ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
25,745
26K
Jan 28, 2015
01/15
by
Shmoocon
DIFFERENT - ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It and Bring It On. AFFORDABLE - ShmooCon is about high quality without the high price. Keep in mind that space is...
2,910
2.9K
Oct 14, 2016
10/16
by
Various
DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
5,631
5.6K
Feb 3, 2016
02/16
by
Matt Dunwoody and Nick Carr
movies
eye 5,631
favorite 2
comment 0
Every IR presents unique challenges. But–when an attacker uses PowerShell, WMI, Kerberos attacks, novel persistence mechanisms, seemingly unlimited C2 infrastructure and half-a-dozen rapidly-evolving malware families across a 100k node network to compromise the environment at a rate of 10 systems per day–the cumulative challenges can become overwhelming. This talk will showcase the obstacles overcome during one of the largest and most advanced breaches Mandiant has ever responded to, the...
DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
3,764
3.8K
Feb 28, 2016
02/16
by
Shmoo Group
ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
3,513
3.5K
Oct 14, 2016
10/16
by
Various
DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
11,769
12K
Feb 6, 2014
02/14
by
Richard Harman
movies
eye 11,769
favorite 5
comment 0
Controlling USB Flash Drive Controllers: Expose of Hidden Features Richard Harman With stories of "BadBIOS" infecting PCs simply by connecting a malicious USB flash drive to a PC, it's time we learned about flash drives and their controllers. Consumer USB flash drives are cheap, growing in capacity and shrinking in physical size. There are only around 15 prominent controller chip manufacturers whom you have never heard of, but OEM for all the popular and respected "name...
29,470
29K
Feb 6, 2014
02/14
by
Shmoocon
Shmoocon 2014: Held in Washington D.C. from January 17-19, 2014, at the Washington Hilton. This collection contains all recorded main area talks at the event. DIFFERENT - ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next...
Topics: Shmoocon, Hacker Con, Security, Presentations
ShmooCon is an American hacker convention organized by The Shmoo Group. There are typically 40 different talks and presentations on a variety of subjects related to computer security and cyberculture. Multiple events are held at the convention related to cryptography and computer security such as Shmooganography, Hack Fortress, a locksport village hosted by TOOOL DC, and Ghost in the Shellcode.
8,852
8.9K
movies
eye 8,852
favorite 0
comment 0
ShmooCon is an American hacker convention organized by The Shmoo Group. There are typically 40 different talks and presentations on a variety of subjects related to computer security and cyberculture. Multiple events are held at the convention related to cryptography and computer security such as Shmooganography, Hack Fortress, a locksport village hosted by TOOOL DC, and Ghost in the Shellcode.
1,024
1.0K
movies
eye 1,024
favorite 0
comment 0
I Piss on Your AV shmoocon presentation 2008
155
155
movies
eye 155
favorite 0
comment 0
65
65
movies
eye 65
favorite 0
comment 0
Gentleman's Primer On Reading Emulation Of Mag Cards
624
624
movies
eye 624
favorite 0
comment 0
The Gentlemen's Agreement
290
290
movies
eye 290
favorite 0
comment 0
Quantum Computing [SC2015]
378
378
movies
eye 378
favorite 0
comment 0
23,691
24K
Feb 3, 2016
02/16
by
Andrew Kalat
movies
eye 23,691
favorite 7
comment 0
Most hackers have a massive digital footprint: social media, servers at co-location sites, servers at home, overly-complicated IT infrastructure, and various other IT gear connected in crazy ways. What happens when one of us suddenly dies? How do our loved ones pick up the pieces, figure out all of our random IT crap that we’ve setup, and move forward? This talk explores the challenges, opportunities, and lessons learned as I aided in figure out the IT gear after the passing of a dear friend...
