| 08:30 | Opening Ceremonies |
|
| 09:00 |
Moore
|
Scanning Darkly |
| 10:00 |
Skoudis
|
Kinetic Pwnage: Obliterating the Line Between Computers and the Physical World |
| 12:00 |
Tomes
|
Look Ma, No Exploits! – The Recon-ng Framework |
Ellis
|
Cognitive Injection: Reprogramming the Situation-Oriented Human OS |
|
Potter
|
It’s Only a Game: Learning Security through Gaming |
|
Weeks
|
Pigs Don’t Fly – Why owning a typical network is so easy, and how to build a secure one. |
|
Gardner,
Thomas
|
Building An Information Security Awareness Program from Scratch |
|
Kovanic
|
Gen Y—Getting Them to Talk Rather than Text at Work |
|
| 12:30 |
Geftic,
Gragido
|
Battle Scars And Friendly Fire: Threat Research Team War Stories |
| 13:00 |
Heiland
|
Practical Exploitation Using A Malicious Service Set Identifier (SSID) |
Jezorek,
Kuntz
|
IOCAware – Actively Collect Compromise Indicators and Test Your Entire Enterprise |
|
Huston
|
Ooops, Now What? :: The Stolen Data Impact Model (SDIM) |
|
Marcus
|
Finding The Signal in the Noise: Quantifying Advanced Malware |
|
Cortes,
Huffman
|
Malware : testing malware scenarios on your network |
|
Levene,
Nixon
|
Unmasking Miscreants |
|
| 13:30 |
Filson
|
gitDigger: Creating useful wordlists from public GitHub repositories |
| 14:00 |
Grand
|
JTAGulator: Assisted discovery of on-chip debug interfaces |
Eston,
McIntyre
|
Cash is King: Who’s Wearing Your Crown? |
|
Int0x80
|
Anti-Forensics: Memory or something, I forget. |
|
Pesce
|
Applying the 32 Zombieland Rules to IT Security |
|
Moore
|
Password Intelligence Project – Advanced Password Recovery and Modern Mitigation Strategies |
|
Marszalik
|
PowerShell and Windows Throw the Best Shell Parties |
|
| 14:30 |
Davis
|
Owning Computers Without Shell Access |
| 15:00 |
Amit
|
Seeing red in your future? |
Asadoorian
|
Security Sucks, and You’re Wearing A Nursing Bra |
|
Scott
|
The Mysterious Mister Hokum |
|
Baggett
|
Windows 0wn3d By Default |
|
Manning
|
Tizen Security: Hacking the new mobile OS |
|
Sabraoui
|
Sixnet Tools: for poking at Sixnet Things |
|
| 15:30 |
Gamblin
|
Promoting Your Security Program Like A Lobbyist. |
| 16:00 |
Jardine,
Johnson
|
TMI: How to attack SharePoint servers and tools to make it easier |
Fuller,
Gates
|
Windows Attacks: AT is the new black |
|
Jones
|
Appsec Tl;dr |
|
Sobell
|
Android 4.0: Ice Cream “Sudo Make Me a” Sandwich |
|
Byers,
Moore
|
RAWR – Rapid Assessment of Web Resources |
|
Alexander
|
Abusing LFI-RFI for Fun,Profit and Shells |
|
| 16:30 |
Sempf
|
Hardening Windows 8 apps for the Windows Store |
| 17:00 |
reynolds
|
The High Risk of Low Risk Applications |
Simo,
Sonofshirt
|
How Good is Your Phish |
|
Schwartzberg
|
DIY Command & Control For Fun And *No* Profit |
|
Thomas
|
Hiding @ Depth – Exploring & Subverting NAND Flash memory |
|
Rose
|
Decoding Bug Bounty Programs |
|
Anderson
|
Intro to Dynamic Access Control in Windows Server 2012 |
|
| 17:30 |
More
|
Evolutionary Security – Embracing Failure to Attain “Good Enough” |
| 18:00 |
Ten
|
It’s Okay to Touch Yourself |
Hopper
|
