| 00:00 |
Roberts
|
Security Hopscotch |
Webb
|
HardenedBSD Internals |
|
| 08:30 | Welcome to the Family - Intro |
|
| 09:00 |
Harbinger
|
People Buy You |
| 10:00 |
Johnson,
Kennedy,
Moussouris,
Nickerson,
Skoudis,
Strand
|
Keynote Panel - Information Security Today and in the Future |
| 12:00 |
Domas
|
The M/o/Vfuscator - Turning ‘Mov’ into a Soul-crushing RE Nightmare |
Maresca
|
APT Cyber Cloud of the Internet of Things |
|
Holmes
|
When A Powerful Platform Benefits Both Attackers and Defenders: Secure Enhancements to Scripting Hosts in Windows 10 |
|
Viss
|
How Not to Infosec |
|
Berlin
|
Shooting Phish in a Barrel and Other Fish Related Puns |
|
| 12:30 |
Alexander
|
Don’t Laugh - I Dare You! |
| 13:00 |
Scott
|
And You Shall Know Me By My Trail of Documentation |
Brotherston
|
Stealthier Attacks and Smarter Defending with TLS Fingerprinting |
|
Gough
|
A Deep Look into a Chinese Advanced Attack - Michael Gough |
|
Hopper
|
Python for InfoSec |
|
Drapala
|
Marketers are Friends - Not Food |
|
| 13:30 |
Block
|
Blue Team Starter Kit |
| 14:00 |
DeMott,
Wojtczuk
|
Gadgets Zoo: Bypassing Control Flow Guard in Windows 10 |
Foss
|
Honeypots for Active Defense |
|
Ten,
Wu
|
Pavlovian Security: How to Change the Way Your Users Respond When the Bell Rings |
|
Kuntz
|
Dog the Freaking (OSINT) Bounty Hunter - Helping Law Enforcement Catch Criminals For (Mostly) Fun - And (Probably No) Profit |
|
Voloch
|
Simplified SIEM Use Case Management |
|
| 14:30 |
Burbage
|
Bypassing 2Factor Auth with Android Trojans |
| 15:00 |
Delpy,
Duckwall,
Metcalf
|
Red vs. Blue: Modern Active Directory Attacks & Defense |
Beddome
|
Manufactorum Terminatus - The Attack and Defense of Industrial Manufacturers |
|
Man
|
The State of Information Security Today |
|
Perry
|
Current Trends in Computer Law |
|
McEvoy
|
Putting the Management into Vulnerability Management (or - YOU’VE GOT BEARS!!!) |
|
| 15:30 |
Shetty
|
Moving Target Defense - Learning from Hackers |
| 16:00 |
Beardsley,
Cook,
Lee,
Maloney
|
Metasploit Town Hall |
Cordle,
Gardner
|
High Stake Target: Lo-Tech Attack |
|
Ortega,
Wu
|
Learning Through Mentorship |
|
Herraiz,
Whitehead
|
Spanking the Monkey (or How Pentesters Can Do It Better!) |
|
Lochner,
Rogers
|
Malfunction’s Functions : Automated Static Malware Analysis Using Function Level Signatures |
|
| 16:30 |
Brockway
|
We Owe You Nothing |
| 17:00 |
Wayne
|
Red Teaming Enemy of the State |
Perez
|
Operating in the Shadows |
|
Schearer
|
The Law of Drones |
|
Ajnachakra
|
On Defending Against Doxxing |
|
Menerick
|
Backdooring Git |
|
| 17:30 |
Saunders
|
Detecting Phishing Attacks with DNS Reconnaissance |
| 18:00 |
Finisterre
|
$helling Out (Getting Root) on a ‘Smart Drone’ |
Wharton
|
Getting Started with PowerShell |
|
McNeil,
Owen
|
The Phony Pony: Phreaks Blazed The Way |
|
McIntyre
|
Practical Windows Kernel Exploitation |
|
White
|
Hacking Web Apps |
|
| 18:30 |
Vann
|
Sticky Honey Pots |
| 19:00 |
Compton,
Gershman
|
Phishing: Going from Recon to Creds |
Smith,
Stone
|
HackerQue |
|
Coggin
|
Hijacking Label Switched Networks in the Cloud |
|
Leeth
|
Top Ten is Old Skool - Meet the New Age of AppSec |
|
| 19:30 |
Herman
|
Cryptography and You |
| 09:00 |
Schwartz
|
Pwning People Personally |
Tomes
|
OSINT for AppSec: Recon-ng and Beyond |
|
Branch,
McLaughlin
|
Mobile Application Reverse Engineering: Under the Hood |
|
Miller
|
Hacking for Homeschoolers |
|
Schwalm
|
Stacking the Virtual Deck: Attacks by Predicting RNGs |
|
| 09:30 |
Aldrich,
Holland
|
Homebrewing for Hackers |
| 10:00 |
Drake
|
Stagefright: Scary Code in the Heart of Android |
Brown
|
Hacking Virtual Appliances |
|
Banks,
Furham,
Strand,
Thyer
|
Introducing the RITA VM: Hunting for Bad Guys on Your Network For Free with Math. |
|
Karmic,
Rabczak
|
Going AUTH the Rails on a Crazy Train |
|
Fuller,
Ramsey
|
Stealthy and Persistent Back Door for Z- Wave Gateways |
|
| 10:30 |
Pyorre
|
Building a Better Honeypot Network |
| 12:00 |
Hadnagy
|
Dec0ding Humans Live |
Schipp
|
ISLET: An Attempt to Improve Linux-based Software Training |
|
Street
|
Breaking in Bad (I’m The One Who Doesn’t Knock) |
|
Halfpap