115
115
movies
eye 115
favorite 0
comment 0
Network Security Monitoring With Sguil
55
55
movies
eye 55
favorite 0
comment 0
Shmoocon 2013 Generalized Single Packet Auth for Cloud Envions
290
290
Feb 29, 2016
02/16
by
Ron Gutierrez
movies
eye 290
favorite 1
comment 0
The Google Web Toolkit (GWT) provides developers with a framework to easily create Rich Internet Applications that use AJAX. The beauty of GWT lies in the ability to write client side components in Java that get automatically compiled into optimized browser Javascript. Once deployed, this client side code has the ability to perform remote procedure calls to all implemented GWT RPC methods. From an attacker's perspective, GWT introduces several problems. Most notably, GWT RPC request use a...
102
102
movies
eye 102
favorite 0
comment 0
Attacking Proximity Card Access Systems
799
799
Feb 3, 2016
02/16
by
Alex Bulazel
movies
eye 799
favorite 0
comment 0
AVLeak is a tool for fingerprinting consumer antivirus emulators through automated black box testing. AVLeak can be used to extract information from AV emulators that may be used to detect their presence and evade detection, including environmental artifacts, OS API behavioral inconsistencies, emulation of network connectivity, timing inconsistencies, and CPU emulator “red pills”. These artifacts of emulation may be discovered through painstaking, time consuming binary reverse engineering,...
378
378
movies
eye 378
favorite 2
comment 0
Where The Wild Things Are [SC2015]
153
153
Oct 14, 2016
10/16
by
Michael Rash
movies
eye 153
favorite 0
comment 0
Most people think of iptables as a packet filtering and mangling firewall within the Linux kernel. Although this characterization is true, iptables also provides such a powerful set of features that it can assist in the detection and visualization of network-based attacks. Through the use of the Netfilter string match extension, packet application layer data can be examined and acted upon by iptables. The end result is that a significant percentage of Snort rules can be run directly within the...
53
53
movies
eye 53
favorite 0
comment 0
64
64
movies
eye 64
favorite 0
comment 0
Forensic Image Analysis to Recover Passwords d Smith
83
83
movies
eye 83
favorite 0
comment 0
Shmoocon 2013 Moloch A New And Free Way To Index Your Packet Capture Repository 1
188
188
movies
eye 188
favorite 0
comment 0
White is the New Black [SC2015]
41
41
movies
eye 41
favorite 0
comment 0
Shmoocon 2013 Protecting Sensitive Information on iOS Devices
67
67
movies
eye 67
favorite 0
comment 0
49
49
movies
eye 49
favorite 0
comment 0
40
40
movies
eye 40
favorite 0
comment 0
51
51
movies
eye 51
favorite 0
comment 0
Shmoocon 2013 Apple iOS Certificate Tomfoolery
78
78
movies
eye 78
favorite 0
comment 0
VoIP WiFi Phone Security Analysis
65
65
movies
eye 65
favorite 0
comment 0
Hacking The Friendly Skies
39
39
movies
eye 39
favorite 0
comment 0
Got Citrix Hack It! Shanit Gupta
50
50
movies
eye 50
favorite 0
comment 0
Hacking Windows Vista Security Dan Griffin
218
218
texts
eye 218
favorite 0
comment 0
Where the Wild Things Are Whitney Merrill
125
125
Feb 29, 2016
02/16
by
Georgia Weidman
movies
eye 125
favorite 0
comment 0
Your mom's cellphone has as much power and functionality as all the PCs at my old government job. Thousands of new smartphones are joining the network every month just begging to be made to run indiscernibly slower with just one more root level program. A botnet control scenario is presented in which smartphone bots receive instructions through sms that are processed by a proxy between the GSM modem and the application layer, making the botnet messages transparent to the user. An Android...
30
30
movies
eye 30
favorite 0
comment 0
Intercepting Mobile PhoneGSM Traffic H1kari
523
523
Feb 3, 2016
02/16
by
Patrick Wardle
movies
eye 523
favorite 0
comment 0
Gatekeeper is an anti-malware feature baked directly into OS X. Its single goal is to block the execution of untrusted code from the internet. Apple boldly claims that because of Gatekeeper, both trojans and tampered downloads are generically blocked. So hooray! Mac users are all secure…right? Well, perhaps not :/ Until now, there has been little technical information about Gatekeeper’s closed-source internals. This talk seeks to remedy this by exposing the inner workings of Gatekeeper and...
