Skip to main content

Shmoocon

Shmoo Group

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.



rss RSS

473
RESULTS


Show sorted alphabetically

Show sorted alphabetically

SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
Shmoocon 2016
Shmoocon 2016
collection
39
ITEMS
89,279
VIEWS
collection

eye 89,279

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
Shmoocon 2015
Shmoocon 2015
collection
48
ITEMS
25,745
VIEWS
by Shmoocon
collection

eye 25,745

DIFFERENT - ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It and Bring It On. AFFORDABLE - ShmooCon is about high quality without the high price. Keep in mind that space is...
Shmoocon 2008
Shmoocon 2008
collection
42
ITEMS
2,910
VIEWS
by Various
collection

eye 2,910

DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.  The first day is a single track of speed talks called One Track Mind.  The next two days bring three tracks:  Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
Shmoocon 2013
Shmoocon 2013
collection
38
ITEMS
2,465
VIEWS
collection

eye 2,465

DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.  The first day is a single track of speed talks called One Track Mind.  The next two days bring three tracks:  Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
Shmoocon 2016
movies

eye 5,631

favorite 2

comment 0

Every IR presents unique challenges. But–when an attacker uses PowerShell, WMI, Kerberos attacks, novel persistence mechanisms, seemingly unlimited C2 infrastructure and half-a-dozen rapidly-evolving malware families across a 100k node network to compromise the environment at a rate of 10 systems per day–the cumulative challenges can become overwhelming. This talk will showcase the obstacles overcome during one of the largest and most advanced breaches Mandiant has ever responded to, the...
Shmoocon 2006
Shmoocon 2006
collection
35
ITEMS
2,781
VIEWS
collection

eye 2,781

DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.  The first day is a single track of speed talks called One Track Mind.  The next two days bring three tracks:  Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
Shmoocon 2012
Shmoocon 2012
collection
41
ITEMS
3,764
VIEWS
by Shmoo Group
collection

eye 3,764

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
Shmoocon 2009
Shmoocon 2009
collection
40
ITEMS
3,513
VIEWS
by Various
collection

eye 3,513

DIFFERENT – ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.  The first day is a single track of speed talks called One Track Mind.  The next two days bring three tracks:  Build It, Belay It, and Bring It On. AFFORDABLE – ShmooCon is about high quality without the high...
Shmoocon 2011
Shmoocon 2011
collection
41
ITEMS
4,703
VIEWS
collection

eye 4,703

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
Shmoocon 2014
movies

eye 11,769

favorite 5

comment 0

Controlling USB Flash Drive Controllers: Expose of Hidden Features Richard Harman With stories of "BadBIOS" infecting PCs simply by connecting a malicious USB flash drive to a PC, it's time we learned about flash drives and their controllers. Consumer USB flash drives are cheap, growing in capacity and shrinking in physical size. There are only around 15 prominent controller chip manufacturers whom you have never heard of, but OEM for all the popular and respected "name...
Shmoocon 2014
Shmoocon 2014
collection
42
ITEMS
29,470
VIEWS
by Shmoocon
collection

eye 29,470

Shmoocon 2014: Held in Washington D.C. from January 17-19, 2014, at the Washington Hilton. This collection contains all recorded main area talks at the event. DIFFERENT - ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next...
Topics: Shmoocon, Hacker Con, Security, Presentations
Shmoocon 2007
Shmoocon 2007
collection
36
ITEMS
2,741
VIEWS
collection

eye 2,741

ShmooCon is an American hacker convention organized by The Shmoo Group. There are typically 40 different talks and presentations on a variety of subjects related to computer security and cyberculture. Multiple events are held at the convention related to cryptography and computer security such as Shmooganography, Hack Fortress, a locksport village hosted by TOOOL DC, and Ghost in the Shellcode.
Shmoocon 2015
movies

eye 8,852

favorite 0

comment 0

Knock Knock [SC2015]
Shmoocon 2010
Shmoocon 2010
collection
36
ITEMS
2,079
VIEWS
collection

eye 2,079

ShmooCon is an American hacker convention organized by The Shmoo Group. There are typically 40 different talks and presentations on a variety of subjects related to computer security and cyberculture. Multiple events are held at the convention related to cryptography and computer security such as Shmooganography, Hack Fortress, a locksport village hosted by TOOOL DC, and Ghost in the Shellcode.
Shmoocon 2008
movies

