were much harder to perform, then attackers would...
Shmoocon 2007
movies

eye 88

favorite 0

comment 0

There is no man page for the English language, but kids pick it up anyway (more or less). There is deep structure hidden inside every human generated language, especially those we intend to fuzz. I will discuss and demonstrate new, useful, and purty purty tools for rendering complex patterns automatically, potentially in realtime, and breaking things with it. New toys will be released, including a generic XML fuzzer (rawk!). Dan Kaminsky is the Director of Penetration Testing at IOActive, a...
Shmoocon 2016
by Patrick Wardle
movies

eye 536

favorite 0

comment 0

Gatekeeper is an anti-malware feature baked directly into OS X. Its single goal is to block the execution of untrusted code from the internet. Apple boldly claims that because of Gatekeeper, both trojans and tampered downloads are generically blocked. So hooray! Mac users are all secure…right? Well, perhaps not :/ Until now, there has been little technical information about Gatekeeper’s closed-source internals. This talk seeks to remedy this by exposing the inner workings of Gatekeeper and...
Shmoocon 2012
movies

eye 322

favorite 0

comment 0

TTL Penetration
Shmoocon 2016
movies

eye 1,499

favorite 0

comment 0

We’ve taken a novel approach to automating the determination of a phisher’s geographic location. With the help of Markov chains, we craft honeypot responses to phishers’ emails in an attempt to beat them at their own game. We’ll examine the underlying concepts, implementation of the system, and reveal some of the results from our ongoing experiment. Robbie Gallagher is a security engineer with Atlassian in Austin, Texas. He received his bachelor’s degree in applied computing...
Shmoocon 2011
movies

eye 343

favorite 1

comment 0

Got domain admin to a couple of thousand Windows systems? Got an hour to spare? Steal sensitive data from all of these systems simultaneously in under an hour with OpenDLP. OpenDLP is an open source, agent-based, massively distributable, centrally managed data discovery program that runs as a service on Windows systems and is controlled from a centralized web application. The agent is written in C, has no .NET requirements, uses PCREs for pattern matching, reads inside ZIPs like Office 2007 and...
Shmoocon 2011
movies

eye 74

favorite 0

comment 0

A business capability is a functional unit within a business that is comprised of four layers: policies, people, processes, and technologies. Policies provide governance. People provide judgment, expertise, and exception handling. Processes provide repeatability. Technologies remove people from the processes and provide automation. The four layers comprise a business capability stack (BCStack). You can model a corporate bureaucracy as a system of BCStacks. BCStack exchange information and...
Shmoocon 2011
movies

eye 93

favorite 0

comment 0

TCP Stream reassembly is a core function that is required for robust IPS and IDS systems. Snort's stream reassembly implementation (Stream5) has certain flaws that limit the protection capabilities. In this paper we conduct a detailed analysis of the state tracking and stream reassembly functionality of the open source IPS/IDS - Snort - with a focus on prevention capabilities. Our work aims to highlight the flaws in order to shed light as well as suggest possible alternative approaches so as to...
Shmoocon 2016
by Alex Bulazel
movies

eye 800

favorite 0

comment 0

AVLeak is a tool for fingerprinting consumer antivirus emulators through automated black box testing. AVLeak can be used to extract information from AV emulators that may be used to detect their presence and evade detection, including environmental artifacts, OS API behavioral inconsistencies, emulation of network connectivity, timing inconsistencies, and CPU emulator “red pills”. These artifacts of emulation may be discovered through painstaking, time consuming binary reverse engineering,...
Shmoocon 2014
by Benjamin Gatti
movies

eye 647

favorite 0

comment 0

"How I Met Your Mother" or The Brief and Secret History of Bletchley Park and How They Invented Cryptography and the Computer Age Benjamin Gatti In the darkest days of WWII, a small team assembled at Bletchley Park solved two problems and set a new course for computers and cryptography - fast computers, and secure communications can both be traced back to one of the ugliest estates in London suburbia, where Alan Turing, Max Newman, Tommy Flowers, and others hacked their way through...
Shmoocon 2007
by Michael Rash
movies

eye 155

favorite 0

comment 0

Most people think of iptables as a packet filtering and mangling firewall within the Linux kernel. Although this characterization is true, iptables also provides such a powerful set of features that it can assist in the detection and visualization of network-based attacks. Through the use of the Netfilter string match extension, packet application layer data can be examined and acted upon by iptables. The end result is that a significant percentage of Snort rules can be run directly within the...
Shmoocon 2013 Strategies of a World Class Security Incident Response Team
Shmoocon 2006
movies

eye 201

favorite 0

comment 0

Advanced Network Recon With Nmap
Shmoocon 2016
by Kurt Opsahl, Andrew Crocker, Bill Buddington, and Eva Galperin
movies

eye 271

favorite 0

comment 0

Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation’s premiere digital civil liberties group fighting for freedom and privacy in the computer age. This session will include updates on current EFF issues such as NSA surveillance and fighting efforts to use intellectual property claims to shut down free speech and halt innovation, discussion of our technology projects to protect privacy and...
Shmoocon 2014
by Rob "Mubix" Fuller
movies

