| 08:30 | Welcome to the Family |
|
| 09:00 | Saving the world from the zombie apocalypse |
|
| 09:45 |
Skoudis
|
How to Give the Best Pen Test of Your Life |
| 10:30 |
Kennedy,
Mitnick
|
Back by popular demand -- Adaptive Penetration Testing Part Two |
| 12:00 |
Pesce
|
If it fits- it sniffs: Adventures in WarShipping |
Potter
|
Threat Modeling for Realz |
|
Scott
|
So You Want To Murder a Software Patent |
|
Kumar,
Shankar,
Walton
|
Subverting ML Detections for Fun and Profit |
|
Santana
|
NeXpose For Automated Compromise Detection |
|
| 12:30 |
Kinch,
Long,
Miller,
Miller
|
A girl, some passion, and some tech stuff |
| 13:00 |
Perez
|
Abusing Active Directory in Post-Exploitation |
Huston
|
A Guided Tour of the Internet Ghetto :: Introduction to Tor Hidden Services |
|
Isham,
Moey
|
Patching the Human Vulns |
|
Bowes
|
Secrets of DNS |
|
Paul
|
InfoSec -- from the mouth of babes (or an 8 year old) |
|
| 13:30 |
Fitzpatrick
|
Why Aim for the Ground? |
| 14:00 |
Marcus
|
Quantifying The Adversary: Introducing GuerillaSearch and GuerillaPivot |
Schwartz
|
Red Teaming: Back and Forth, 5ever |
|
Steele
|
Burp For All Languages |
|
Hogan
|
Snort & OpenAppID: How to Build an Open Source Next Generation Firewall |
|
Bromiley
|
NoSQL Injections: Moving Beyond ‘or ‘1’=’1′ |
|
| 14:30 |
Art
|
SWF Seeking Lazy Admin for Cross Domain Action |
| 15:00 |
Pitts
|
A Year in the (Backdoor) Factory |
Strand
|
How not to suck at pen testing |
|
McGuire,
Schroeder
|
Passing the Torch: Old School Red Teaming- New School Tactics |
|
Hodeges,
Schmitt,
Stone
|
GET A Grip on Your Hustle: Glassdoor Exfil Toolkit |
|
Beddome
|
Planning for Failure |
|
| 15:30 |
Miller
|
The Social Engineering Savants -- The Psychopathic Profile |
| 16:00 |
Donnelly,
Tomes
|
Ball and Chain (A New Paradigm in Stored Password Security) |
Wrightson
|
Mainframes, Mopeds and Mischief: A PenTester's Year in Review |
|
Rogue,
Woods
|
I Am The Cavalry: Year [0] |
|
Cargile
|
DNS-Based Authentication of Named Entities (DANE): Can we fix our broken CA model? |
|
Perez-Etchegoyen
|
Hiding the breadcrumbs: Forensics and anti-forensics on SAP systems |
|
| 16:30 |
Scott
|
You’re in the butter zone now- baby. |
| 17:00 |
Campbell
|
Et tu- Kerberos? |
Montgomery,
Sevey
|
The Multibillion Dollar Industry That’s Ignored |
|
Bowne,
Crenshaw,
Davidson,
Gardner,
Liles
|
University Education In Security Panel |
|
Kunz
|
Exploiting Browsers Like A Boss w/ WhiteLightning! |
|
Caudill,
Wilson
|
Making BadUSB Work For You |
|
| 17:30 |
Ringwood
|
PassCrackNet: When everything else fails- just crack hashes. |
| 18:00 |
Smith
|
Advanced Red Teaming: All your Badge Are Belong To Us |
Paul
|
Code Insecurity or Code in Security |
|
Moey
|
What happened to the ‘A’? How to leverage BCP/DR for your Info Sec Program |
|
Sharpe,
Trame
|
Real World Intrusion Response |
|
Askew
|
Vulnerability Assessment 2.0 |
|
| 18:30 |
Liles,
Liles,
Liles
|
Social Engineering your progeny to be hackers |
| 19:00 |
Munoz
|
Bypassing Internet Explorer’s XSS Filter |
McRee
|
C3CM: Defeating the Command- Control- and Communications of Digital Assailants |
|
Banks
|
