As we’ve discussed in the past (see the 3rd Rule) we always recommend when going to cons to not spend the whole time attending talk after talk after talk and instituted what we call the “Three Presentation Rule.” This means that for each day of the con, you pick and attend only the top three presentations you want to see. What should you do the rest of the time? Well … spend the day enjoying the true benefits of security cons, e.g., meeting and networking with your infosec peers.
As a slight adjustment we’ve decided to augment the Three Presentation Rule to also include Activities and Challenges components. If you’re a longtime TWiT listener, you’ve probably heard this before associated with some backup strategy. Anyway, here you go with our 3-2-1 ShmooCon Recommendations for Friday.
“WIPE THE DRIVE!!! – Techniques for Malware Persistence” with Mark Baggett and Jake Williams at 4:30: If a machine gets infected with a piece of malware most security pros would recommend wiping the drive and starting from scratch. Unfortunately, companies sometimes take shortcuts and attempt less drastic means and attempt to remove the malware manually. You can usually do a pretty good job but there are still many places for malware to lurk. Mark and Jake will dive into these less than obvious places and release a script that checks them.
“Hide and Seek, Post-Exploitation Style” with TJ O’Connor and Tim Tomes at 5:30: Honey Badger, Pushpin, Metasploit post/exploitation scripts, … Need we say more? Many of us don’t know it but any of our newfangled gadgets could unknowingly be broadcasting our locations as we travel about in our day-to-day activities. This talk looks at how to find and harness this data to “assist in getting the ‘pattern of life’ of a hooked victim.”
“Hackers get Schooled: Learning Lessons from Academia” with Bruce Potter (moderator), Matt Blaze, Chris Eagle, Invisigoth, Dave Marcus and Michael Schearer at 6:30: This panel is sure to get the crowd going. They plan on discussing the differences between infosec research in academia (more formal and less risk) and the hacker community (fast-paced and cutting-edge but more risky). We think most con goers will enjoy getting better insight into the academic research approach and come away with how to a take its best parts to create an optimal hybrid approach.
VetSec Meetup: This con tradition continues with with a gathering of military veterans in the bar of the @shmoocon hotel. Nothing formal … just show up. And if you aren’t a veteran, show up anyway and buy a vet a drink … and not the cheap stuff. Follow @vetsec for all the details.
FireTalks – Ladies Night Edition: Obviously I’m a bit biased here but come checkout the awesome ladies of infosec with an evening dedicated to their contributions to the security field. Ok … there are a few guys thrown in there but not bad for an infosec event. I hope we don’t get a red card for this though…
Shmooganography: Friday is a great time to get started on this yearly challenge that involves unveiling secret code words associated with the con. Checkout the ShmooCon page for additional details or just head on over to the challenge site to get started now.
Are there any other things going on Friday night? Let us know in the comments below. Today’s post pic is from Can You Hear Me Now. See ya!