Just a short post … well actually it’s turned into a long post … to announce the second round speakers for this year’s ShmooCon Firetalks… With several more submissions at the last minute in mid-January, the selection committee has continued to pull together a diverse program with the most interesting talks combined with a good mix of established and new speakers. But before we get on to the talks I just wanted to again thank @jack_daniel, @jasonmoliver, @nathiet, and @dystonic for their continued hard work they’ve put in over the last few weeks.
I would also again like to put out a call for sponsors to companies or organizations interested in providing some goodies for the speakers, winners, and audience. It’s a great chance to get your name in front of a very unique crowd. For more information please see out sponsorship post from a few weeks ago. Perhaps I was trying to be a little too aggressive in growing things so we can definitely negotiate from those quoted levels.
And finally I didn’t realize it but the CFP doesn’t seem to have been announced on the ShmooCon site. To accommodate many of the people I’ve chatted with since January 15ths we’ve decided to extend the CFP for through Tuesday, January 29th with the last four slots being announced on February 1st.
And without further ado … we are pleased to announce the second round speakers!!!
If You Can Open The Terminal, You Can Capture The Flag: CTF for Everyone
by Nicolle “@rogueclown” Neulist
You don’t spend every single conference you attend in a darkened room, listening to techno music and hunched over your laptop. You don’t know every single security tool out there backwards and forwards. This means CTF is completely out of your league, right? Wrong. If you’ve got a competitive streak, a love of puzzles, and a desire to add to your security bag of tricks, you can gain a lot out of competing in Capture the Flag. They’re a great way to practice your security skills and learn new ones. This talk will cover common structures and topics in CTF competitions, some technical and problem-solving skills you’ll want to add to your arsenal, and how to dive in and start playing! There will also be plenty of firsthand stories of pitfalls that new CTF players can easily fall into, and how you can avoid them. You may not leave this talk as the most three-one-three-three-seven CTF player on earth, but that takes a bit longer than fifteen minutes.
Drones: Augmenting your cyber attack tool bag with aerial weapon systems
by Zac “@ph3n0” Hinkel
The main focus will be on how to build a fully autonomous drone and discuss how easy they are to operate. Additionally, we are going to show you how to use this drone for pen-testing and other fun activities like: surveillance, WarFlying, GSM phone tracking and man-in-the-middle. We are also going cover how to take pictures while airborne and convert them into 3d rendered models, which will be helpful in that next physical assessment. Along with the technical discourse, we will also discuss legal and policy issues that are at the forefront due to this technology. Finally, during the conference weekend, we will demonstrate some of our drone technology and let people who are interested get some hands-on experience planning out flights and operating the controls in a simulated flight environment.
Managed Service Providers: Pwn One and Done
by Damian “@integrisec” Profancik
If you work for or use the services of a Managed Services Provider (MSP), you need to attend this talk. MSPs deliver varying degrees of Information Technology (IT) support to many clients. Some range from fully outsourced IT to on-demand assistance. However, one thing they all have in common, due to the nature of the sensitive access they may have, is the risk they can pose to their clients if they are not careful. I will explorer some of these risks and mitigation strategies. Both from the point of view of the MSP and from the consumer of their service. For those that just want to see cool exploits…we’ll have that too.
No Tools? No Problem! Building a PowerShell Botnet
by Christopher “@obscuresec” Campbell
What if you didn’t have access to any of your tools? Armed with only a default Windows installation and 30 minutes, lets build a fully-featured bot that can be controlled anonymously and is capable of achieving persistence against nearly any AV product. Not only is it possible, it is easy and you can do it. This talk will show you how learning PowerShell can make you a more flexible penetration tester. Together, we will walk through building the bot, packaging it and deploying it against even the most hardened targets!
Hope to see you all at ShmooCon! See ya!