We really enjoyed the FireTalks that took place last year. It was the first chance we really got to meet a lot of the online friends we made up to that point. Now with the completion of the third round of tickets we started thinking about how we could take more of an active part in the conference. Since we really don’t have any budget beyond what’s in @grecs‘ dwindling bank account (hint, hint, hint – NovaInfosecPortal.com is always looking for subscribers and advertisers), being a cash sponsor was a little out of the question for us. So the next best thing was to sponsor our time … and so this we did by volunteering to run the ShmooCon 2010 FireTalks. I don’t know how it will turn out but hopefully it will be as good as last year!
For all the latest happenings, check back to this post periodically. It will be the home for any and all information relating to the ShmooCon 2010 FireTalks. You may want to use a service like ChangeDetection.com to get email alerts of any updates. Alternatively, you can subscribe to our main RSS feed or follow us on Twitter at @novainfosec since we’ll put out short “update” posts with just the new information and a pointer back to this “master” post. And as usual … I’ll be regularly updating my Twitter stream at @grecs with all the information and will be using the #firetalks tag. If you need to quickly refer back to this post, you can also use the longish bit.ly link we create at bit.ly/nipshmoocon2010firetalks.
Anyway … here are the logistics for this year’s FireTalks in traditional NovaInfosecPortal.com form:
- Who: ShmooCon/PodcastersMeetup/NovaInfosecPortal.com (and anyone else we’re missing)
- What: ShmooCon 2010 FireTalks
- When: 2/5, 8:30 – 9:50 & 2/6/2010, 8:30 – 9:50 PM EST
- Where: Wardman Park Marriott (2660 Woodley Road NW, Washington, DC 20008; Wilson A/B/C)
Now onto what this whole FireTalks thing is and how to get involved…
Instead of reinventing the wheel to explain things, we just went back and took a look at what was done last year. The idea of Firetalks seemed to originate with Michael Santarcangelo. The post titled “Podcaster’s Meetup @ ShmooCon” by @mubix on PodcastersMeetup.com seemed to be the first place that this idea came up. As part of several announcements, one of them was this interesting idea from Michael.
“Michael Santarcangelo, the Security Catalyst community and the Security Twits have come up with a group that will be doing after hours presentations. So, if you were declined, didn’t submit but have a talk, or just want to learn to speak by watching the critiques that go on, please come out an join us. The main goal of these after hours talks is to foster the development of the speaker in a less imposing environment than a ShmooCon track. Depending on the responses we get, we may be doing these talks all three nights. …”
This idea was followed up with a more focused definition in an update post aptly titled “Podcaster’s Meetup @ ShmooCon Update 1” again by @mubix. Here is where the term “Firetalks” was first used as far as I can tell.
“Have a talk that didn’t get accepted? Want the chance to share a project that you are working on? Think of FireTalks as a verbal blog post. The human experience is built on the ability to tell and learn from stories. At SchmooCon 2009, “FireTalks” is a supportive environment in which to either share insights or learn from others. Whether polishing a presentation (story) for conferences, meetings or training, FireTalks are the way to share, learn and improve. The inaugural FireTalks take place Friday night — following the Podcasters Meetup. Talks are limited to 10-15 minutes with four (4) scheduled talks and four (4) open slots. Open slots will be filled on a first come, first serve basis. Saturday night will be more relaxed. Come join us and present, listen and learn.”
We will have four 15-minute speaking slots each night and as noted above these have been filled on a first-come-first-serve basis. If needed each speaker must have their own laptop to connect to a standard projector.
Because there’s been such a great response, we’ve decided to open up this Alternates List just in case any of the presenters are unavailable. As an alternate you’ll have to be present and ready to speak. If one of the speakers is not available, we’ll just start calling people from the top of the list.
