B-C-METOYX

ShmooCon Security Conference This Weekend

Blog Post created by B-C-METOYX Employee on Jan 12, 2015

ShmooCon has always been one of my favorite security conferences. Unfortunately, I can't be there this year. But for those who are going this weekend, here's what to expect.

In recent years, I've found some of the best content at ShmooCon, and I've learned a lot. It's also an excellent place to meet other security practitioners that can become important allies. Some of the most important contacts I've made were at ShmooCon.

The unfamiliar usually chuckle or **** their heads in puzzlement when I tell them about ShmooCon. The name throws them off, and it's not a traditional business conference.

ShmooCon is organized by the Shmoo Group, a security think tank started by Bruce Potter in the late 1990s. Attendees represent the full cross section of the security industry. There are hackers, CSOs, government security types and everything in between. More than a few people have compared it to the Black Hat conferences of old or a smaller version of Defcon.

The event has inspired a lot of thinking outside the box -- not just in terms of the talks, but in how attendees travel and network. In recent years people have carpooled to ShmooCon.

For three years in a row I traveled to and from the event in what we called the Shmoobus -- An RV crammed with hackers making the journey from Boston to Washington DC. Those 12-hour drives made for a lot of bonding.

With such a long trek, there's time to delve into deep discussions about the challenges of our jobs.

The Shmoobus is no more, unfortunately. But what I learned about security on those journeys will last a lifetime.

ShmooCon 2015
This year's event is at the Washington Hilton Hotel, 1919 Connecticut Ave., NW in Washington DC. Here's the schedule:

 

Saturday, January 17, 2015
TimeBuild It!Belay It!Bring it On!
0930Registration Opens
1000https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
NSA Playset: USB Tools

Dominic Spill, Michael Ossmann, and Jared Boone

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Cockroach Analysis: A Statistical Analysis of the Flash and Java Files that Infest the Internet

David Dorsey

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Where the Wild Things Are: Encryption, Police Access & the User

Whitney Merrill

1100https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Knock Knock: A Survey of iOS Authentication Methods

David Schuetz

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Understanding a New Memory Corruption Defense: Use-after-Free (UaF) Mitigation and Bypass

Jared DeMott

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Analysis of POS Malware

Brandon Benson

1200https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
httpscreenshot - A Tool for Both Teams

Steve Breen and Justin Kennedy

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
There's Waldo! Tracking Users via Mobile Apps

Colby Moore and Patrick Wardle

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Quantum Computing 01100101

Tess Schrodinger

1300Lunch Break
1400https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Automated Binary Analysis with Pin and Python

Omar Ahmed and Tyler Bohan

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Practical Machine Learning for Network Security

Terry Nelms

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Come to the Dark Side--We Have (Misfortune) Cookies

Lior Oppenheim and Shahar Tal

1500https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
NaCl: A New Crypto Library

Daniel J. Bernstein and Tanja Lange

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
The Joy Of Intelligent Proactive Security

Scott Behrens and Andy Hoernecke

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Deception for the Cyber Defender: To Err is Human; to Deceive, Divine

Tom Cross, David Raymond, and Gregory Conti

1600https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Tap On, Tap Off: Onscreen Keyboards and Mobile Password Entry

Kristen K. Greene, Joshua Franklin, and John Kelsey

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Manually Searching Advisories and Blogs for Threat Data--"Who's Got Time for That?"

Elvis Hovor and Shimon Modi

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Rethinking Security's Role in Computer Science Education

Sarah Zatko

1700https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
0wn the Con

The Shmoo Group

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
The Windows Sandbox Paradox

James Forshaw

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Ask the EFF

Kurt Opsahl and Nate Cardozo

1800Golden Flag Awards
1830Fire Talks
2100Saturday Night Party

 

Sunday, January 18, 2015
TimeBuild It!Belay It!Bring it On!
0930Registration Opens
1000https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
White is the New Black: Why White Data Really Matters

Irena Damsky

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
No Budget Threat Intelligence: Tracking Malware Campaigns on the Cheap

Andrew Morris

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
The Mile High Club: Getting Root at 40,000 Feet

Wesley Wineberg

1100https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Eliminating Timing Side-channels. A Tutorial.

Peter Schwabe

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Infrastructure Tracking with Passive Monitoring and Active Probing

Anthony Kasza and Dhia Mahjoub

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Mascots, March Madness & #yogapants: Hacking Goes to College

Chris Cullison, Zack Allen, and Avi Rubin

1200https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
The Dark Art of Data Visualization

David Pisano

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
Micronesia: Sub-kernel Kit for Host Introspection in Determining Insider Threat

Loc Nguyen

https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8
How Random is YourRNG?

Meltem Sönmez Turan, John Kelsey, and Kerry McKay

1300https://blogs.akamai.com/2015/01/editor-content.html?cs=UTF-8

Closing Plenary

Get Off My Lawn: Examining Change through the Eyes of The Old Guard

Bruce Potter (moderator), Carole Fennelly, Rick Forno, Ben Laurie, and Space Rogue

1400Closing Remarks

 

Not to be missed:

In all the ShmooCon's I've attended, I've found these to be highlights:

FireTalks: ShmooCon FireTalks are 15 minute presentations meant to be an alternative to the traditional 30 to 90 minute conference format. Similar to 5 minute Lightning Talks, the purpose is to challenge speakers to skip the BS and instead dive right into the core of their content in a more relaxed alternative environment. Unlike Lightning Talks, which are usually performed in rapid succession, the additional time allows the speaker to follow a more traditional introduction, body, and conclusion format. Judges will be on hand to vote for the best talks with prizes being awarded to the top three presentations. The FireTalks will take place Friday and Saturday night between the main track presentations and any evening activities.

Infosec Family FUD: Have you ever watched the Family Feud on TV and thought you had what it takes to win? Are you dying to show off how well you've got the pulse of the Infosec community? No? Well, come join us on anyway and play along as ShmooCon presents a special Infosec Community version of the Family Feud. On Friday night we will be forming teams from audience members live, but even if you don't get selected to be on stage, we still need you to be our sampled audience -- the whole game is generated from your feedback.

Hackfortress: Hackfortress is back for it's 4th year at Shmoocon. This year is stacking up to be no less exciting for the competition than previous years. With two brand new Oculus HD Rift's planning to make an appearance at this years competition, virtual immersion into TF2 will play an even bigger role during this round (and this time without the nausea). Don't worry though, we'll still have the two original Rift's on hand for a challenge (or as a form of punishment or just to amuse the judges). Just as in years past, the competition will consist of a team of 10 players competing to score more points than the opposing team during each 30 minute match. Six players will play Team Fortress 2 against six players on the opposing team. The four remaining players on each team will do their best to solve puzzles while the TF2 match is happening. These puzzles have a direct impact on the game just as the game has a direct impact on the puzzles. One new twist this year is that we plan to offer payload and KoTH maps during this year's matches.

If you're attending, I wish you safe travels and a lot of fun!

Outcomes