| 14:00 | Opening Remarks, Rumblings, Ruminations, and Rants |
|
| 15:30 |
Livingston
|
Moose v. Woodchuck |
| 16:00 |
Teplov
|
Reverse Engineering Apple’s BLE Continuity Protocol for Tracking, OS Fingerprinting, and Behavioral Profiling |
| 16:30 |
Gellis
|
Think of the Kitten: The Truth About Section 230, the Law All the Cute Online Cat Pictures (And a Lot of Other Good Stuff) Depends On |
| 17:00 |
Leitschuh
|
Zoom 0-Day: How Not to Handle a Vulnerability Report |
| 17:30 |
Robinson
|
What if We Had TLS for Phone Numbers? An Introduction to SHAKEN/STIR |
| 18:00 |
Postnikoff
|
Robots and Privacy |
| 19:00 | Firetalks Opening |
|
| 19:10 |
McHale
|
Cybersecurity Clubs and You |
| 19:30 |
Trobbiani
|
Flipping Bits on NSRL |
| 19:50 |
Giglio
|
Using Abusing the Freedom of Information Act |
| 20:10 |
Ventura
|
Using Android WebViews to Steal All the Files |
| 20:30 |
Iversen,
Wheeler
|
Do Unto Others: A Red Team Ethical Framework for Offensive Rules Of Engagement |
| 20:50 |
Troutman
|
DNS New World Order: QuadX! DoH! DoT! Da Fuq? |
| 10:00 |
Lyne,
Miles
|
Extracting an ELF From an ESP32 |
Allen,
Benge
|
Battling Supermutants in the Phishing Wasteland |
|
Jover
|
5G Protocol Vulnerabilities and Exploits |
|
| 10:30 | LABS: Networking / Core Services |
|
| 10:45 | LABS: Vulnerability Management |
|
| 11:00 |
Franken
|
Adventures in Hardware Hacking or Building Expensive Tools on a Budget |
Manning
|
Command and KubeCTL: Real-World Kubernetes Security for Pentesters |
|
Bailey,
Ellis,
Leiserson,
Opsahl
|
The Hacker’s Guide to Cybersecurity Policy in 2020 |
|
| 11:30 | LABS: Network Security |
|
| 11:45 | LABS: Infrastructure / Visualization |
|
| 12:00 |
Lambert
|
Whitelisting LD_PRELOAD for Fun and No Profit |
Stella
|
Airplane Mode: Cybersecurity @ 30,000+ Feet |
|
Malekos Smith
|
The Cyberlous Mrs. Maisel: A Comedic (and slightly terrifying) Introduction to Information Warfare |
|
| 13:00 | Amateur Radio Exams |
|
| 14:00 |
Garrett
|
Privacy Scores for iOS Apps |
Everette
|
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Review Process From the Ground Up |
|
Smith
|
Choose Your Own Adventure: Ransomware Response! |
|
| 15:00 |
Pahle
|
Chip Decapping on a Budget |
Mosely,
Mosley
|
Teen Hacks for Obfuscating Identity on Social Media |
|
Pyle
|
Cisco SMB Products — Critical Vulnerablities / 0-day Release |
|
| 15:30 |
Ralls
|
Banjo: An Android Disassembler for Binary Ninja |
Gomez
|
Software Mitigations for Hardware Vulnerabilities |
|
Nickels
|
Resistance Isn’t Futile: A Practical Approach to Prioritizing Defenses with Threat Modeling |
|
LABS: Log Collection / Aggregation |
||
| 15:45 | LABS: Security Operations Center |
|
| 16:00 |
Kamdjou
|
Voight-Kampff for Email Addresses: Quantifying Email Address Reputation to Identify Spear-Phishing and Fraud |
Audie,
Corman
|
SBOM: Screw it, We’ll Do it Live! |
|
Pahi,
Wharton
|
Face/Off: Action Plan for Perils & Privileges of Facial Recognition |
|
| 16:30 |
Tzvetanov
|
Security Researcher OPSEC |
Baker
|
Using OSINT for Human Rights and Victim Support |
|
LABS: Threat Hunting / Log Correlation |
||
| 16:45 | LABS: Wireless Network |
|
| 17:00 |
The Shmoo Group
|
0wn the Con |
Gilbert
|
Anti-Forensics for Fun and Privacy |
|
Beardsley,
Cable,
Dowsett,
Ellis,
Koran
|
Hacking Democracy: On Securing an Election |
| 10:00 |
Handorf
|
A Wireless Journeyman’s Experience in Practical SIGINT |
Olsen
|
Adversary Detection Pipelines: Finally Making Your Threat Intel Useful |
|
Budington,
Opsahl
|
Crossing the Border With Your Electronic Devices |
|
| 11:00 |
Griffin
|
Knowing the UnFuzzed and Finding Bugs with Coverage Analysis |
Loveless
|
Real World Zero Trust Implementation |
|
Sanders
|
Playing the Short Game: The Effects of Data Breaches on Share Prices |
|
| 12:00 |
Liszewski
|
The Verilog to Verilog Decompiler |
Protzenko,
Swamy
|
Project Everest: Fast, Correct, and Secure Software for Deployment Now! |
|
Yacko, Wacko, and Dot
|
Hack the Stars |
|
| 13:00 |
Beetle,
Blaze,
Potter,
Todt
|
Between Two Moose |
| 14:00 | Closing Remarks |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.