ShmooCon 2012 FireTalks – Update 4 (Second Round Speaker Announcements)

Person Calling into MegaphoneJust a short post to announce the second round speakers for this year’s ShmooCon Firetalks… With several more submissions between our last post and the CFP due date, the selection committee has been hard at work trying to pull together a diverse program with the most interesting talks combined with a good mix of established and new speakers.

But before we get on to the talks I just wanted to thank the selection committee for all the hard work they put in over the last few weeks. Since some may not want their full names out there, I’ll just list them all by their Twitter handles … @dystonic, @jack_daniel, @jasonmoliver and @nathiet. And I would again like to thank our generous sponsors for not only providing some awesome prizes but also other contributions that are going to make this year’s Firetalks the best so far. Thanks!

And finally if you want to keep up with all the Firetalks going-ons, be sure to check back to the master Firetalks post periodically. It is the home for any and all information relating to the ShmooCon 2012 FireTalks. You can also subscribe to receive these updates through any of our “feeds” if you wish (@novainfosec on Twitter, our FaceBook Page, or RSS) to keep up with things. And as usual … I’ll be regularly updating my Twitter stream at @grecs with all the information using the #firetalks tag.

And without further ado … we are pleased to announce the second round speakers!!!

Cracking WiFi Protected Setup For Fun and Profit

by Craig Heffner

This talk will detail the recently disclosed vulnerability in WiFi Protected Setup which allows wireless attackers to recover plain text WPA/WPA2 pass phrases in just a few hours, as well as my WPS brute force attack tool, Reaver.

Passive Aggressive Pwnage: Sniffing the Net for Fun & Profit

by John Sawyer

There has been very little public research into passive fingerprinting over the last few years, and the best and most well-known tool for that (p0f) hasn’t been actively developed in 6 years. While a recent a project is using the clever technique of identifying OS’s through DHCP options, it isn’t looking beyond simple OS identification. Why not? If you’ve ever been responsible for IDS monitoring in a large environment, you know there’s a huge amount of juicy data waiting to be snarfed up–interesting information that could be collected passively to identify vulnerable targets in a pen test. Some commercial solutions have these passive vulnerability detection capabilities already, but it’s never trickled down into the free, open source world.

In this presentation, we will look at some of the data that can be gleaned passively, how it can be used for offensive (and defensive) purposes, and announce a new project designed to use existing open source IDS engines (Snort & Suricata) and IDS rules to enhance penetration tests through passive fingerprinting. The project will utilize existing rules from projects like Emerging Threats, develop new rules to address gaps in detection, and give back to the community by contributing newly developed rules back to similar projects. A focus will be on identifying bleeding edge devices, vulnerable applications, and passively gathering sensitive information (SSNs, CCNs, passwords, etc.).

Remotely Exploiting the PHY Layer

by Travis Goodspeed

Packet-in-Packet injections are a new type of in-band signalling attack, one which allows a packet to be injected into a remote wireless network through the body of any other type of packet. The attacker never needs a radio, and no software or hardware bugs are necessary for the injection to occur. The attack works on perfectly standard-compliant implementations of 802.15.4, 802.11B, and most other wireless protocols.

Ressurecting Ettercap

by Eric Milam

In December 2011 Ettercap had its first official release in almost 6 years. This talk will discuss how I went from the creation of a simple bash script to taking over one of the world most loved penetration testing tools. Topics will include, easy-creds, communications with Alor & Naga and the new team charged with moving the project forward.

Security Onion: Network Security Monitoring in Minutes

by Doug Burks

Traditional Intrusion Detection Systems (IDS) can be costly, difficult to install, and may not provide all the capabilities that you need to defend your network. Network Security Monitoring (NSM) combines traditional IDS alerts with additional data to give you a more complete picture of what’s happening on your network. This presentation will demonstrate how to deploy NSM in just a few minutes using a free Linux distro called Security Onion.

Beyond the formally announced talks we also chose a few alternates that just missed getting selected. These speakers should be ready to present either night.

  • Georgia Weidman: Stopping Android Permission Leak
  • Thomas Hoffecker: Exploiting PKI for Pentesters


Look for the final schedule to be posted early next week. See ya!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.