ShmooCon is an annual infosec conference event that has been taking place the past four years in Washington, DC. The past two years the schedule has basically remained the same. Friday’s events revolves around their One Track Mind concept that consists of several 30 minute speed talks followed by the keynote. Saturday and Sunday offer three concurrent tracks to attend – Break It, Build It, and Bring It On. Break It focuses on technology exploitation; Build It showcases inventive solutions; and Bring It On promotes open discussion. As with many cons there are a number of contests run by the staff and vendors.
On Friday, I arrived late and was only able to make it to “New Countermeasures to the Bump Key Attack” (presentation, video) by Deviant Ollam. He discussed the basics of bump keying as well as countermeasures manufactures are implementing. The keynote speaker was unable to make it due to a cold so I skipped out on his replacement to do some networking. The prior sessions included “Intercepting Mobile Phone/GSM Traffic,” “Forensic Image Analysis to Recover Passwords,” “Baked not Fried: Performing an Unauthorized Phishing Awareness Exercise,” “Web Portals: Gateway to Information or a Hole in our Perimeter Defenses,” and “Hacking the Samurai Spirit.” Out of these “Intercepting Mobile Phone/GSM Traffic” by H1kari, “Forensic Image Analysis to Recover Passwords” by David Smith, and “Baked not Fried: Performing an Unauthorized Phishing Awareness Exercise” by Syn Phishus seemed to be some of the more interesting talks. I’ll definitely be waiting for the videos to come out on these ones and will update this post when I do.
Beyond the sessions and meetups I found out about a number of contests happening at the conference. Hack-or-Halo was back. The Hack competition consisted of twenty or so so puzzles while the Halo contest was upgraded to Halo 3. The conference also included the Hacker Arcade and Shmooganography challenges again. In addition to the conference sponsored contests, many vendors also had challenges of their own. Applied Security was back with their “HackIt” Contest 2.0 in which attendees could test their skills in a variety of exploitable bugs, broken code, and other related topics. I didn’t get a chance to play it but plan on trying it out after it’s posted on their web site. SploitCast also had a series of what looked like decryption challenges. Even the badges, being old IBM punchcards I am told, supposedly had a challenged encoded on them. And as always Lockpick village was there – this year with their Gringo Warrior challenge. The contest involved escaping out of handcuffs, picking a door, defeating a guard, and picking one or two file cabinets. I’m not much of a lockpicker but it was fun to watch several people to through this contest.
For other commentary on Friday’s sessions, here are some good blog posts describing them:
- Roger’s Information Security Blog: Shmoocon 2008 Day 1
- SecurityNewsPortal: Shmoocon 2008 Day 1
- Uncommon Sense Security: Shmoocon, Day one plus
- Dan Griffin’s Blog: ShmooCon 2008 – Day 1 Recap
I ended the evening with the Podcasters Meetup. The Hak5 crew ran the show with support from several other podcasts such as SploitCast and Pauldotcom. Here is a direct link to the live Hak5Live 011 – ShmooCon episode.
Comprehensive Conference Schedule
Here is a comprehensive list of Friday’s schedule talks as well as links to the presentations and videos (posted as they are available). Descriptions of each session and speaker bios can be found at ShmooCon’s speaker page.
- Opening Remarks: Presentation, Video
- Intercepting Mobile Phone/GSM Traffic (H1kari): Presentation, Video
- Forensic Image Analysis to Recover Passwords (David Smith): Presentation, Video
- Baked not Fried: Performing an Unauthorized Phishing Awareness Exercise (Syn Phishus): Presentation, Video
- Web Portals: Gateway to Information or a Hole in our Perimeter Defenses? (Deral Heiland): Presentation, Video
- Hacking the Samurai Spirit (Isaac Mathis): Presentation, Video
- New Countermeasures to the Bump Key Attack (Deviant Ollam): Presentation, Video
- Keynote Address (Ed Felten): Presentation, Video