| 08:00 |
Cheung
|
Introduction to Cryptographic Attacks |
Rajguru
|
Mobile Application Hacking - Master Class |
|
Murphy
|
Intro to Industrial Control System Network Analysis |
|
Forshaw
|
Windows Internals and Local Attack Surface Analysis using Powershell |
|
Randall
|
Network Security Monitoring |
|
| 10:00 |
Christy
|
Cold Case Cyber Investigations: Catfishing Cooper and Other Ops |
| 11:00 |
Daniel
|
The Best of Security BSides Now and Then: Ten Years of Mixes |
Compton
|
Hillbilly Storytime - Pentest Fails |
|
| 11:20 |
Christy
|
Keynote Q&A; and Meet & Greet with Jim Christy |
| 11:30 |
Nickels,
Wunder
|
ATT&CKing; the Status Quo: Improving Threat Intel and Cyber Defense with MITRE ATT&CK; |
Ellis,
Everette,
Friedman,
Merrill
|
Who Wants to Be A Regulator: The IoT Security Game Show |
|
Chalupowski
|
The Chrome Crusader |
|
TBD |
||
Rashid
|
Get on the Eye Level: Tailoring the Security Talk |
|
Hawes
|
101 ways to fail at getting value out of your investments in security analytics, and how not to do that |
|
Carhart
|
Lesley Carhart Kicks Off Hire Ground |
|
Intro Session |
||
| 12:00 |
Devost
|
From Hacker to Serial Entreprenuer |
Resume Review & Career Coaching |
||
| 14:00 |
Kajiloti,
Lechtik
|
SiliVaccine: North Korea's Weapon of Mass Detection |
Kubecka
|
How to Start a Cyber War: Lessons from Brussels -EU Cyber Warfare Exercises |
|
Chang
|
Active Directory Password Blacklisting |
|
Barnard
|
Who Watches the Watchers?: Understanding the Internet's Background Noise |
|
Sanders
|
An Introduction to Machine Learning and Deep Learning |
|
Cox,
Ellis,
Gallagher,
Ragan,
Wagenseil
|
Engaging the Media: Know Your Target |
|
Terp
|
Social engineering at scale, for fun |
|
Wylie
|
Deep Dive into NMAP & Network Scanning |
|
cole
|
Snake Oil & The Security Industry |
|
| 14:30 |
Wieczorek
|
You're Good and You Should Feel Good |
K
|
Implementing the Three Cs of Courtesy, Clarity, and Comprehension to Optimize End User Engagement |
|
| 15:00 |
Barnhart-Magen,
Caltum
|
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition - and frankly, everywhere else |
Cucci,
Medina
|
Red Teaming a Manufacturing Network (Without Crashing It) |
|
Mog
|
Anatomy of NTLMv1/NTLMv1-SSP |
|
Campbell
|
Lessons Learned by the WordPress Security Team |
|
Mager
|
Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note File Classification |
|
White
|
The Long Way Around – from Software Engineering to Cyber Security (How Choosing Wrong Turned out to be Right) |
|
Gallagher,
Ragan,
Thomson,
Wagenseil
|
Engaging the Media: Telling Your Story |
|
Gish-Johnson
|
Building A Teaching / Improvement Focused SOC |
|
Suresh
|
A peek into the cyber security of the aviation Industry. |
|
| 15:30 |
Kashefipour
|
Modern Political Warfare: A Look at Strategy and TTPs |
| 17:00 |
Arvanaghi
|
Attacking Ethereum dApps |
Everette
|
An Encyclopedia of Wiretaps |
|
Shaked
|
Fighting Fraud in the Trenches |
|
Grant
|
Sight beyond sight: Detecting phishing with computer vision. |
|
Friedman,
Grindal,
Wilkerson
|
A Good Day to Die? IoT End of Life |
|
Carey
|
Legendary Defender - The Voltron Analogy |
|
Corman,
Ellis,
Graham,
Nickerson
|
That Buzzword Bingo Rapid Debates Panel Thing |
|
| 17:30 |
Mude
|
Redefining the Hacker |
Neely
|
Not your Grandpa's Password Policy |
|
| 18:00 |
Siman
|
Serverless Infections: Malware Just Found a New Home |
Adams,
Greco,
Matthews
|
You're just complaining because you're guilty: A Guide for Citizens and Hackers to Adversarial Testing of Software Used In the Criminal Justice System |
|
Abrams,
Butler
|
The Effect of Constraints on the Number of Viable Permutations of Passwords |
|
Carlsson,
Harris
|
Catch me, Yes we can! -Pwning Social Engineers using Natural Language Processing Techniques in real-time |
|
Fernandez,
Handley,
Rides
|
What Did We Learn from Today? (Recruiter Panel) |
|
Alli,
Corman,
Radcliffe,
Schwartz
|
Cyber Safety Disclosure |
|
Bryan
|
Vulnerability Management 101: Practical Experience and Recommendations |
|
| 18:30 |
Schwartz
|
What is Agile and how can I use it well? |
| 08:00 |
FORTRAN
|
Evil Mainframe Hacking Mini |
Herrald,
Kovar,
Stoner
|
Advanced APT Hunting with Splunk |
|
Ryan,
Whitehead
|
Advanced Wireless Attacks Against Enterprise Networks |
