| 12:00 | Opening Ceremony |
|
| 12:30 |
Moss
|
TBA |
| 13:30 |
Moore
|
The Wild West |
| 14:30 |
Kaminsky
|
Black Ops |
| 16:00 |
Zatko
|
Cyber Fast Track: from the trenches |
| 18:00 |
Street
|
Securing the Internet: YOU’re doing it wrong. (An INFOSEC Intervention) |
Scott
|
Rescuing the Prince of Persia from the Sands of Time |
|
Marcus
|
2FA-Enabled Fraud: Dissecting Operation High Roller |
|
Los
|
House of Cards |
|
Brockway
|
Business Ramifications of Internet’s unclean conflicts |
|
| 18:30 |
Santana
|
How I Owned Your Vending Machine |
| 19:00 |
Fuller,
Gates,
Mudge
|
Dirty Little Secrets Part 2 |
Hadnagy
|
Nonverbal Human Hacking |
|
Farina
|
The Hacker Ethos meets The FOSS Ethos |
|
Daniel
|
How screwed are we? |
|
Crowley,
Savage
|
The Patsy Proxy: Getting others to do your dirty work |
|
| 19:30 |
Krypt3ia,
Los,
Pilkington,
Robert,
Sverdlik
|
BYOD: “Bring Your Own Doom or Sane Business Decision?” |
| 20:00 |
Amit
|
SexyDefense – The Red Team tore you a new one. NOW WHAT? |
egyp7
|
Privilege Escalation with the Metasploit Framework |
|
Pesce,
Wigley
|
Hacking Survival: So. You want to compute post-apocalypse? |
|
Arlen
|
Doubt – Deceit – Deficiency and Decency – a Decade of Disillusionment |
|
Wrightson
|
The Art and Science of Hacking Any Target |
|
| 20:30 |
Behrens,
Toews
|
Rapid Blind SQL Injection Exploitation with BBQSQL |
| 21:00 |
Perez
|
DNS Reconnaissance |
Gaudet
|
Pentesting for non-pentesters: learning through virtual machines |
|
Linn,
Ryan
|
Collecting Underpants To Win Your Network |
|
Gamblin
|
Is it time for another firewall or a security awareness program? |
| 09:00 |
Campbell,
Duckwall
|
“Puff, Puff, Pass: Getting the Most Out of Your Hash” An Intro to Linux Post-Exploitation Fun With Windows Hashes |
Hayes,
Rangarajan
|
Building Security into your Mobile Application |
|
Schearer
|
Flex Your Rights: The Constitution & Political Activism in the Hacker Community |
|
Domas
|
The Future of RE: Dynamic Binary Visualization |
|
Young
|
ISO8583: How to pentest when given a target that is not your “normal” target. |
|
| 09:30 |
Richards
|
Android in the Healthcare Workplace: A Case Study |
| 10:00 |
Harbinger
|
Social Engineering Defense Contractors on LinkedIN & Facebook: Who’s plugged in to your employees? |
int0x80
|
Moar Anti-Forensics – Moar Louise |
|
Smith
|
Penetration Testing from a Hot Tub Time Machine |
|
Eston,
Johnson
|
Social Zombies: Rise of the Mobile Dead |
|
Siegel
|
Nice to Meet You |
|
| 10:30 |
Haywood
|
Introduction to Metasploit Post Exploitation Modules |
| 11:00 |
Long
|
The Evolution of HFC |
Potter
|
Security Epistemology: Beliefs, Truth, and Knowledge in the Infosec Community |
|
Nickerson
|
Tactical Surveillance: Look at me now! |
|
Jezorek,
Sverdlik,
Yerrid
|
It’s Not Your Perimeter, It’s You That Sucks! |
|
Tomes
|
Next Generation Web Reconnaissance |
|
| 11:30 |
Cowen
|
Running a successful Red Team |
| 13:00 |
Fasel
|
Pwned in 60 Seconds, From Network Guest To Windows Domain Admin |
More
|
Pen Testing Security Vendors |
|
Murdock
|
How to create a one man SOC |
|
Heiland
|
Format String Vulnerabilities 101 |
|
Profanick
|
Managed Service Providers: Pwn One and Done |
|
| 13:30 |
Seely
|
CounterSploit! (MSF as a defense platform) |
| 14:00 |
Elkins
|
Simple Security Defense to Thwart an Army of Cyber Ninja Warriors |
Centore,
Gunnoe
|
Building the Next Generation IDS with OSINT |
|
Gardener,
Miller
|
A Fool’s Game: Building an Awareness & Training Program |
|
Huston
|
Information Overload, Future Shock, IBM & The Nature of Modern Crime |
|
Robble,
Thomas
|
Off-Grid Communications with Android: Meshing the Mobile World |
|
| 14:30 |
Cunningham
|
Beyond Strings – Memory Analysis during Incident Response |
| 15:00 |
Atlas
|
RfCat: subghz or bust! |
Haddix
|
Pentesting iOS Applications |
|
Crowley,
Vinecombe
|
Vulnerability Spidey Sense – Demystifying Pen Testing Intuition |