eye 865

favorite 0

comment 0

Attacker Ghost Stories: Mostly Free Defenses That Give Attackers Nightmares Rob "Mubix" Fuller This talk is about protections, mitigations, or detection mechanisms that I’ve seen across businesses big and small that were innovative and highly effective, yet free (or mostly free) and stopped me (as an attacker) dead in my tracks. We will be going over 11 (or a many as we can get to) methods, tactics, and software setups that will cut down intrusions significantly. Changes that you...
Shmoocon 2014
by Daniel J. Bernstein and Tanja Lange
movies

eye 918

favorite 0

comment 0

SafeCurves: Choosing Safe Curves for Elliptic-Curve Cryptography Daniel J. Bernstein and Tanja Lange There are several different standards covering selection of curves for use in elliptic-curve cryptography (ECC). Each of these standards tries to ensure that the elliptic-curve discrete-logarithm problem (ECDLP) is difficult. ECDLP is the problem of finding an ECC user's secret key, given the user's public key. Unfortunately, there is a gap between ECDLP difficulty and ECC security. None of...
Shmoocon 2008
movies

eye 44

favorite 0

comment 0

Malware Software Armoring Circumvention
Shmoocon 2010
movies

eye 44

favorite 0

comment 0

Better Approaches To Physical Tamper Detection
Shmoocon 2013
movies

eye 208

favorite 0

comment 0

Shmoocon 2013 How to Own a Building BacNET Attack Framework
Shmoocon 2013
movies

eye 53

favorite 0

comment 0

Shmoocon 2013 Chopshop Busting the Gh0st
Shmoocon 2012
movies

eye 105

favorite 1

comment 0

Inside The OODA Loop
Shmoocon 2012
movies

eye 153

favorite 0

comment 0

Malware Visualization In 3D
Shmoocon 2006
movies

eye 42

favorite 0

comment 0

Responding To Responsive (or Not) Disclosure
Shmoocon 2016
by The Shmoo Group
movies

eye 268

favorite 0

comment 0

The attendees of Shmoocon 2016 are welcomed to the conference, given basic information about the conferences offerings, and the events to look forward to.
Shmoocon 2009
movies

eye 39

favorite 0

comment 0

Keynote Matt Blaze
Shmoocon 2010
movies

eye 41

favorite 0

comment 0

Flying Instruments Only
Shmoocon 2013
movies

eye 51

favorite 0

comment 0

Shmoocon 2013 From Shotgun Parsers to Better Software Stacks
Shmoocon 2008
movies

eye 58

favorite 0

comment 0

Practical Hacker Crypto Simple Nomad
Shmoocon 2008
movies

eye 52

favorite 0

comment 0

Finding Bad Guys Can Be Fun
Shmoocon 2013
movies

eye 57

favorite 0

comment 0

Shmoocon 2013 Friday Fire Talks
Shmoocon 2016
movies

eye 723

favorite 0

comment 0

Big Data Analytics and Machine Learning are pervasive in the decision-making processes of major corporations and governments around the world. This fact introduces a new opportunity and attack vector for hackers — instead of stealing data, attackers can potentially influence or control the decisions of their victims. In our talk we highlight the poor decisions that developers make in their code that enables attackers to drastically skew machine learning models, deliver denial of service...
Shmoocon 2015
movies

eye 269

favorite 0

comment 0

Analyzing POS Malware [SC2015]
Shmoocon 2012
movies

eye 66

favorite 0

comment 0

Are Rtext Files DNS
Shmoocon 2008
movies

eye 42

favorite 0

comment 0

21st Century Shellcode for Solaris Tim Vidas
Shmoocon 2006
movies

eye 79

favorite 0

comment 0

Kryptos And The Cyrillic Projector Ciphers
Baked not Fried Performing an Unauthorized Phishing Awareness Exercise Syn Phishus
I Found a Thing and You Can (Should) Too: ISP's Unauthenticated SOAP Service = Find (Almost) All The Things! Nicholas Popovich This presentation is meant to encourage individuals to put the applications and software that they may use on their own home or small business networks under the research microscope. This will be a discussion of a recent independent research project that eventually led to an information disclosure vulnerability by a major U.S. ISP. This is also an example of when a...
Shmoocon 2009
movies

eye 50

favorite 0

comment 0

Jsunpack
Shmoocon 2013
movies

eye 59

favorite 0

comment 0

Shmoocon 2013 MASTIFF Automated Static Analysis Framework
Shmoocon 2016
by Chris Eng
movies

eye 423

favorite 0

comment 0

Every industry faces the challenge of securing software, so why do some industries “get it” while others struggle to manage the problem at scale? In this session, we will share data drawn from over 200,000 application assessments performed via Veracode’s cloud platform over an 18-month period. This is the largest data set of its kind, and it provides unique insight into the state of software security. Attendees can use this information to benchmark their AppSec program against peers,...
Shmoocon 2015
texts

eye 163

favorite 0

comment 0

Don'tLookNow MaliciousImageSpam
Shmoocon 2011
by Jon Larimer
movies

eye 103

favorite 0

comment 0

Many people think that Linux is immune to the type of Autorun attacks that have plagued Windows systems with malware over the years. However, there have been many advances in the usability of Linux as a desktop OS - including the addition of features that can allow Autorun attacks. In this presentation, I'll explain how attackers can abuse these features to gain access to a live system by using a USB flash drive. I'll also show how USB as an exploitation platform can allow for easy bypass of...