Identifying Evil: An introduction to Reverse Engineering Malware and other software |
|
Wilkins
|
IPv6 is here (kind of), what can I do with it? |
|
Renderman
|
Attacking the Next Generation Air Traffic Control System; Hackers, liquor and commercial airliners. |
|
Pitts
|
Patching Windows Executables with the Backdoor Factory |
|
Sammons
|
DIY Forensics: When Incident Response Morphs into Digital Forensics |
|
| 18:30 |
Magniez
|
ANOTHER Log to Analyze – Utilizing DNS to Discover Malware in Your Network |
| 19:00 |
Kottmann,
Steele
|
Collaborative Penetration Testing With Lair |
RazorEQX
|
How Im going to own your organization in just a few days. |
|
Richards
|
Dancing with Dalvik |
|
Ivey
|
Antivirus Evasion through Antigenic Variation (Why the Blacklisting Approach to AV is Broken) |
|
Scott
|
DEF CON Documentary |
| 09:00 |
Elisan
|
Malware Automation |
Campbell,
Duckwall
|
Pass-The-Hash 2: The Admin’s Revenge |
|
Ottenheimer
|
Big Hugs for Big Data |
|
Neulist
|
Hello ASM World: A Painless and Contextual Introduction to x86 Assembly |
|
Farr,
Marcus,
Maresca,
SkyDog
|
Panel: Building and Growing a Hacker Space |
|
McCann
|
Phishing Frenzy: 7 seconds from hook to sinker |
|
| 09:30 |
Popio
|
Electronic Safe Fail: Common Vulnerabilities in Electronic Safes |
| 10:00 |
Spala,
Tóth
|
What’s common in Oracle and Samsung? They tried to think differently about crypto. |
Corman
|
The Cavalry Is Us: Protecting the public good and our profession |
|
Maloney
|
Antivirus Evasion: Lessons Learned |
|
Reynolds
|
SQL injection with sqlmap |
|
Holcomb
|
SO Hopelessly Broken: the implications of pervasive vulnerabilities in SOHO router products. |
|
Brown,
Hibbard,
Sternstein
|
The Good Samaritan Identity Protection Project – www.thegsipp.org |
|
| 10:30 |
Chuvala,
Elze
|
Some defensive ideas from offensive guys. |
| 12:00 |
Weidman
|
Burning the Enterprise with BYOD |
Street
|
Love letters to Frank Abagnale (How do I pwn thee let me count the ways) |
|
DeMott
|
Is Auditing C/C++ Different Nowadays? |
|
Randall,
Stone
|
The Internet of Things: Vulns, Botnets and Detection |
|
Hackett,
Hodeges,
Kennedy,
pr1me
|
Put Me In Coach: How We Got Started In Infosec |
|
Shaw
|
Raising Hacker Kids: For Good or for Awesome |
|
| 13:00 |
Bos,
Milam
|
Getting the goods with smbexec |
Arlen
|
The Message and The Messenger |
|
Kennedy
|
Getting Schooled: Security with no budget in a hostile environment. |
|
Gough,
Robertson
|
The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it! |
|
Magniez
|
Alice Goes Deeper (Down the Rabbit Hole) – Redirection 2.0 |
|
Kirsch
|
Grim Trigger |
|
| 13:30 |
Sánchez
|
Stealth servers need Stealth Packets |
| 14:00 |
Johnson
|
Shattering the Glass: Crafting Post Exploitation Tools with PowerShell |
Nickerson
|
50 Shades of RED: Stories from the “Playroom” |
|
Mudge
|
Browser Pivoting (FU2FA) |
|
Adams
|
Hack the Hustle! |
|
Husted
|
Emergent Vulnerabilities: What ant colonies, schools of fish, and security have in common. |
|
Edmunds
|
A n00bie’s perspective on Pentesting… |
|
| 14:30 |
Bassett
|