|
Bugspray - The 802.15.4 Attack Surface |
|
Scheurer
|
Surveillance Using Spare Stuff |
|
| 12:30 |
Caudill
|
Crypto 101: An Intro to Real-World Crypto |
| 13:00 |
Ten
|
Gray Hat PowerShell |
Paul
|
CyberSecurity Alphabets - Hacker Edition |
|
Sempf
|
Developers: Care and Feeding |
|
Ramirez
|
Unbillable: Exploiting Android in App Purchases |
|
Stone
|
Practical Attacks Against Multifactor |
|
| 13:30 |
Schwartzberg
|
Hacking the Next Generation |
| 14:00 |
Ballenthin,
Graeber,
Teodorescu
|
WhyMI so Sexy? WMI Attacks - Real-Time Defense - and Advanced Forensic Analysis |
Los
|
Losing Battles - Winning Wars - Active Defense Rebooted |
|
Evans
|
Fingerprinting the Modern Digital Footprint |
|
Brooks,
Bryant
|
Bypass Surgery: Abusing Content Delivery Networks With Server-Side-Request Forgery (SSRF), Flash, and DNS |
|
Segal
|
The Human Interface Device Attack Vector: Research and Development |
|
| 14:30 |
Halfpop
|
A Survey of Powershell Enabled Malware |
| 15:00 |
Paul
|
Hackers vs. Defenders: Can the Defender Ever Stop Playing Catch Up and Win? |
Amit,
Hutton
|
Social Media Risk Metrics. When OMGWTFBBQ Meets Risk Algorithms. |
|
Potter
|
Surviving Your Startup |
|
Thompson
|
Dynamic Analysis of Flash Files |
|
Berner,
Lang
|
Tool Drop: Free as in Beer |
|
| 15:30 |
Foss,
Hegal
|
Tactical Diversion-Driven Defense |
| 16:00 |
Collao,
Erven
|
Medical Devices: Pwnage and Honeypots |
Montgomery,
Sevey
|
Building a Brain for Infosec |
|
Nickerson
|
Started from the bottom, now I’m here?: How to ruin your life by getting everything you ever wanted |
|
Cano,
Kotov
|
Attacking Packing: Captain Hook Beats Down on Peter Packer |
|
David
|
Windows 10 Defense in Depth |
|
| 16:30 |
Smith
|
Latest Tools in Automotive Hacking |
| 17:00 |
Lee
|
State of the Metasploit Framework |
Porter
|
How to Build Your Own Covert SIGINT Vehicle |
|
Berthaume
|
Using Windows diagnostics for system compromise |
|
Long,
Wanjala
|
HFC Update |
|
Yost
|
Ansible. And Why it Works for Me. |
|
| 17:30 |
Rikansrud
|
Learning Mainframe Hacking: Where the Hell Did All My Free Time Go? |
| 18:00 |
Weeks
|
Credential Assessment: Mapping Privilege Escalation at Scale |
Dorsey
|
InfoSec Big Picture and Some Quick Wins |
|
Simmons
|
HARdy HAR HAR HAR: HAR File Collection and Analysis for Malware |
|
Wilson
|
Intercepting USB Traffic for Attack and Defense |
|
| 18:30 |
Veach
|
Geeks Need Basements! |
| 19:00 |
Preston
|
Intro to x86 |
| 19:30 |
Banks,
Henmi
|
Spy Vs. Spy: How to Use Breakable Dependencies to Your Advantage |
| 09:00 |
Bong,
Vieau
|
Is That a Router in Your Pocket or Are You Trying to P0wn Me? |
McCabe
|
TBD |
|
Rangarajan,
Tobin
|
How I Stopped Worrying and Learned to Love InfraOps |
|
Gabler
|
PHaaS - Phishing as a Service |
|
Healey
|
Voltron: Defender of Your Inferiors |
|
| 09:30 |
Wartell
|
Malware is Hard. Let’s Go Shopping! |
| 10:00 |
Sullivan
|
The Little-Known Horrors of Web Application Session Management |
Leece,
Leece
|
DNS Miner - A Semi-Automatic Incident Response and Threat Intelligence Tool for Small - Over Worked Security Teams |
|
Douglas,
Murdock
|
Blue Team Army - It’s *Your* Network - Defend It! |
|
Robinson
|
Circles & Boxes - Drawing SecArch into Your Program |
|
Kennedy
|
The Pentesters Framework |
|
| 10:30 |
Lager
|
Hack My Derby |
| 11:00 |
Schultz
|
Practical Hardware Attacks Against Soho Routers & the Internet of Things |
Bos,
Milam
|
Invasion of the Hash Snatchers |
|
Wedaa
|
LongTail SSH Attack Analysis |
|
Pitchford
|
Disecting Wassenaar |
|
| 12:30 |
Schladt
|
Stretching the Sandbox with Malware Feature Vectors |
Pesce
|
My Password Cracking Brings All the Hashes to the Yard. |
|
Werby
|
Hunting Unicorns and Jerks - Irrational, Defensible, or Necessary? |
|
Bong,
Vieau
|
Five Hardware Hacking Projects Under $30 |
|
| 13:30 |
O’Gorman
|
Gnuradio Demystifying RF Black Magic |
Sharpe
|
Intrusion Hunting for the Masses - A Practical Guide |
|
Ramgattie
|
The Problems with JNI Obfuscation in the Android Operating System |
|
Heywood
|
Confessions of a Crypto Cluster Operator |
|
| 14:30 | Closing Ceremonies |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.