| 08:30 |
Albright,
Trost
|
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools |
Soullié
|
Pentesting PLCs 101 |
|
| 10:00 |
Graham,
Nather
|
(Un)Keynote: INCITE CLUB: WendyLady vs. ErrataRob or, “Fly THIS Sideways!” |
| 11:00 |
Bitton,
Yavo
|
Injection on Steroids: Code-less Code Injections and 0-Day Techniques |
Ellis
|
Barely Legal: the Hacker’s Guide to Cybersecurity Legislation |
|
Bassett
|
Verum - How Skynet Started as a Context Graph |
|
Smith
|
Practical Application Whitelisting Evasion |
|
Thorsheim
|
A Security/Usability Review of Wordpress 2FA Plugins |
|
St. Vincent
|
Speaking Metrics to Executives |
|
Foss
|
Underground Wi-Fi Hacking for Web Pentesters |
|
Corman,
Percoco
|
I Am The Cavalry Track Introduction and Overview |
|
| 11:30 |
Rioux,
Wysopal
|
The story of L0phtCrack |
Johnson
|
Dropping hell0days: Business Interaction for Security Professionals - Or Anyone Else |
|
Elazari
|
Hack the Future |
|
| 12:00 |
Butterick,
Ishiguro,
Nelson,
Wasti
|
Getting the data out using social media |
Sancho
|
When steganography stops being cool |
|
Pustell
|
Practice Safe Cyber: The Miseducation of American Students on Internet Safety |
|
Nickerson
|
Leading in a "Do"-ocracy |
|
| 14:00 |
Fawaz,
Rogers,
Rogers
|
An introduction of the Kobra, a client for the Badger version 2.0, providing tactical situational awareness, physical tampering protection, and automatic process mitigation |
Steele
|
Pentesting with Docker |
|
Bowne
|
Violent Python |
|
Chapman
|
Exploit Kit Shenanigans: They’re Cheeky! |
|
Schwartau
|
Analogue Network Security |
|
Herley
|
Pushing on String: Adventures in the 'Don't Care' Regions of Password Strength |
|
Young
|
The Internet of ... Mainframes?! WTF? |
|
Jernigan,
Sorensen
|
Check That Certificate |
|
Healey
|
#radBIOS: Wireless networking with audio |
|
Erven,
Woods
|
State of Medical Device Cyber Safety |
|
| 14:30 |
Vandenaweele
|
The Journey To ICS |
Erven,
Woods
|
How can we ensure safer Medical Devices? |
|
| 15:00 |
Leibowitz
|
NSA Playset: Bridging the Airgap without Radios |
Friedman
|
Don’t hate the Disclosure, Hate the Vulnerability: How the government is bringing researchers and vendors together to talk vulnerability disclosure. |
|
Corpron,
Redman
|
What would fix passwords? Some weekly password audits. Pretty graphs to prove it! (A Haiku) |
|
Baggett,
Douglas
|
What's New Pussycat: Recent Improvements to Powercat |
|
Gershman
|
Catching Linux Post-Exploitation with Auditd |
|
Sweet
|
I Amateur Radio (And So Can You!) |
|
| 15:30 |
Cuthbert,
Heinrich
|
Breachego |
Louden
|
Adding +10 Security to Your Scrum Agile Environment |
|
| 16:00 |
Handorf,
Handorf (II),
Handorf (III)
|
How to WCTF |
| 17:00 |
Rodzon
|
How Portal Can Change Your Security Forever |
Bratus,
Torrey
|
Crema: A LangSec-inspired Language |
|
Sweet
|
Hacking Our Way Into Hacking |
|
Løge
|
Tell Me Who You Are, and I Will Tell You Your Lock Pattern |
|
koivisto
|
Fight back – raising awareness @infosec |
|
Corman,
Smith
|
State of Automotive Cyber Safety |
|
| 17:30 |
Novella
|
Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers |
Kartsioukas
|
What the heck is this radio stuff, anyway? |
|
Corman,
Nickerson
|
How can we ensure safer Automobiles? |
|
| 18:00 |
Merrill
|
Your Electronic Device, Please: Understanding the Border Search Exception & Electronic Devices |
Biasini
|
Angler Lurking in the Domain Shadows |
|
Chio
|
Making & Breaking Machine Learning Anomaly Detectors in Real Life |
|
Egan
|
Poppin' (Digital) Locks |
|
Corman,
Daniel,
McKeay,
p0lr,
Sumner,
Thomas
|
Stress, Burnout, Rinse, Repeat |
|
Davison
|
SIEMple technology |
|
| 18:30 |
Dulkin
|
Privileges in the Real World: Securing Password Management |
Pidawekar
|
How I learnt hacking in highschool |
| 08:30 |
Kochkov,
Morin
|
Radare2 an open source reverse engineering framework |
Koniaris
|
You Hack, We Capture: Attack Analysis with Honeypots |
|
| 10:00 |
Ballenthin,
Graeber,
Teodorescu
|
WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis |
Gritzo
|
A hackers guide to using the YubiKey - how to add inexpensive 2-factor authentication to your next project. |
|
Pevzner,
Reich
|
Have I seen you before? |
|
Fenton
|
Security Questions Considered Harmful |
|
Gandrud,
Wass
|
All You Need Is One: A ClickOnce Love Story |
|
Tazz
|
ZOMG It's OSINT Heaven! |
|
Marpet
|
Introduction to the Career Track |
|
| 10:10 |
Woods
|
Being the Paid Expert in the Room: Consulting for a Company or On Your Own |