36
36
movies
eye 36
favorite 0
comment 0
Legal Issues for Bot net Researchers and Mitigators Alexander Muentz
63
63
movies
eye 63
favorite 0
comment 0
Shmoocon 2013 How Smart Is BlueTooth Smart
1,318
1.3K
Feb 6, 2014
02/14
by
Dominic Spill
movies
eye 1,318
favorite 0
comment 0
An Open and Affordable USB Man in the Middle Device Dominic Spill With the introduction of FaceDancer, there has been a surge of interest in USB security. USBProxy is an open framework for the BeagleBone Black to make it simpler for anyone to monitor, inject or modify data carried over a USB connection. While the FaceDancer will allow devices to be written on a host system, we are able to go further and man-in-the-middle connections to existing devices as well. The BeagleBone Black also enables...
36
36
movies
eye 36
favorite 0
comment 0
Are Bad Times Good For Security Professionals
86
86
Oct 14, 2016
10/16
by
Dan Kaminsky
movies
eye 86
favorite 0
comment 0
There is no man page for the English language, but kids pick it up anyway (more or less). There is deep structure hidden inside every human generated language, especially those we intend to fuzz. I will discuss and demonstrate new, useful, and purty purty tools for rendering complex patterns automatically, potentially in realtime, and breaking things with it. New toys will be released, including a generic XML fuzzer (rawk!). Dan Kaminsky is the Director of Penetration Testing at IOActive, a...
30
30
Oct 14, 2016
10/16
by
The Shmoo Group
movies
eye 30
favorite 0
comment 0
ShmooCon Labs was a ShmooCon first and as far as we know a security conference first. We invited vendors, 30 attendees, and ShmooCon network geeks to come and spend a day and half building the conference wired and wireless network with all sorts of security geek goodness. Including NAC, VA, WIDS, IPS, and other bad words we can't spell out here, we attempted to do it all in 30 hours to provide you access to your precious wireless 1s and 0s. Ken Caruso will start the BOF with a quick recap of...
71
71
Oct 14, 2016
10/16
by
Deviant Ollam, Noid, and Thorn
movies
eye 71
favorite 0
comment 0
It seems that at every con nowadays there is at least one talk dedicated to physical security. Our servers and data can be encrypted and passworded with the latest algorithms, but that doesn't do the trick if someone marches them out the door when we're not looking. In the past, many physical security talks have focused on passive defense: locks that resist picking, safes which resist cracking, etc. However, sometimes an intrusion is detected while in progress... and such intrusions - even...
70
70
movies
eye 70
favorite 0
comment 0
Web Portals Gateway to Information or a Hole in our Perimeter Defenses Deral Heiland
37
37
movies
eye 37
favorite 0
comment 0
53
53
movies
eye 53
favorite 0
comment 0
Trojans Botnets And Malware Oh My!
218
218
movies
eye 218
favorite 0
comment 0
Dark Art of Data Visualization [SC2015]
72
72
movies
eye 72
favorite 0
comment 0
Building MASINT Capabilities For Hackers
51
51
movies
eye 51
favorite 0
comment 0
93
93
movies
eye 93
favorite 1
comment 0
Shmoocon 2013 WIPE THE DRIVE Techniques for Malware Persistence
51
51
movies
eye 51
favorite 0
comment 0
Shmoocon 2013 The Cloud Storms on the Horizon
48
48
movies
eye 48
favorite 0
comment 0
Shmoocon 2013 Strategies of a World Class Security Incident Response Team
343
343
Feb 28, 2016
02/16
by
Andrew Gavin
movies
eye 343
favorite 1
comment 0
Got domain admin to a couple of thousand Windows systems? Got an hour to spare? Steal sensitive data from all of these systems simultaneously in under an hour with OpenDLP. OpenDLP is an open source, agent-based, massively distributable, centrally managed data discovery program that runs as a service on Windows systems and is controlled from a centralized web application. The agent is written in C, has no .NET requirements, uses PCREs for pattern matching, reads inside ZIPs like Office 2007 and...