eye 1,024

favorite 0

comment 0

I Piss on Your AV shmoocon presentation 2008
Shmoocon 2015
movies

eye 155

favorite 0

comment 0

Wheres Waldo [SC2015]
Shmoocon 2006
movies

eye 65

favorite 0

comment 0

Gentleman's Primer On Reading Emulation Of Mag Cards
Shmoocon 2009
movies

eye 624

favorite 0

comment 0

The Gentlemen's Agreement
Shmoocon 2015
movies

eye 290

favorite 0

comment 0

Quantum Computing [SC2015]
Shmoocon 2012
movies

eye 378

favorite 0

comment 0

Credit Card Fraud
Shmoocon 2016
by Andrew Kalat
movies

eye 23,691

favorite 7

comment 0

Most hackers have a massive digital footprint: social media, servers at co-location sites, servers at home, overly-complicated IT infrastructure, and various other IT gear connected in crazy ways. What happens when one of us suddenly dies? How do our loved ones pick up the pieces, figure out all of our random IT crap that we’ve setup, and move forward? This talk explores the challenges, opportunities, and lessons learned as I aided in figure out the IT gear after the passing of a dear friend...
Shmoocon 2006
movies

eye 115

favorite 0

comment 0

Network Security Monitoring With Sguil
Shmoocon 2013
movies

eye 55

favorite 0

comment 0

Shmoocon 2013 Generalized Single Packet Auth for Cloud Envions
Shmoocon 2011
movies

eye 290

favorite 1

comment 0

The Google Web Toolkit (GWT) provides developers with a framework to easily create Rich Internet Applications that use AJAX. The beauty of GWT lies in the ability to write client side components in Java that get automatically compiled into optimized browser Javascript. Once deployed, this client side code has the ability to perform remote procedure calls to all implemented GWT RPC methods. From an attacker's perspective, GWT introduces several problems. Most notably, GWT RPC request use a...
Shmoocon 2012
movies

eye 102

favorite 0

comment 0

Attacking Proximity Card Access Systems
Shmoocon 2016
by Alex Bulazel
movies

eye 799

favorite 0

comment 0

AVLeak is a tool for fingerprinting consumer antivirus emulators through automated black box testing. AVLeak can be used to extract information from AV emulators that may be used to detect their presence and evade detection, including environmental artifacts, OS API behavioral inconsistencies, emulation of network connectivity, timing inconsistencies, and CPU emulator “red pills”. These artifacts of emulation may be discovered through painstaking, time consuming binary reverse engineering,...
Shmoocon 2015
movies

eye 378

favorite 2

comment 0

Where The Wild Things Are [SC2015]
Shmoocon 2007
by Michael Rash
movies

eye 153

favorite 0

comment 0

Most people think of iptables as a packet filtering and mangling firewall within the Linux kernel. Although this characterization is true, iptables also provides such a powerful set of features that it can assist in the detection and visualization of network-based attacks. Through the use of the Netfilter string match extension, packet application layer data can be examined and acted upon by iptables. The end result is that a significant percentage of Snort rules can be run directly within the...
Shmoocon 2010
movies

eye 53

favorite 0

comment 0

Info Disclosure Via P2P
Shmoocon 2008
movies

eye 64

favorite 0

comment 0

Forensic Image Analysis to Recover Passwords d Smith
Shmoocon 2013 Moloch A New And Free Way To Index Your Packet Capture Repository 1
Shmoocon 2015
movies

eye 188

favorite 0

comment 0

White is the New Black [SC2015]
Shmoocon 2013
movies

eye 41

favorite 0

comment 0

Shmoocon 2013 Protecting Sensitive Information on iOS Devices
Shmoocon 2009
movies

eye 67

favorite 0

comment 0

Hack The Genome
Shmoocon 2009
movies

eye 49

favorite 0

comment 0

Ten Things About HDs
Shmoocon 2012
movies

eye 40

favorite 0

comment 0

Shmoocon 2012 Keynote
Shmoocon 2013
movies

eye 51

favorite 0

comment 0

Shmoocon 2013 Apple iOS Certificate Tomfoolery
Shmoocon 2006
movies

eye 78

favorite 0

comment 0

VoIP WiFi Phone Security Analysis
Shmoocon 2006
movies

eye 65

favorite 0

comment 0

Hacking The Friendly Skies
Shmoocon 2008
movies

eye 39

favorite 0

comment 0

Got Citrix Hack It! Shanit Gupta
Shmoocon 2008
movies

eye 50

favorite 0

comment 0

Hacking Windows Vista Security Dan Griffin
Shmoocon 2015
texts

eye 218

favorite 0

comment 0

Where the Wild Things Are Whitney Merrill
Shmoocon 2011
by Georgia Weidman
movies

