ShmooCon 2012 FireTalks – Update 8 (Videos from Saturday)

Cover from Saturday Night FeverTo follow up with Friday’s post re getting a lot of the other awesome ShmooCon Firetalks out there, here is the complete line up from Saturday night. And if you are interested in seeing all the talks from each night, IronGeek has just put out a post with two longer videos from each evening.

I again wanted to thank The Shmoo Group and our generous sponsors. Lastly, thanks to our awesome volunteers that made this year’s Firetalks the best so far. Thanks!

And finally be sure to check back to the master Firetalks post. It provides the core content as well as quick links to all update blog posts.  Well on to the videos…

“Cracking WiFi Protected Setup For Fun and Profit”

by Craig Heffner

This talk will detail the recently disclosed vulnerability in WiFi Protected Setup which allows wireless attackers to recover plain text WPA/WPA2 pass phrases in just a few hours, as well as my WPS brute force attack tool, Reaver.

“Passive Aggressive Pwnage: Sniffing the Net for Fun & Profit”

by John Sawyer

There has been very little public research into passive fingerprinting over the last few years, and the best and most well-known tool for that (p0f) hasn’t been actively developed in 6 years. While a recent a project is using the clever technique of identifying OS’s through DHCP options, it isn’t looking beyond simple OS identification. Why not? If you’ve ever been responsible for IDS monitoring in a large environment, you know there’s a huge amount of juicy data waiting to be snarfed up–interesting information that could be collected passively to identify vulnerable targets in a pen test. Some commercial solutions have these passive vulnerability detection capabilities already, but it’s never trickled down into the free, open source world.

In this presentation, we will look at some of the data that can be gleaned passively, how it can be used for offensive (and defensive) purposes, and announce a new project designed to use existing open source IDS engines (Snort & Suricata) and IDS rules to enhance penetration tests through passive fingerprinting. The project will utilize existing rules from projects like Emerging Threats, develop new rules to address gaps in detection, and give back to the community by contributing newly developed rules back to similar projects. A focus will be on identifying bleeding edge devices, vulnerable applications, and passively gathering sensitive information (SSNs, CCNs, passwords, etc.).

“Ressurecting Ettercap”

by Eric Milam

In December 2011 Ettercap had its first official release in almost 6 years. This talk will discuss how I went from the creation of a simple bash script to taking over one of the world most loved penetration testing tools. Topics will include, easy-creds, communications with Alor & Naga and the new team charged with moving the project forward.

“Security Onion: Network Security Monitoring in Minutes”

by Doug Burks

Traditional Intrusion Detection Systems (IDS) can be costly, difficult to install, and may not provide all the capabilities that you need to defend your network. Network Security Monitoring (NSM) combines traditional IDS alerts with additional data to give you a more complete picture of what’s happening on your network. This presentation will demonstrate how to deploy NSM in just a few minutes using a free Linux distro called Security Onion.

“Remotely Exploiting the PHY Layer”

by Travis Goodspeed

Packet-in-Packet injections are a new type of in-band signalling attack, one which allows a packet to be injected into a remote wireless network through the body of any other type of packet. The attacker never needs a radio, and no software or hardware bugs are necessary for the injection to occur. The attack works on perfectly standard-compliant implementations of 802.15.4, 802.11B, and most other wireless protocols.


This will be the final ShmooCon 2012 FireTalks post. It’s been a blast! See ya…Today’s post image is brought to you from

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.