ShmooCon 2012 FireTalks – Update 3 (First Round Speaker Announcements)

That Guy from the Whole Winning ThingAfter pushing the team to do some reviews over the last few days we have finally come up with the first round of speaker announcements for the ShmooCon 2012 Firetalks! It’s been a painful process trying to rate all of the awesome submissions but I think the team did a great job at finding a nice mix of talks up to this point.

Before continuing on I would like to let everyone know that there are still five additional slots available and the CFP is open through this Friday at 5:00 PM EST. So if you have a topic and are contemplating whether or not to submit … don’t hesitate much longer. To get started head on over to the EasyChair SC2012FT portal.

We are still looking for a few volunteers, specifically someone to create and hang some poster-sized signs so people can easily find where the sessions will be (usually in Track 3, which is typically held a bit off the beaten track). Also since the sessions are being recorded and streamed, we need someone to coordinate with the ShmooCon and hotel AV teams (audio/video … not anti-virus 🙂 ) so we can hopefully get direct audio feeds for better quality. There are also some other smaller roles (e.g., a timer) so please check out the master post for all the available volunteer positions. And if you have a cool idea to help make FireTalks better and are willing to volunteer to coordinate it, let us know… Also don’t worry about volunteering interfering with you dinner plans … we’ll be providing a free dinner for all those helping out thanks in part to our sponsorsMilton Security Group, Dirty Security, Lares Consulting, Leverage Consulting & Associates, Liquidmatrix Security Digest, and Bulb Security. Oh and by the way … could someone volunteer to coordinate the dinner thing. 😉

And don’t forget … for all the latest happenings, check back to the master Firetalks post periodically. It is the home for any and all information relating to the ShmooCon 2012 FireTalks. You can also subscribe to receive these updates through any of our “feeds” if you wish (@novainfosec on Twitter, our FaceBook Page, or RSS) to keep up with things. And as usual … I’ll be regularly updating my Twitter stream at @grecs with all the information using the #firetalks tag.

And without further ado … we are pleased to announce the first round speakers!!!

Bending SAP Over & Extracting What You Need!

by Chris John Riley

At the heart of any large enterprise, lies a platform misunderstood and feared by all but the bravest systems administrators. Home to a wealth of information, and key to infinite wisdom. This platform is SAP. For years this system has been amongst the many “red pen” items on penetration tests and audits alike… but no more! We will no longer accept the cries of “Business critical, out-of-scope”. The time for SAP has come, the cross-hairs of attackers are firmly focused on the soft underbelly that is ERM, and it’s our duty to follow suit. Join me as we take the first steps into exploring SAP, extracting information and popping shells. Leave your Nessus license at the door! It’s time to scrub this SAP system clean with SOAP!.

Five Ways We’re Killing Our Own Privacy

by Michael Schearer

At DEFCON, I talked about how our privacy rights are under attack. Our sea of liberty is drying up due to the ever-encroaching power of the government. A litany of abuses continue to chip away at the historical foundations of privacy: administrative searches as pretexts to avoid search warrants, national security letter, andsuffocating public surveillance just to name a few. Yet the government alone is not the only source of our ever-diminishing privacy. In this talk, I turn my attention…to you. Yes, believe it or not, you (and me) and the other 310 million of us in this country are also responsible for our diminished expectation of privacy. Why are we responsible? Who wants our information, and why is it so valuable? Is there anything we can do to stem the tide?

How Do You Know Your Colo Isn’t “Inside” Your Cabinet, A Simple Alarm Using Teensy

by David Zendzian

As everyone knows, the security of your equipment starts with securing it physically. To accomplish that many will lease cabinet or cage space within the a commercial colo. However, all colos require access to your equipment (in case of fire, or other emergency). Even withstanding the emergency access I have seen colo’s enter cages and cabinets to run cables or to shorten their walk around a row in the facility. Other than installing a commercial alarm or a motion sensor camera, both of which are expensive solutions, what can be done to monitor access into your cabinet or cage. This talk will show how we have used a Teensy board from PJRC to build a simple alarm system that can be easily integrated into whatever host / network monitoring system already configured for your network.