| 10:30 |
Špaček
|
I Forgot My Password |
Clemenko
|
Classic Misdirection: Social Engineering to Counter Surveillance |
|
Kinne,
Kitchen
|
WiFi Pineapple: Winning the WiFi Battlefield |
|
Pogue
|
It’s All Geek to Me |
|
| 10:50 |
McClintock
|
Securing the Everything Store: Challenges, Opportunities and Rewards |
| 11:00 |
Chapman,
Schwartz
|
TAPIOCA (TAPIOCA Automated Processing for IOC Analysis) |
Schwartzberg
|
Haking the Next Generation |
|
Roytman
|
Who Watches the Watchers? Metrics for Security Strategy |
|
Paquet
|
Harvesting Passwords from Source Code, Scripts, and Code Repositories |
|
Soto,
Wahle
|
Bio-Hacking: Implantable chip attack vector |
|
Compton,
Gershman
|
Phishing: Going from Recon to Credentials |
|
| 11:10 |
McDonald
|
Did you make a difference today? |
| 11:30 |
LeSueur
|
Social Media in Incident Response Program |
Ossmann
|
Better Spectrum Monitoring with Software Defined Radio |
|
| 12:00 |
Mitsunari,
Takesako
|
Backdooring MS Office documents with secret master keys |
Hess
|
Advancing Internet Security Research with Big Data and Graph Databases |
|
Segreti,
Ur
|
Towards Standardizing Comparisons of Password Guessability |
|
Kmetz
|
Cats and Mice - Ever evolving attackers and other game changerse |
|
| 14:00 |
Schroeder,
Warner
|
Building an Empire with PowerShell |
Quix0te
|
Yes, you too can perform daring acts of Live Acquisition. |
|
Bird,
Shagla-McKotch
|
Intro to Data Science for Security |
|
Bowne
|
Android App Security Auditing |
|
Helming
|
Open Up A Can of OSINT On 'Em |
|
Zaverucha
|
Stronger Password-Based Encryption Using I/O Hardness |
|
Crowder
|
Fishing To Phishing - It’s all about slimy creatures. |
|
Wharton
|
FAA, FTC, FCC - FU: How Three F'ing Agencies are Shaping Info Sec |
|
Ramachandran
|
Wi-Door - Bind/Rev Shells for your Wi-Fi |
|
Seeber
|
All Your RFz Are Belong to Me - Software Defined Radio Exploits |
|
Marpet
|
Welcome back, Emcee sets tone for the afternoon |
|
| 14:15 |
Rides
|
Interview Role Play |
| 14:30 |
Thomas
|
Auth for Encrypted Services with Server Side APT |
Miller
|
+10 Knowledge: Sharing What You Learn For the Benefit of the Everyman. |
|
| 15:00 |
Tyers
|
For love of country: 15 years of Security Clearance Decisions |
Purviance
|
Insider Tricks for Bug Bounty Success |
|
Spilman
|
Blind Hashing |
|
Althouse
|
Maximizing Bro Detection |
|
Boone
|
Software-Defined Radio Signal Processing with a $5 Microcontroller. |
|
| 15:15 |
Brezinski
|
Security Engineering At Amazon |
| 15:30 |
Birr-Pixton
|
PBKDF2: Performance Matters |
Czub
|
Embedding Web Apps in MITMProxy Scripts |
|
| 16:15 |
Henry
|
Sue the Fed, Hack your FBI File |
| 16:20 |
Marpet
|
Life at a Startup, Tales From the Trenches: The Good, the Bad and the Ugly |
| 16:40 |
Brand
|
It’s Not Just Your Answer: Hacking Tech Interviews |
| 17:00 |
Latter
|
Remote Access, the APT |
Zupo
|
Rethink, Repurpose, Reuse... Rain Hell |
|
Thomas
|
No More Fudge Factors and Made-up Shit: Performance Numbers That Mean Something |
|
Hintz
|
Password Alert by Google |
|
Amit
|
Actionable Threat Intelligence: ISIS, SuperBall, SuperFish, and your less magical 8-ball |
|
Biswas
|
What Lurks in the Shadow |
|
Pilkington
|
Infosec careers, myth vs. reality |
|
| 17:20 |
Duren,
Sheridan
|
Some things you just can’t find on Google. |
| 17:30 |
Burnett
|
No More Graphical Passwords |
Lee
|
Out of Denial: A 12-Step Program for Recovering Admins |
|
| 17:40 |
UcedaVelez
|
Longevity in InfoSec – Turning Passion into Expertise & Respect |
| 18:00 |
Asadoorian,
Curran
|
Crash The IoT Train Yourself: Intentionally Vulnerable WRT (IV-WRT) |
Sanabria
|
Why does InfoSec play bass? And other observations about hacker culture. |
|
Mitchell
|
AI and CND - implications for security in the era of Artificial Intelligence |
|
Marshall
|
How Secure Are Multi-Word Random Passphrases? |
|
Cardozo,
Kayyali,
Opsahl
|
Ask the EFF |
|
Lininger
|
Why We Can't Have Nice Things: Original Research on Conflict Resolution Styles in Information Security & Risk Management |
|
Allen
|
Common Mistakes that Engineers make while Interviewing in a “Hot” market |
|
| 18:30 |
Pirrwitz,
Vantaggiato
|
Are You Sure That You Still Need Passwords? |
Jakubowski
|
Serial Box - Primer for dealing with Serial and JTAG for basic hardware hacking |
|
| 19:00 |
Marpet
|
Closing remarks and thanks from our Emcee |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.