|
Charles
|
Security Vulnerability Assessments – Process and Best Practices |
|
Sevey
|
Ma and Pa Sleep with the Door Unlocked: A Look at Information Security in the Small Business |
|
| 15:30 |
Merdinger
|
Medical Device Security: Current State of the Art |
| 16:00 |
Weidman
|
Introducing the Smartphone Pentest Framework |
Mauch
|
Creating A Powerful User Defense Against Attackers |
|
Husted
|
Everything you wanted to know about Academia (But were too afraid to ask) |
|
Woods
|
So you got yourself an InfoSec Manager job. Great! Now what? |
|
Fritschie,
Khan
|
We go in over the phone lines, pop the firewall, drop in the hydra and wait for the money” and other movie lines that fail. |
|
| 16:30 |
Brown,
Hackett
|
Breaking into Security |
| 17:00 |
Jones
|
The Badmin project: (Na-na-nanana Na-na-nanana BADMIN) |
Hopper
|
Hunting Evil |
|
Sempf
|
What locksport can teach us about security |
|
Howell,
Javadi
|
4140 Ways Your Alarm System Can Fail |
|
| 17:30 |
Hughes
|
Are You HIPAA to the Jive?: How Focus on HIPAA Compliance Over Better Security Practices Hurts Us All |
| 18:00 |
Osborne
|
Physical Drive-By Downloads |
Burks
|
Security Onion: Network Security Monitoring in Minutes |
|
Flores
|
Exploit Development with Ruby – An Intro |
|
DeLaGrange,
Wood
|
SH5ARK ATTACK- taking a byte out of HTML5! |
|
Snoke
|
An Introduction to Reverse Engineering with Ida Pro Free |
|
| 18:30 |
Andress
|
Doxing and Anti-Doxing: Information Reconnaissance for the Stalker and the Stalked |
| 09:00 |
Sullivan
|
Cookie Cadger: Taking Cookie Hijacking To A New Level |
Weeks
|
Ambush – Catching Intruders At Any Point |
|
Marpet
|
Separating Security Intelligence from Security FUD |
|
Todd,
Werby
|
Building Dictionaries and Destroying Hashes Using Amazon EC2 |
|
Cooper
|
Why Integgroll sucks at Python, and you can too! |
|
| 09:30 |
Anderson
|
Active Directory Reconnaissance, Attacks, and Post-Exploitation |
| 10:00 |
Asadoorian,
Strand
|
Everything they told me about security was wrong |
Mitnick
|
Ghost in the Wires: The Unbelievable True Story of Kevin Mitnick’s Life as a the World’s Most Wanted Computer Hacker |
|
Mudge
|
Dirty Red Team Tricks II |
|
Schuetz
|
Slow Down, Cowpoke: When Enthusiasm Outpaces Common Sense |
|
Compton
|
Professional Pen Testing and Learning From Your Mistakes |
|
| 10:30 |
Hoffecker
|
Hack Your Way Into A DoD Security Clearance |
| 11:00 |
Beddome
|
The Devil's in the Details: A look at bad SE and how to do better |
Sverdlik
|
You Can't Buy Security. Building an Open Sourced Information Security Program |
|
Neulist
|
Write Your Own Tools With Python! |
|
McGuire
|
Maturing The Penetration Testing Profession |
|
Garlie,
Murrey
|
Easy Passwords = Easy Break-Ins |
|
| 11:30 |
Grecs
|
PHP Website Security, Attack Analysis, & Mitigations |
| 13:00 |
James,
MacDougall
|
Using McAfee Secure/TrustGuard as Attack Tools |
Presson
|
Building a Database Security Program |
|
Jenks
|
Intro to Linux System Hardening, and Applying it to BackTrack Linux |
|
Milam
|
Becoming Mallory – How to Win Creds and Influence Devices |
|
Magniez
|
Alice in Exploit Redirection-land – A trip down the rabbit hole |
|
| 13:30 |
Thomas
|
Appearance Hacking 101: The Art of Everyday Camouflage |
| 14:00 |
Howard
|
Easy Cracking with NetLM Downgrade Attacks |
Tatro
|
Why Isn’t Everyone Pulling Security, This is Combat |
|
Frisvold
|
Taming Skynet : Using the Cloud to Automate Baseline Scanning |
|
Dunning,
Silvers
|
Wielding Katana: A Live Security Suite |
|
Pubal
|
SQL Injection 101 |
|
| 14:30 |
McIntyre
|
How I Learned To Stop Worrying and Love the Smart Meter |
| 15:00 |
Spala,
Tóth
|
Think differently about database hacking |
Douglas
|
Sprinkler: IR |
|
Perry
|
Current Trends in Computer Law |
|
Isham
|
SE me, SE you |
|
| 16:00 | Closing Ceremonies |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.