ShmooCon has always been one of my favorite security conferences. Unfortunately, I can't be there this year. But for those who are going this weekend, here's what to expect.
In recent years, I've found some of the best content at ShmooCon, and I've learned a lot. It's also an excellent place to meet other security practitioners that can become important allies. Some of the most important contacts I've made were at ShmooCon.
The unfamiliar usually chuckle or cock their heads in puzzlement when I tell them about ShmooCon. The name throws them off, and it's not a traditional business conference.
ShmooCon is organized by the Shmoo Group, a security think tank started by Bruce Potter in the late 1990s. Attendees represent the full cross section of the security industry. There are hackers, CSOs, government security types and everything in between. More than a few people have compared it to the Black Hat conferences of old or a smaller version of Defcon.
The event has inspired a lot of thinking outside the box -- not just in terms of the talks, but in how attendees travel and network. In recent years people have carpooled to ShmooCon.
For three years in a row I traveled to and from the event in what we called the Shmoobus -- An RV crammed with hackers making the journey from Boston to Washington DC. Those 12-hour drives made for a lot of bonding.
With such a long trek, there's time to delve into deep discussions about the challenges of our jobs.
The Shmoobus is no more, unfortunately. But what I learned about security on those journeys will last a lifetime.
ShmooCon 2015
This year's event is at the Washington Hilton Hotel, 1919 Connecticut Ave., NW in Washington DC. Here's the schedule:
| Friday, January 16, 2015 | |
|---|---|
| Time | One Track Mind |
| 1200 | Registration Opens |
| 1430 | Opening Remarks, Rumblings, and Rants Bruce Potter |
| 1530 | Five Not-Totally-Crazy Ways to Build for Usability Elissa Shevinsky |
| 1600 | Simple Windows Application Whitelisting Evasion Casey Smith |
| 1630 | Don't Look Now! Malicious Image Spam Kathy Liszka |
| 1700 | Userland Persistence on Mac OS X "It Just Works" Joshua Pitts |
| 1730 | SEWiFi: Building a Security Enhanced WiFi Dongle Ryan Holeman |
| 1800 | Betting BIOS Bugs Won't Bite Y'er Butt? Xeno Kovah and Corey Kallenberg |
| 1830 |
Joseph Lorenzo Hall |
| 2000 | Infosec Family FUD |
| Sunday, January 18, 2015 | |||
|---|---|---|---|
| Time | Build It! | Belay It! | Bring it On! |
| 0930 | Registration Opens | ||
| 1000 | White is the New Black: Why White Data Really Matters Irena Damsky |
No Budget Threat Intelligence: Tracking Malware Campaigns on the Cheap Andrew Morris |
The Mile High Club: Getting Root at 40,000 Feet Wesley Wineberg |
| 1100 | Eliminating Timing Side-channels. A Tutorial. Peter Schwabe |
Infrastructure Tracking with Passive Monitoring and Active Probing Anthony Kasza and Dhia Mahjoub |
Mascots, March Madness & #yogapants: Hacking Goes to College Chris Cullison, Zack Allen, and Avi Rubin |
| 1200 | The Dark Art of Data Visualization David Pisano |
Micronesia: Sub-kernel Kit for Host Introspection in Determining Insider Threat Loc Nguyen |
How Random is Your RNG? Meltem Sönmez Turan, John Kelsey, and Kerry McKay |
| 1300 |
Closing Plenary Get Off My Lawn: Examining Change through the Eyes of The Old Guard Bruce Potter (moderator), Carole Fennelly, Rick Forno, Ben Laurie, and Space Rogue |
||
| 1400 | Closing Remarks | ||
Not to be missed:
In all the ShmooCon's I've attended, I've found these to be highlights:
FireTalks: ShmooCon FireTalks are 15 minute presentations meant to be an alternative to the traditional 30 to 90 minute conference format. Similar to 5 minute Lightning Talks, the purpose is to challenge speakers to skip the BS and instead dive right into the core of their content in a more relaxed alternative environment. Unlike Lightning Talks, which are usually performed in rapid succession, the additional time allows the speaker to follow a more traditional introduction, body, and conclusion format. Judges will be on hand to vote for the best talks with prizes being awarded to the top three presentations. The FireTalks will take place Friday and Saturday night between the main track presentations and any evening activities.
Infosec Family FUD: Have you ever watched the Family Feud on TV and thought you had what it takes to win? Are you dying to show off how well you've got the pulse of the Infosec community? No? Well, come join us on anyway and play along as ShmooCon presents a special Infosec Community version of the Family Feud. On Friday night we will be forming teams from audience members live, but even if you don't get selected to be on stage, we still need you to be our sampled audience -- the whole game is generated from your feedback.
Hackfortress: Hackfortress is back for it's 4th year at Shmoocon. This year is stacking up to be no less exciting for the competition than previous years. With two brand new Oculus HD Rift's planning to make an appearance at this years competition, virtual immersion into TF2 will play an even bigger role during this round (and this time without the nausea). Don't worry though, we'll still have the two original Rift's on hand for a challenge (or as a form of punishment or just to amuse the judges). Just as in years past, the competition will consist of a team of 10 players competing to score more points than the opposing team during each 30 minute match. Six players will play Team Fortress 2 against six players on the opposing team. The four remaining players on each team will do their best to solve puzzles while the TF2 match is happening. These puzzles have a direct impact on the game just as the game has a direct impact on the puzzles. One new twist this year is that we plan to offer payload and KoTH maps during this year's matches.
If you're attending, I wish you safe travels and a lot of fun!