eye 125

favorite 0

comment 0

Your mom's cellphone has as much power and functionality as all the PCs at my old government job. Thousands of new smartphones are joining the network every month just begging to be made to run indiscernibly slower with just one more root level program. A botnet control scenario is presented in which smartphone bots receive instructions through sms that are processed by a proxy between the GSM modem and the application layer, making the botnet messages transparent to the user. An Android...
Shmoocon 2008
movies

eye 30

favorite 0

comment 0

Intercepting Mobile PhoneGSM Traffic H1kari
Shmoocon 2016
by Patrick Wardle
movies

eye 523

favorite 0

comment 0

Gatekeeper is an anti-malware feature baked directly into OS X. Its single goal is to block the execution of untrusted code from the internet. Apple boldly claims that because of Gatekeeper, both trojans and tampered downloads are generically blocked. So hooray! Mac users are all secure…right? Well, perhaps not :/ Until now, there has been little technical information about Gatekeeper’s closed-source internals. This talk seeks to remedy this by exposing the inner workings of Gatekeeper and...
Shmoocon 2008
movies

eye 36

favorite 0

comment 0

Legal Issues for Bot net Researchers and Mitigators Alexander Muentz
Shmoocon 2013
movies

eye 63

favorite 0

comment 0

Shmoocon 2013 How Smart Is BlueTooth Smart
Shmoocon 2014
movies

eye 1,318

favorite 0

comment 0

An Open and Affordable USB Man in the Middle Device Dominic Spill With the introduction of FaceDancer, there has been a surge of interest in USB security. USBProxy is an open framework for the BeagleBone Black to make it simpler for anyone to monitor, inject or modify data carried over a USB connection. While the FaceDancer will allow devices to be written on a host system, we are able to go further and man-in-the-middle connections to existing devices as well. The BeagleBone Black also enables...
Shmoocon 2009
movies

eye 36

favorite 0

comment 0

Are Bad Times Good For Security Professionals
Shmoocon 2007
movies

eye 86

favorite 0

comment 0

There is no man page for the English language, but kids pick it up anyway (more or less). There is deep structure hidden inside every human generated language, especially those we intend to fuzz. I will discuss and demonstrate new, useful, and purty purty tools for rendering complex patterns automatically, potentially in realtime, and breaking things with it. New toys will be released, including a generic XML fuzzer (rawk!). Dan Kaminsky is the Director of Penetration Testing at IOActive, a...
Shmoocon 2007
by The Shmoo Group
movies

eye 30

favorite 0

comment 0

ShmooCon Labs was a ShmooCon first and as far as we know a security conference first. We invited vendors, 30 attendees, and ShmooCon network geeks to come and spend a day and half building the conference wired and wireless network with all sorts of security geek goodness. Including NAC, VA, WIDS, IPS, and other bad words we can't spell out here, we attempted to do it all in 30 hours to provide you access to your precious wireless 1s and 0s. Ken Caruso will start the BOF with a quick recap of...
Shmoocon 2007
by Deviant Ollam, Noid, and Thorn
movies

eye 71

favorite 0

comment 0

It seems that at every con nowadays there is at least one talk dedicated to physical security. Our servers and data can be encrypted and passworded with the latest algorithms, but that doesn't do the trick if someone marches them out the door when we're not looking. In the past, many physical security talks have focused on passive defense: locks that resist picking, safes which resist cracking, etc. However, sometimes an intrusion is detected while in progress... and such intrusions - even...
Web Portals Gateway to Information or a Hole in our Perimeter Defenses Deral Heiland
Shmoocon 2006
movies

eye 37

favorite 0

comment 0

Concon
Shmoocon 2006
movies

eye 53

favorite 0

comment 0

Trojans Botnets And Malware Oh My!
Shmoocon 2015
movies

eye 218

favorite 0

comment 0

Dark Art of Data Visualization [SC2015]
Shmoocon 2012
movies

eye 72

favorite 0

comment 0

Building MASINT Capabilities For Hackers
Shmoocon 2010
movies

eye 51

favorite 0

comment 0

How To Be An RSol
Shmoocon 2013
movies

eye 93

favorite 1

comment 0

Shmoocon 2013 WIPE THE DRIVE Techniques for Malware Persistence
Shmoocon 2013
movies