To submit an alternate talk, use the Contact Us link above. Enter your name as you want it to appear below and use FireTalks as the subject. In the Message area please include the title of your talk as well as a one paragraph summary of your presentation. You can also include a link to your website or preferred social networking profile and we’ll link your name off to this site/profile.
|Friday||David “ReL1K” Kennedy||Social Engineering Toolkit v0.4 Overview||The Social-Engineer Toolkit v0.4 (SET) Codename “Pink Pirate” will be released at the firetalk exclusively on BackTrack 4. SET is a security professionals most valuable tool when it comes to social engineering attacks and incorporates some heavily advanced and complicated attacks. The new version is one of the biggest releases yet and incorporate new methods for attacking the clients and some super top secret stuff being released during the talk.|
|Michael “theprez98” Schearer||SHODAN for Penetration Testers||SHODAN is a computer search engine. But is is unlike any other search engine. While other search engines scour the web for content, SHODAN scans for information about the sites themselves. The result is a search engine that aggregates banners from well-known services. For penetration testers, SHODAN is a game-changer, and a goldmine of potential vulnerabilities.|
|Marcus J. Carey||Influencing Security||This talk compares information security and health epidemics such as HIV/AIDS. I’ll discuss critical behavior changes which have reduced HIV/AIDS in some countries and what information security can learn from the same approach.|
|Adrian “IronGeek” Crenshaw||Funnypots and Skiddy Baiting||Ever wanted to screw with those that screw with you? Honeypots might be ok for research, but they don’t allow you to have fun at an attacker’s expense the same way funnypot and skiddy baiting does. In this talk I’ll be covering techniques you can use to scar the psyche or to have fun at the expense of attackers or people invading your privacy. Some of the topics to be covered are: Fun with DNS and Loopback, SWATing for Packets, Lemonwipe your drive, Robots.txt trolling, And more…|
|Zero Chaos||Pentoo||Ever wish you could carry around your favorite pen-testing distribution on a cd, or a usb stick? Tried popular offerings but feeling like they pander to a different segment? Come hear about Pentoo. At Pentoo we pander to experienced linux users who are more likely to use their gpu for cracking passwords than “teh cubez” and fancy window makers. Come see what all the fuss it about.|
|Benny “security4all” ???||Sleephacking 101 – How to Stay Awake for 20 Hours a Day without Turning into a Zombie||Everyone of us has busy periods or just too many things todo. You start sleeping less and drinking loads of coffee. Both of which are not good for your health. This talk will talk about why our body and mind actually need sleep and how you can hack it. We will discuss some methods on how to enable yourself to stay awake for 20 hours a day without turning into a zombie (and without the use of drugs).|
|Christian “cmlh” Heinrich||Payment Application – Don’t Secure Sh!t (PA-DSS)||Considering a majority of PCI related presentations focus on the “benefit” and “increase” to “security” are delivered by consultants and vendors whose sole agenda is their financial benefit in implementing PCI-DSS, the failures and their root causes within the lesser known Payment Application Data Security Standard (PA-DSS) will be explored.|
- Michael Montejam Montecillo: Profiling and Tracking in 15 Minutes
- Whether seeking information about a company for employment purposes or figuring out exactly who is flooding your IPS/IDS, tracking and profiling can be valuable skills for any security professional. This talk will discuss tools and techniques for profiling companies, tracking hacker activity, and identifying potential threats through Open-Source Intelligence (OSINT). There will be a particular focus on applying the hacker mindset to make determinations based on available data.
- Ralph “ralphbroom” Broom: TBD
Awards will be based on a 3-person panel scoring each presentation from 1 to 10. In case of a tie, we’ll maybe have a forth person pick the final winner.
Most of the sponsorship opportunities have been covered however we are still looking for a Countdown Timer, Gong, and Logo. So if you don’t have a big budget but would like to help out, you can always volunteer to bring one of these items.
|Grand Prize (~$250) – Acer Aspire One D250 Netbook
||Brought to you by Hurricane Labs
|1st Runner-Up Prize (~$125) – 32GB Kanguru e-Flash (eSATA & USB2.0 Flash Drive)
||Courtesy nVisium Security
|2nd Runner-Up (~$75) – $75 Think Geek Gift Certificate
||From nVisium Security
|Participant Give-Aways (~$100 or $20 each) – Open
||Brought to you by Trusted Signal
|Session Recordings||Adrian “IronGeek” Crenshaw (Georgia Weidman for HD backup version)|
|Fake Cardboard Fireplace||Mike “rybolov” Smith|
|Countdown Timer with Large Red Numbers||Open|
|Gong (this could be fun)||Open|
For all our illustrious sponsors, you get your logo placed here and several mentions during the event. If you are lending any of the stage props above, feel free to include your logo on it as well. We are open to other suggestions (e.g., some small signs you can post up around the event) but this will depend on what ShmooCon will and will not let us do.