|
Momot
|
Ham Crams and Exams |
|
| 10:00 |
Wylie
|
Your taxes are being leaked |
Warfield
|
All Your Cloud Are Belong To Us - Hunting Compromise in Azure |
|
Sweet
|
Using Lockpicking to Teach Authentication Concepts |
|
Fitzgerald
|
Not your Mother's Honeypot - Another name for Threat Intel |
|
Yalon
|
(De)Serial Killers |
|
Kumar,
Shankar
|
Another one bites the dust: Failed experiments in infrastructure security analytics and lessons learned from fixing them |
|
Murray
|
The Key to Managing High Performance Security Teams |
|
Elkins
|
Stupid Hacker Tricks: Bridging Airgaps and Breaking Data Diodes |
|
| 10:30 |
Ledoux
|
Building ambassadors to reduce friction, drive change, and get sh*t done |
| 11:00 |
Gianarakis
|
iOS Runtime Hacking Crash Course |
Clausen
|
Security Awareness Training Refresh |
|
Fousekis
|
How I Met Your Password |
|
Rich
|
Applied Quantitative Risk Analysis |
|
Thomas
|
PowerShell Classification: Life, Learning, and Self-Discovery |
|
Limbago
|
Increasing Retention Capacity |
|
| 11:30 |
Moore,
Turner,
Wilkerson
|
Hacking the Public Policy API |
| 12:00 |
Borges,
Levinson
|
Tuning The Warp Drive with Laforge: New Tool for Building Security Competitions |
nielsen
|
Where are the reinforcements? |
|
Bitensky
|
Invoke-NoShell |
|
Powell
|
Can data science deal with PAM? |
|
| 14:00 |
Tariq
|
Securing Robots at Scale |
Brule
|
Who Maed Dis; A beginners guide to malware provenance based on compiler type. |
|
Croley
|
Abusing Password Reuse at Scale: Bcrypt and Beyond |
|
Cole
|
Security and DevOps are really Best Friends |
|
Tani,
Tomonaga
|
Tracking Malicious Logon: Visualize and Analyze Active Directory Event Logs |
|
Klein
|
Fast-track your Hacking Career – Why Take The Slow Lane? |
|
Carmody,
Corman,
Manion,
Millar,
Trimble,
Zuk
|
CVE CVSS NVD OMGWTFBBQ |
|
Rex
|
Cruising the MJ Freeway: Examining a large breach in legal Cannabis |
|
Gupta,
Singh
|
Attack & Defense in AWS Environments |
|
Espósito,
Montoro
|
Endpoint Monitoring with Osquery and Kolide Fleet |
|
Amirrezvani
|
Smart Contracts: Hello World |
|
Momot,
Prophet
|
How A Fortune 500 Company Suppressed Our Research Through Legal Threats |
|
| 14:30 |
Jones,
Renner,
Smith,
Wu
|
Community Career Panel or How to Get More than a TShirt Working at a Con |
Pols
|
Unifying the Kill Chain |
|
| 15:00 |
Gietzen
|
Pacu: Attack and Post-Exploitation in AWS |
Cook
|
LibreSSL - Moving the Ecosystem Forward |
|
Girardeau
|
Deploying WebAuthn at Dropbox Scale: Second Factor and Beyond |
|
Biswas
|
Don't Bring Me Down: Are You Ready for Weaponized Botnets? |
|
Shawgo
|
Decision Analysis Applications in Threat Analysis Frameworks |
|
Forscey,
Hall,
Turner
|
Engaging Policymakers at the State Level |
|
Karimi
|
Incorporating Human Intelligence (HUMINT) into An Information Security Team |
|
Handorf
|
Why Can't We Be Friends? (Get Spotted With A Fed) |
|
| 15:30 |
Marcelli
|
Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era |
Hanlon
|
Disabling Encryption to Access Confidential Data |
|
| 17:00 |
Rodanant,
Theimer,
Wang
|
Overlooked tactics for attacking hardened Active Directory environment |
Gibson
|
Solving for Somebody Else's Problem: Hacking Devs for Better Security |
|
Danielson,
Gurazada
|
Guardians of GitHub |
|
Momot,
Postnikoff
|
Hackademia: The 2018 Literature Review |
|
Cooper,
Rogers,
Sheehy,
Troy,
Woods
|
Transforming Industries for Fun and Safety |
|
Aguilar
|
Bypassing Antivirus Engines using Open Sourced Malleable C2 Software, MSFVenom, Powershell and a bit of Guile |
|
Cardozo,
Galparin,
Opsahl,
Sheard
|
Ask The EFF |
|
| 17:30 |
Biswas
|
Firmware Security 101 |
| 18:00 |
Misgav,
Yavo
|
Turning (Page) Tables - Bypassing advanced kernel mitigations using page tables manipulations |
Minch
|
Watch Out For That Bus! (Personal Disaster Recovery Planning) |
|
Vigo
|
Ransombile, yet another reason to ditch SMS |
|
Manion,
Metcalf
|
Arbitrary Albatross: Neutral Names for Vulnerabilities at Volume |
|
Cavalry is ALL OF US |
||
Lawrence
|
The current state of adversarial machine learning |
|
| 18:30 |
Zahavi-Brunner
|
Treble or Trouble: Where Android's latest security enhancements help, and where they fail |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.