| 09:00 | Opening Ceremony |
|
| 10:00 |
Holmes,
Snover
|
Keynote |
| 12:00 |
Perez
|
Thinking Purple |
Skoudis
|
Internet of Things, Voice Control, AI, and Office Automation: BUILDING YOUR VERY OWN J.A.R.V.I.S. |
|
Beardsley,
Cook,
Lee,
Maloney,
Sanchez
|
Metasploit Townhall |
|
Schmitt
|
Data Obfuscation: How to hide data and payloads to make them "not exist" (in a mathematically optimal way) |
|
Smith
|
Go with the Flow: Get Started with Flow Analysis Quickly and Cheaply |
|
| 12:30 |
Greene
|
Abusing RTF: Evasion, Exploitation and Counter Measures |
| 13:00 |
Fuller
|
Writing malware while the blue team is staring at you |
Hadnagy
|
Mind Reading for Fun and Profit using DISC |
|
Drake
|
Stagefright: An Android Exploitation Case Study |
|
Evans,
Pleger
|
Top 10 2015-2016 compromise patterns observed & how to use non-traditional Internet datasets to detect & avoid them |
|
Lafferty
|
Information Security Proposed Solutions Series - 1. Talent |
|
| 13:30 |
Ramirez
|
DNSSUX: Why DNSSEC Makes Us Weaker |
| 14:00 |
Halfpop,
Soo
|
Macs Get Sick Too |
Desimone
|
Hunting for Exploit Kits |
|
Breen,
Mallz
|
Rotten Potato - Privilege Escalation from Service Accounts to SYSTEM |
|
Cano
|
+1,000,000 -0: Cloning a Game Using Game Hacking and Terabytes of Data |
|
Bayles,
wartortell
|
Nose Breathing 101: A Guide to Infosec Interviewing |
|
| 14:30 |
McLaughlin
|
Android Patchwork: Convincing Apps to Do What You Want Them To |
| 15:00 |
Nelson,
Schroeder
|
A Year in the Empire |
Gillam,
Johnson
|
Next Gen Web Pen Testing: Handling modern applications in a penetration test |
|
Gates,
Johnson
|
DevOops Redux |
|
Giannoutsos,
Voloch
|
To Catch a Penetration Tester: Top SIEM Use Cases |
|
McIntyre
|
Is that a penguin in my Windows? |
|
| 15:30 |
Roberts,
White
|
Real World Attacks VS Check-box Security |
| 16:00 |
Ben0xA
|
PowerShell Secrets and Tactics |
Allen
|
Beyond The 'Cript: Practical iOS Reverse Engineering |
|
Street
|
.... and bad mistakes I've made a few..... |
|
Carr,
Dunwoody
|
No Easy Breach: Challenges and Lessons from an Epic Investigation |
|
Vanatta
|
ARRR Maties! A map to the legal hack-back |
|
| 16:30 |
Wharton
|
Project MVP - Hacking and Protecting SharePoint |
| 17:00 |
Salvati
|
CrackMapExec - Owning Active Directory by using Active Directory |
Brockway,
Hogan
|
Adaptation of the Security Sub-Culture |
|
Genz,
Grace
|
Better Network Defense Through Threat Injection and Hunting |
|
nyxgeek
|
Hacking Lync (or, 'The Weakest Lync') |
|
Gennuso
|
Responder for Purple Teams |
|
| 17:30 |
Toler
|
Metaprogramming in Ruby and doing it wrong. |
| 18:00 |
Coggin
|
Exploiting First Hop Protocols to Own the Network |
Landers
|
Outlook and Exchange for the Bad Guys |
|
Regan,
Thomas
|
It’s Never So Bad That It Can’t Get Worse |
|
Clark
|
AWShit. Pay-as-you-go Mobile Penetration Testing |
|
Snoke
|
Evolving your Office's Security Culture |
|
| 18:30 |
Schearer
|
Confronting Obesity in Infosec |
| 19:00 |
Mager
|
Defeating The Latest Advances in Script Obfuscation |
Gough
|
From Commodity to Advanced (APT) malware, are automated malware analysis sandboxes as useful as your own basic manual analysis? |
|
Mathieu
|
BurpSmartBuster - A smart way to find hidden treasures |
|
| 19:30 |
DeSantis,
Marshall,
Pacho
|
Advanced Persistent Thirst (APT) |
| 09:00 |
MalcomVetter
|
Breaking Credit Card Tokenization Without Cryptanalysis |
V
|
Privileged Access Workstations (PAWs) |
|
Lyons,
Marpet
|
Business Developement: The best non-four letter dirty word in infosec. |
|
Berner,
Lang
|
Tool Drop 2.0 - Free As In Pizza |
|
Tegg
|
We're a Shooting Gallery, Now What? |
|
| 09:30 |
Burns
|
Malicious Office Doc Analysis for EVERYONE! |
| 10:00 |
Metcalf,
Schroeder
|
Attacking EvilCorp: Anatomy of a Corporate Hack |
Atkinson,
Graeber
|
Living Off the Land 2: A Minimalist's Guide to Windows Defense |
|
Wilhoit
|
Point of Sale Voyuer - Threat Actor Attribution Through POS Honeypots |
|
Lauer,
Mio,
Woolard
|
The Art of War, Attacking the Organization and Raising the Defense |
|
Herman,
Herman
|
The 1337 Gods of Geek Mythology - |
|
| 10:30 |
Huff
|