eye 51

favorite 0

comment 0

Shmoocon 2013 The Cloud Storms on the Horizon
Shmoocon 2013 Strategies of a World Class Security Incident Response Team
Shmoocon 2011
movies

eye 343

favorite 1

comment 0

Got domain admin to a couple of thousand Windows systems? Got an hour to spare? Steal sensitive data from all of these systems simultaneously in under an hour with OpenDLP. OpenDLP is an open source, agent-based, massively distributable, centrally managed data discovery program that runs as a service on Windows systems and is controlled from a centralized web application. The agent is written in C, has no .NET requirements, uses PCREs for pattern matching, reads inside ZIPs like Office 2007 and...
Shmoocon 2011
movies

eye 74

favorite 0

comment 0

A business capability is a functional unit within a business that is comprised of four layers: policies, people, processes, and technologies. Policies provide governance. People provide judgment, expertise, and exception handling. Processes provide repeatability. Technologies remove people from the processes and provide automation. The four layers comprise a business capability stack (BCStack). You can model a corporate bureaucracy as a system of BCStacks. BCStack exchange information and...
Shmoocon 2011
movies

eye 93

favorite 0

comment 0

TCP Stream reassembly is a core function that is required for robust IPS and IDS systems. Snort's stream reassembly implementation (Stream5) has certain flaws that limit the protection capabilities. In this paper we conduct a detailed analysis of the state tracking and stream reassembly functionality of the open source IPS/IDS - Snort - with a focus on prevention capabilities. Our work aims to highlight the flaws in order to shed light as well as suggest possible alternative approaches so as to...
Shmoocon 2007
by David Hulton
movies

eye 91

favorite 0

comment 0

This talk will cover some of the new advancements for OpenCiphers with newly added support for cracking WEP, WPA, and now Bluetooth and Mac OS-X! Since the WEP and WPA cracking has been talked about heavily at other conferences, this talk will focus on the aspects of Bluetooth PIN cracking and will release open source code for cracking Bluetooth PINs on your PC (at ~50k/sec) or using an FPGA (at ~10m/sec) and will demo a handful of FPGA cracking applications that OpenCiphers has to offer...
Shmoocon 2010
movies

eye 43

favorite 0

comment 0

Better Approaches To Physical Tamper Detection
Shmoocon 2006
movies

eye 89

favorite 0

comment 0

Web Application Vulnerabilities And Exploits
Shmoocon 2016
by Sarah Rees and Jonathan Medina
movies

eye 661

favorite 1

comment 0

In the age of an “Internet of Things,” centralized control over a wide variety of devices is creeping down from the clouds and into our everyday lives. Software Defined Networking (SDN) is replacing traditional networks with some of the biggest names in the tech industry. Google, Microsoft, Facebook, Yahoo, Amazon, and AT&T are utilizing SDN for its advanced flexibility and automated network control. Unfortunately some functions of SDN and the OpenFlow protocol should be raising...
Shmoocon 2009
movies

eye 693

favorite 0

comment 0

Stranger In A Strange Land
Shmoocon 2009
movies

eye 28

favorite 0

comment 0

Man In The Middling
Shmoocon 2009
movies

eye 35

favorite 0

comment 0

Exploring Novelty Ways Of Building Botnets
Shmoocon 2009
movies

eye 53

favorite 0

comment 0

Reinterpreting The Disclosure Debate For Web Infection
Shmoocon 2008
movies

eye 54

favorite 0

comment 0

Vulncatcher Fun with Vtrace and Programmatic Debugging atlas
Shmoocon 2015
movies

eye 142

favorite 0

comment 0

Understanding a New Memory Corruption Defense [SC2015]
Shmoocon 2016
movies

eye 271

favorite 0

comment 0

The Algebraic Eraser (AE) is a Group Theoretic Public-Key Cryptosystem originally published in 2006 and designed specifically to work in constrained devices with limited CPU and power capabilities such as RFID and Internet of Things (IoT) devices. Algebraic Eraser Diffie-Hellman (AEDH) provides a key-agreement protocol that performs significantly better than ECC at the same security level in both hardware and software. One hardware implementation in 65nm CMOS performs 60-200 times better than...