My Security is a Graph – Your Arguement is Invalid |
| 15:00 |
Smith
|
Cheat Codez: Level UP Your SE Game |
Schwartau
|
Beyond Information Warfare “You Ain’t Seen Nothing Yet” |
|
Fasel,
Jacobs
|
Taking the BDSM out of PCI-DSS Through Open-Source Solutions |
|
Los
|
Operationalizing Security Intelligence in the Enterprise |
|
Hackett
|
Why Your IT Bytes |
|
Larsen,
Murphy
|
Follow the Foolish Zebras: Finding Threats in Your Logs |
|
| 15:30 |
Murphy
|
Security Training and Research Cloud (STRC) |
| 16:00 |
Bhatt
|
My Experiments with truth: a different route to bug-hunting |
Integgroll
|
Stop Fighting Anti-Virus |
|
Strand
|
Hacking Back, Active Defense and Internet Tough Guys |
|
egypt
|
New Shiny in the Metasploit Framework |
|
Lockrey
|
Using Facial Recognition Software In Digital Forensics And Information Security |
|
Clark
|
Passive Aggressive Defense |
|
| 16:30 |
Gabler
|
So you want to be a pentester? |
| 17:00 |
Wrightson
|
The Art and Science of Hacking Any Organization |
Duckwall,
Peteroy
|
An Encyclpwnia of Persistence |
|
Modell
|
Everything you ever wanted to know on how to start a Credit Union, but were afraid to ask. |
|
O'Connor
|
How to Fight a War Without Actually Starting One |
|
Coggin
|
Digital Energy – BPT |
|
| 17:30 |
Andress
|
An Anti-Forensics Primer |
| 18:00 |
Campbell,
Graeber
|
Living Off the Land: A Minimalist’s Guide to Windows Post-Exploitation |
Long
|
Your Turn! |
|
Sempf
|
A developer’s guide to pentesting |
|
Snoke
|
Crypto-Exploit Exercises: A tool for reinforcing basic topics in Cryptography |
|
Cryer
|
What if Petraeus was a hacker? Email privacy for the rest of us |
|
| 18:30 |
Simo
|
First line of defense |
| 09:00 |
Redman
|
Cracking Corporate Passwords – Exploiting Password Policy Weaknesses |
Axelrod,
Davis
|
How the Grid Will Be Hacked |
|
Allar
|
Practical File Format Fuzzing |
|
Caceres
|
Steal All of the Databases. |
|
| 10:00 |
Cano
|
Ownage From Userland: Process Puppeteering |
Douglas
|
help for the helpdesk |
|
Payne
|
Surviving the Dead |
|
Gupta
|
After SS7 its LTE |
|
| 12:00 |
Salgado
|
‘) UNION SELECT `This_Talk` AS (‘New Exploitation and Obfuscation Techniques’)%00 |
Buentello
|
Weaponizing your Coffee Pot |
|
Bong
|
How can I do that? Intro to hardware hacking with an RFID badge reader |
|
Kashyap
|
Sandboxes from a pen tester’s view |
|
| 13:00 |
Kulesza,
Sonya
|
Exploiting_the_Zeroth_Hour(); Developing your Advanced Persistent Threat to Pwn the Network |
MacDougall
|
Practical OSINT |
|
Watters
|
A SysCall to ARMs |
|
Paul
|
iOS.reverse #=> iPwn Apps |
|
| 14:00 |
Santana
|
Phishing Like The Pros |
Nichelson
|
Stop making excuses; it’s time to own your HIV (High Impact Vulnerabilities) |
|
Schipp
|
The Netsniff-NG Toolkit |
|
Booth
|
Terminal Cornucopia |
|
| 15:00 |
Schuetz
|
Raspberry Pi, Media Centers, and AppleTV |
Callaway
|
Uncloaking IP Addresses on IRC |
|
Gold
|
Why Dumpster Dive when I can pwn right in? |
|
Bransfield
|
Wait; How is All This Stuff Free?!? |
|
| 16:00 | Closing Ceremonies |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.