ROUTERPWN: A Mobile Router Exploitation Framework

by Pedro Joaquin

Routerpwn is a mobile exploitation framework that helps you in the exploitation of vulnerabilities in network devices such as residential and commercial routers, switches and access points. It is a compilation of ready to run local and remote web exploits. Programmed in Javascript and HTML in order to run in all “smart phones” and mobile Internet devices, including Android, iPhone, BlackBerry and all tablets. You can even store it off line for local exploitation without Internet connection.

Security Is Like An Onion, That’s Why it Makes You Cry

by Michele Chubirka

Why is the security industry so full of fail? We spend millions of dollars on firewalls, IPS, IDS, DLP, professional penetration tests and assessments, vulnerability and compliance tools and at the end of the day, the weakest link is the user and his or her inability to make the right choices. It’s enough to make a security engineer cry. The one thing you can depend upon in an enterprise is that many of our users, even with training, will still make the wrong choices. They still click on links they shouldn’t, respond to phishing scams, open documents without thinking, post too much information on Twitter and Facebook, use their pet’s name as passwords, etc…. But what if this isn’t because users hate us or are too stupid? What if all our complaints about not being heard and our instructions regarding the best security practices have more to do with our failure to understand modern neuroscience and the human mind’s resistance to change?


Don’t forget … you still have time to submit your talk! The CFP closes this Friday at 5:00 PM EST. Today’s image is from

19 comments for “ShmooCon 2012 FireTalks – Update 3 (First Round Speaker Announcements)

  1. January 11, 2012 at 11:56 am

    #NOVABLOGGER: ShmooCon 2012 FireTalks – Update 3 (First Round Speaker Announcements)

  2. January 11, 2012 at 1:02 pm

    ShmooCon 2012 FireTalks – Update 3 (First Round Speaker Announcments): [] After pushing the…

  3. January 11, 2012 at 1:47 pm

    Looks like I’ll be doing a Firetalk at Shmoocon ( Guess I’ll need to edit some slides/demos this weekend then 😉

  4. January 11, 2012 at 4:08 pm

    ShmooCon 2012 FireTalks – Update 3 (First Round Speaker Announcements) #shmooCon #securityevents

  5. January 11, 2012 at 5:16 pm

    Ladies & gentleman .. please welcome the first round speaker selections for the #ShmooCon 2012 #Firetalks.

  6. January 12, 2012 at 8:53 pm

    I’ll be speaking at #shmoocon #firetalks: “Five Ways We’re Killing Our Own Privacy”

  7. January 13, 2012 at 3:35 pm

    Presentaré #Routerpwn en #ShmooCon #FireTalks

  8. January 13, 2012 at 4:10 pm

    Congratz my friend ! RT @_hkm: Presentaré #Routerpwn en #ShmooCon #FireTalks

  9. January 15, 2012 at 10:01 pm

    RT @_hkm: Presentaré #Routerpwn en #ShmooCon #FireTalks

  10. January 18, 2012 at 3:14 pm

    RT @theprez98: I’ll be speaking at #shmoocon #firetalks: “Five Ways We’re Killing Our Own Privacy”

  11. January 23, 2012 at 8:55 pm

    In case you missed them .. meet your #ShmooCon #Firetalkers:

  12. January 23, 2012 at 9:00 pm

    RT @grecs: In case you missed them .. meet your #ShmooCon #Firetalkers:

  13. January 23, 2012 at 9:37 pm

    RT @grecs: In case you missed them .. meet your #ShmooCon #Firetalkers:

  14. January 23, 2012 at 9:44 pm

    RT @grecs: In case you missed them .. meet your #ShmooCon #Firetalkers:

  15. January 23, 2012 at 9:50 pm

    RT @grecs: In case you missed them .. meet your #ShmooCon #Firetalkers:

  16. January 26, 2012 at 1:09 pm

    RT @grecs: In case you missed them .. meet your #ShmooCon #Firetalkers:

  17. January 26, 2012 at 6:46 pm

    RT @grecs: RT @grecs: In case you missed them .. meet your #ShmooCon #Firetalkers:

  18. January 29, 2012 at 11:20 pm

    You can find the more details on the #shmoocon #firetalks winners at &

  19. January 30, 2012 at 6:47 am

    RT @grecs: You can find the more details on the #shmoocon #firetalks winners at &

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.