| 10:00 |
Cranor,
Kaiser
|
Opening Keynote Pt. I & II |
| 11:00 |
Robertson
|
Managing Security with the OWASP Assimilation Project. |
Bailey,
Beardsley,
Cardozo,
Ellis,
Goodwin
|
Shall We Play A Game? 30 Years of the CFAA |
|
Westin
|
Data Science or Data Pseudo-Science? Applying Data Science Concepts to Infosec without a PhD |
|
Daniel
|
Hire Ground - Opening Remarks |
|
Corman
|
IATC Introduction and Overview |
|
Fenton
|
Toward Better Password Requirements |
|
Webb
|
Network Access Control: The Company-Wide Team Building Exercise That Only You Know About |
|
Man
|
What Snowden and I Have in Common - Reflections of an ex-NSA Hacker |
|
| 11:30 |
Elazari
|
Calling All Hacker Heroes: Go Above And Beyond |
Kulm
|
Intro to Storage Security, Looking Past the Server |
|
| 11:45 |
Mosmans,
Rieback
|
Are You A PenTexter? Open-Sourcing Pentest Reporting and Automation. |
| 12:00 |
Anderson
|
Deep Adversarial Architectures for Detecting (and Generating) Maliciousness |
Cranor
|
Navigating Different Career Paths in Security |
|
I Am The Cavalry,
McNeil
|
Panel: Progress On Cyber Safety |
|
Aumasson
|
What's Up Argon2? The Password Hashing Winner A Year Later |
|
Johnson
|
Automation of Penetration Testing and the future |
|
| 14:00 |
Valtman,
Watson
|
Breaking the Payment Points of Interaction (POI) |
Cardella
|
Welcome to The World of Yesterday, Tomorrow! |
|
Morris
|
Flaying out the Blockchain Ledger for Fun, Profit, and Hip Hop |
|
Brand
|
Hacking Tech Interviews |
|
Craig,
Ellis,
I Am The Cavalry
|
Cyber Safety And Public Policy |
|
Reinhold
|
Rock Salt: A Method for Securely Storing and Utilizing Password Validation Data |
|
Dewey
|
Cruise Line Security Assessment OR Hacking the High Seas |
|
Candlish,
Teutenberg
|
Active Incident Response |
|
| 14:30 |
Everette
|
Security Vulnerabilities, the Current State of Consumer Protection Law, & how IOT Might Change It |
| 15:00 |
Gautam,
Moneger
|
Beyond the Tip of the IceBerg -- Fuzzing Binary Protocol for Deeper Code Coverage. |
Chapman
|
Exposing the Angler EK: All the Naughty Bits |
|
Connell,
Peters
|
Defeating Machine Learning: Systemic Deficiencies for Detecting Malware |
|
Dameff,
Morgan,
Radcliffe,
Schwartz,
Woods
|
State Of Healthcare Cyber Safety |
|
Goldberg,
Haugh
|
What we've learned with Two-Secret Key Derivation |
|
Carson
|
How to Get and Maintain your Compliance without ticking everyone off |
|
Matwyshyn
|
Generation C: "Hacker" Kids and the Innovation Nation |
|
| 15:30 |
Duren,
Security,
Sheridan
|
#recruiterfail vs #candidatefail |
| 16:00 |
Corman,
I Am The Cavalry
|
State Of Automotive Cyber Safety |
| 17:00 |
Barak
|
Operation Escalation: How Commodity Programs Are Evolving Into Advanced Threats |
Lackey
|
How to travel to high-risk destinations as safely as possible |
|
Breuer
|
Why it's all snake oil - and that may be ok |
|
Malik
|
How to Become "The" Security Pro |
|
Hayes
|
I Love myBFF (Brute Force Framework) |
|
DeWeese
|
Pushing Security from the Outside |
|
Shelmire,
Trost
|
An Adversarial View of SaaS Malware Sandboxes |
|
| 17:30 |
Johnson
|
Evaluating a password manager |
Nitterauer
|
DNS Hardening - Proactive Network Security Using F5 iRules and Open Source Analysis Tools |
|
| 18:00 |
Brandt
|
Ingress Egress: The emerging threats posed by augmented reality gaming. |
Kokos,
Soullie
|
DYODE: Do Your Own DiodE for Industrial Control Systems. |
|
Powell
|
How to make sure your data science isn’t vulnerable to attack |
|
Burnett
|
Why does everyone want to kill my passwords? |
|
McDudefella,
Mortman,
Ortega,
Tottenkoph
|
CFPs 101 |
|
A Peek Behind Vegas Surveillance |
||
| 18:30 |
Griesbach
|
How to Stand Out to Talent Acquisition |
| 10:00 |
Fussell,
Stone
|
Hunting high-value targets in corporate networks. |
Sendor
|