74
74
Feb 28, 2016
02/16
by
Javier Gonzales Sanchez
movies
eye 74
favorite 0
comment 0
A business capability is a functional unit within a business that is comprised of four layers: policies, people, processes, and technologies. Policies provide governance. People provide judgment, expertise, and exception handling. Processes provide repeatability. Technologies remove people from the processes and provide automation. The four layers comprise a business capability stack (BCStack). You can model a corporate bureaucracy as a system of BCStacks. BCStack exchange information and...
93
93
Feb 29, 2016
02/16
by
Ashley Thomas
movies
eye 93
favorite 0
comment 0
TCP Stream reassembly is a core function that is required for robust IPS and IDS systems. Snort's stream reassembly implementation (Stream5) has certain flaws that limit the protection capabilities. In this paper we conduct a detailed analysis of the state tracking and stream reassembly functionality of the open source IPS/IDS - Snort - with a focus on prevention capabilities. Our work aims to highlight the flaws in order to shed light as well as suggest possible alternative approaches so as to...
91
91
Oct 14, 2016
10/16
by
David Hulton
movies
eye 91
favorite 0
comment 0
This talk will cover some of the new advancements for OpenCiphers with newly added support for cracking WEP, WPA, and now Bluetooth and Mac OS-X! Since the WEP and WPA cracking has been talked about heavily at other conferences, this talk will focus on the aspects of Bluetooth PIN cracking and will release open source code for cracking Bluetooth PINs on your PC (at ~50k/sec) or using an FPGA (at ~10m/sec) and will demo a handful of FPGA cracking applications that OpenCiphers has to offer...
43
43
movies
eye 43
favorite 0
comment 0
Better Approaches To Physical Tamper Detection
89
89
movies
eye 89
favorite 0
comment 0
Web Application Vulnerabilities And Exploits
661
661
Feb 3, 2016
02/16
by
Sarah Rees and Jonathan Medina
movies
eye 661
favorite 1
comment 0
In the age of an “Internet of Things,” centralized control over a wide variety of devices is creeping down from the clouds and into our everyday lives. Software Defined Networking (SDN) is replacing traditional networks with some of the biggest names in the tech industry. Google, Microsoft, Facebook, Yahoo, Amazon, and AT&T are utilizing SDN for its advanced flexibility and automated network control. Unfortunately some functions of SDN and the OpenFlow protocol should be raising...
693
693
movies
eye 693
favorite 0
comment 0
Stranger In A Strange Land
28
28
movies
eye 28
favorite 0
comment 0
35
35
movies
eye 35
favorite 0
comment 0
Exploring Novelty Ways Of Building Botnets
53
53
movies
eye 53
favorite 0
comment 0
Reinterpreting The Disclosure Debate For Web Infection
54
54
movies
eye 54
favorite 0
comment 0
Vulncatcher Fun with Vtrace and Programmatic Debugging atlas
142
142
movies
eye 142
favorite 0
comment 0
Understanding a New Memory Corruption Defense [SC2015]
271
271
Feb 3, 2016
02/16
by
Derek Atkins
movies
eye 271
favorite 0
comment 0
The Algebraic Eraser (AE) is a Group Theoretic Public-Key Cryptosystem originally published in 2006 and designed specifically to work in constrained devices with limited CPU and power capabilities such as RFID and Internet of Things (IoT) devices. Algebraic Eraser Diffie-Hellman (AEDH) provides a key-agreement protocol that performs significantly better than ECC at the same security level in both hardware and software. One hardware implementation in 65nm CMOS performs 60-200 times better than...