Securing Your A$$ets from Espionage |
|
McCartney
|
Application Whitelisting: Be Careful Where The Silver Bullet Is Aimed |
|
Cook
|
A Brief History of Exploitation |
|
| 19:30 |
Bilodeau
|
Hunting Malware on Linux Production Servers: The Windigo Backstory |
| 09:00 |
Smith
|
Interceptor: A PowerShell SSL MITM Script |
Adams,
Xmas
|
Attack Paths |
|
Berlin
|
Hackers Are People Too |
|
Butturini
|
Making Mongo Cry-Attacking NoSQL for Pen Testers |
|
Jenks
|
Human Trafficking in the Digital Age |
|
| 09:30 |
Husted
|
Cat Herding in the Wild Wild West: What I Learned Running A Hackercon CFP |
| 10:00 |
Egypt
|
More New Shiny in the Metasploit Framework |
Kennedy
|
How to Secure and Sys Admin Windows like a Boss. |
|
Jardine,
Johnson
|
Ethical Control: Ethics and Privacy in a Target-Rich Environment |
|
Moore
|
Step On In, The Waters Fine! |
|
Samide
|
How to Stop a Hack |
|
| 10:30 |
Simo
|
We don’t need no stinking Internet. |
| 12:00 |
Regan,
Thomas
|
All Your Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches |
Amit
|
Red white and blue. Making sense of Red Teaming for good. |
|
Arlen
|
The Road to Compliancy Success Plus Plus |
|
Chronister
|
Give me your data! Obtaining sensitive data without breaking in |
|
Ellis,
Ragan
|
Hacking the media for fame and profit |
|
| 13:00 |
Hadnagy
|
The Human Buffer Overflow aka Amygdala Hijacking |
Street
|
Around the world in 80 cons |
|
Hoy,
Stauffacher
|
Are You a Janitor- Or a Cleaner |
|
Kouns,
Price
|
Third Party Code: FIX ALL THE THINGS |
|
Schwartzberg
|
ZitMo NoM |
|
| 13:30 |
Power
|
Penetrate your OWA |
| 14:00 |
Wartortell
|
Shellcode Time: Come on Grab Your Friends |
Crompton,
Douglas
|
Mirage — Next Gen Honeyports |
|
Ten
|
Practical PowerShell Programming for Professional People |
|
Erven
|
Just What The Doctor Ordered? |
|
Morris,
Zamora
|
RavenHID: Remote Badge Gathering -or- Why we sit in client bathrooms for hours |
|
| 14:30 |
Turner
|
Interns Down for What? |
| 15:00 |
Asadoorian
|
The Internet Of Insecure Things: 10 Most Wanted List |
Fasel,
Jacobs
|
They touched you WHERE? When trusting a security questionnaire isn’t enough! |
|
atlas
|
GROK |
|
Pruitt,
Wojton
|
Powershell Drink the Kool-Aid |
|
Perry
|
i r web app hacking (and so can you!) |
|
| 15:30 |
Lackey
|
Building a Modern Security Engineering Organization |
| 16:00 |
Abraham
|
DDoS Botnet: 1000 Knives and a Scalpel! |
Lang
|
Active Directory: Real Defense for Domain Admins |
|
Ellis
|
How building a better hacker accidentally built a better defender |
|
Douglas
|
powercat |
|
Gay
|
Information Security Team Management: How to keep your edge while embracing the dark side |
|
| 16:30 |
Johnson
|
5min web audit: Security in the startup world |
| 17:00 |
cC,
Maerz
|
wifu^2 |
Dunning
|
The Wireless World of the Internet of Things |
|
Bull,
Matthews
|
Exploring Layer 2 Network Security in Virtualized Environments |
|
Thyer
|
Macro Malware Lives! -- Putting the sexy back into MS-Office document macros |
|
Callaway
|
Project SCEVRON: SCan EVrything with ruby RONin |
|
| 17:30 |
Herman
|
Soft Skills for a Technical World |
| 18:00 |
Medin
|
Attacking Microsoft Kerberos: Kicking the Guard Dog of Hades |