Don't Repeat Yourself: Automating Malware Incident Response for Fun and Profit |
|
Ottenheimer
|
Ground Truth Keynote: Great Disasters of Machine Learning |
|
Murray
|
Hacking Is Easy, Hiring Is Hard: Managing Security People |
|
Corman,
Woods
|
IATC Day 2: Introduction and Overview |
|
Kawa,
Porter
|
Crafting tailored wordlists with Wordsmith |
|
DiValentin
|
Mapping the Human Attack Surface |
|
Ask The EFF |
||
| 10:30 |
Corman,
I Am The Cavalry,
Woods
|
Uncomfortable Truths |
Copeland
|
A Noobs Intro Into Biohacking, Grinding, DIY Body Augmentation |
|
| 10:35 |
Soto,
Zadeh
|
No Silver Bullet. Multi contextual threat detection via Machine Learning. |
| 10:45 |
Gerritz
|
Powershell-Fu – Hunting on the Endpoint |
| 11:00 |
Craig,
Ellis,
Friedman
|
Survey says… Making progress in the Vulnerability Disclosure Debate |
Caudill
|
Making Password Meters Great Again |
|
Burkett
|
Stop the Insanity and Improve Humanity: UX for the Win |
|
| 11:30 |
Rand
|
Domains of Grays. |
Amazon,
Darrow,
McClintock
|
Owning Your Career on a Daily Basis |
|
Cunningham
|
There is no security without privacy |
|
Russ
|
Why Can't We Be Friends? |
|
| 11:35 |
Seymour
|
Labeling the VirusShare Corpus: Lessons Learned |
| 12:00 |
Takaoka,
VerSprite
|
Improving Your Personal Value Proposition to Take that Next Step in Your Career |
Marshall
|
Proactive Password Leak Processing |
|
Spaling
|
You Don't See Me - Abusing Whitelists to Hide and Run Malware |
|
| 14:00 |
Robbins,
Schroeder,
Vazarkar
|
Six Degrees of Domain Admin - Using BloodHound to Automate Active Directory Domain Privilege Escalation Analysis |
Dahn,
Daniel,
Fischeer,
Klinger,
Mortman,
Southwick
|
The Future of BSides |
|
Thomas
|
Determining Normal: Baselining with Security Log and Event Data |
|
Corman,
I Am The Cavalry,
Woods
|
Uncomfortable Approaches |
|
Weir
|
Modeling Password Creation Habits with Probabilistic Context Free Grammars |
|
Reesalu
|
Automated Dorking for Fun and Pr^wSalary |
|
Biswas
|
How to Rob a Bank – or The SWIFT and Easy Way to Grow Your Online Savings Account |
|
| 14:30 |
fl3uryz
|
Latest evasion techniques in fileless malware |
| 15:00 |
McIntyre
|
Is that a penguin in my Windows? |
Baseggio
|
Hacking Megatouch Bartop Games |
|
Davis,
Rogers
|
CyPSA Cyber Physical Situational Awareness |
|
Brand
|
Hacking Tech Interviews |
|
Herra-Vega,
Nagao
|
Passphrases for Humans: A Cultural Approach to Passphrase Wordlist Generation |
|
Lin
|
PLC for Home Automation and How It Is as Hackable as a Honeypot |
|
Cardella,
Radcliffe
|
That Which Must Not Be Spoken Of: A Personal Look at Mental Health in Infosec |
|
| 15:30 |
Munro
|
Exploiting the Recruitment Process |
Holtz
|
Automation Plumbing |
|
| 16:00 |
PeerLyst
|
PeerLyst Meet and Greet |
Corman
|
IATC Closing |
|
| 17:00 |
Borosh,
Rymdeko-Harvey,
Schroeder
|
Building an EmPyre with Python. |
Scarfo
|
An Evolving Era of Botnet Empires |
|
Atanasoff,
Bassett
|
Dominating the DBIR Data |
|
Dierick,
Duren,
Harbison,
Hetfield,
Rides
|
Common Mistakes Seen in Interviews |
|
Sullivan
|
PAL is your pal: Bootstrapping secrets in Docker |
|
Tomasello
|
Digging into SIEM Alerts with Visual Graph Analytics |
|
Kamluk
|
Stealing Food From the Cat's Mouth |
|
| 17:30 |
Kraus
|
Scalability: Not as Easy as it SIEMs |
| 18:00 |
Kunz,
Pack
|
One Compromise to Rule Them All |
Schumann,
Stevens
|
Cross-platform Compatibility: Bringing InfoSec Skills into the World of Computational Biology |
|
Paruchuri
|
QUESTIONING 42: Where is the “Engineering” in the Social Engineering of Namespace Compromises? |
|
Gold
|
The Deal with Password Alternatives |
|
Postnikoff
|
Ethical implications of In-Home Robots |
|
Williams
|
Why Snowden’s Leaks Were Inevitable |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.