Lackey
|
Hardware Tamper Resistance: Why and How? |
|
Jauregui
|
Girl… Fault Interrupted |
|
Hall,
Harit
|
Gone in 60 minutes -- Practical Approach to Hacking an Enterprise with Yasuo |
|
| 18:30 |
Mata,
Stone
|
Snarf - Capitalizing on Man-in-the-Middle |
| 19:00 |
Hartman,
Roberson
|
Electronic locks in firearms -- Oh My! |
| 09:00 |
Gardner,
Jordan,
Somerville
|
Introducting Network-Socut: Defending The Soft Center of Your Network |
McCabe
|
Open Source Threat Intelligence: Developing a Threat intelligence program using open source tools and public sources |
|
Troia
|
Analyzing Weak Areas of the Federal Cloud Security Program |
|
Hopper
|
Surviving until Dawn |
|
Sistrunk
|
Dolla Dolla Bump Key |
|
| 09:30 |
Maresca
|
What Dungeons & Dragons Taught Me About INFOSEC |
| 10:00 |
Bloxham
|
Getting Windows to Play with Itself: A Pen Tester's Guide to Windows API Abuse |
Daniel
|
Once upon a time… (InfoSec History 101) |
|
Rangarajan
|
Proactive Application Security |
|
Holland,
Kothari
|
A Bug or Malware? Catastrophic consequences either way. |
|
Sistrunk,
Tarkington
|
Gender Differences in Social Engineering: Does Sex Matter? |
|
| 10:30 |
David
|
Introduction to System Hardening |
| 12:00 |
Magniez
|
Offensive Safe Words -- Exploiting a Bad Dom(admins’) |
White
|
Hacking Mainframes; Vulnerabilities in applications exposed over TN3270 |
|
Wilhoit
|
Chicken of the APT: Understanding Targeted Attackers with Incubation! |
|
Berlin,
Davis,
Gardner,
McCann,
Milam,
Thomas
|
It’s Not Easy Being Purple |
|
Lenigan
|
Hacking your way into the APRS Network on the Cheap |
|
| 12:30 |
Pubal
|
Building a Web Application Vulnerability Management Program |
| 13:00 |
Hilt
|
Protocol Me Maybe? How to Date SCADA |
Hall
|
Single Chip Microcontrollers: Beyond Arduino |
|
Bending and Twisting Networks |
||
Goddard
|
Control Flow Graph Based Virus Scanning |
|
Thompson
|
Fighting Back Against SSL Inspection |
|
| 13:30 |
Hires
|
Physical Security: From Locks to Dox |
| 14:00 |
Kelly,
Reynolds
|
Attacks and Countermeasures: Advanced Network Traffic Manipulation |
Code24
|
Building Better Botnets with IPv6 |
|
Kennedy,
Murdock
|
Bridging the gap between red and blue |
|
Wojno
|
Ok -- so you’ve been pwned -- now what? |
|
Kopp
|
Am I an Imposter? |
|
| 14:30 |
Johnson,
Ten
|
Call of Community: Modern Warfare |
| 15:00 |
Bos,
Milam
|
What to expect when you’re expecting…a pentest |
Werby
|
Bad Advice- Unintended Consequences- and Broken Paradigms |
|
Foss
|
CMS Hacking Tricks |
|
Cran
|
Everybody gets clickjacked: Hard knock lessons on bug bounties |
|
Berner
|
The Canary in the Cloud |
|
| 15:30 |
Gough
|
Defensive talks NOT 'sexy'? What's sexier than catching an attack like Target- APT- SET or your Pen Tester? Let me show you some sexy logging |
| 16:00 |
Los
|
Things Being a New Parent of Twins Teaches You About Security |
Heiland,
Kienow
|
Simple Network Management Pwnd |
|
Randall
|
Advanced Incident Response with Bro |
|
Nichelson
|
Are you a Beefeater -- focused on protecting your crown jewels? |
|
| 17:00 | Closing Ceremonies |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.