Open Source Intelligence - What I learned by being an OSINT creeper |
| 12:00 |
Beale
|
Phishing without Failure and Frustration |
Pesce
|
I don't give one IoTA: Introducing the Internet of Things Attack Methodology |
|
int0x80
|
Anti-Forensics AF |
|
Deral,
Heiland
|
Managed to Mangled: Exploitation of Enterprise Network Management Systems |
|
Joey
|
Finding Your Balance |
|
| 12:30 |
EvilMog
|
Hashcat State of the Union |
| 13:00 |
Lee
|
New Shiny in Metasploit Framework |
Radcliffe
|
Hacking with Ham Radios: What I have learned in 25 years of being a ham. |
|
Strand
|
Penetration Testing Trends |
|
Hartstack,
Sullivan
|
Garbage in, garbage out: generating useful log data in complex environments |
|
Smith
|
Establishing A Foothold With JavaScript |
|
| 13:30 |
McEvoy
|
Overcoming Imposter Syndrome (even if you?re totally faking it) |
| 14:00 |
FuzzyNop
|
Embrace the Bogeyman: Tactical Fear Mongering for Those Who Penetrate |
Conrad
|
Introducing DeepBlueCLI, a PowerShell module for hunt teaming via Windows event logs |
|
DeMott,
Stroschein
|
Using Binary Ninja for Modern Malware Analysis |
|
M
|
Fuzzing basics...how to break software |
|
Bowser
|
Security v. Ops: Bridging the Gap |
|
| 14:30 |
Spehn
|
From Gaming to Hacking The Planet |
| 15:00 |
Blanchard
|
How to Social Engineer your way into your dream job! |
Holmes
|
Attackers Hunt Sysadmins - It's time to fight back |
|
Compton,
Lane
|
Scripting Myself Out of a Job - Automating the Penetration Test with APT2 |
|
Miller
|
Hacking for Homeschoolers: STEM projects for under $20 |
|
Sutherland
|
SQL Server Hacking on Scale using PowerShell |
|
| 15:30 |
Marks,
Silgado
|
Dive into DSL: Digital Response Analysis with Elasticsearch |
| 16:00 |
Schwartzberg,
Sistrunk
|
Make STEHM Great Again |
Yost
|
Python 3: It's Time |
|
Martin
|
DNS in Enterprise IR: Collection, Analysis and Response |
|
Branch
|
Need More Sleep? REST Could Help |
|
Gardner
|
Making Our Profession More Professional |
|
| 16:30 |
Miller
|
How are tickets paid for? |
| 17:00 |
Sempf
|
Breaking Android Apps for Fun and Profit |
Berlin,
Brotherston
|
So You've Inherited a Security Department, Now What? |
|
Young
|
Reverse engineering all the malware...and why you should stop. |
|
Magniez
|
Body Hacking 101 (or a Healthy Lifestyle for Security Pros) |
|
Byrd
|
Security Automation in your Continuous Integration Pipeline |
|
| 17:30 |
Dewey
|
Cruise Ship Security OR Hacking the High Seas |
| 18:00 |
Fosaaen
|
Attacking ADFS Endpoints with PowerShell |
Hilt
|
The 90's called, they want their technology back |
|
Neely
|
Web Security for Dummies |
|
| 18:30 |
Hayes
|
I Love myBFF (Brute Force Framework) |
| 19:00 |
Conway,
Craig
|
Nobody gets fired by choosing IBM... but maybe they should. |
| 19:30 |
Mirovengi
|
Shackles, Shims, and Shivs - Understanding Bypass Techniques |
| 10:00 |
Haight
|
Introducing PowerShell into your Arsenal with PS>Attack |
Jardine
|
Recharging Penetration Testing to Maximize Value |
|
hypervista
|
Poetically Opaque (or other John Updike Quotes) |
|
Boyd
|
Hack Yourself: Building A Pentesting Lab |
|
Flathers
|
Abusing Linux Trust Relationships: Authentication Back Alleys and Forgotten Features |
|
| 10:30 |
Mendoza
|
Samsung Pay: Tokenized Numbers, Flaws and Issues |
| 11:00 |
Krug,
McCormack
|
Hardening AWS Environments and Automating Incident Response for AWS Compromises |
Plunkett
|
Yara Rule QA: Can't I Write Code to do This for Me? |
|
Kasza
|
Java RATS: Not even your Macs are safe |
|
Banks,
Bullock,
Thyer
|
The Advanced Persistent Pentester (All Your Networks Are Belong 2 Us) |
|
Butturini
|
Fire Away! Sinking the Next Gen Firewall |
|
| 12:00 |
Bohannon
|
Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To) D""e`Tec`T 'Th'+'em' |
Wilson
|
Mobile Device Forensics |
|
Cammilleri,
Lakhan
|
Hashview, a new tool aimed to improve your password cracking endeavors. |
|
Fehrman
|
Hardware Hacking the Easyware Way |
|
Lichtenberger
|
PacketKO - Data Exfiltration Via Port Knocking |
|
| 12:30 |
Murdock
|
Ransomware: An Overview |
| 13:00 |
Stillman
|
MariaDB: Lock it down like a chastity belt |
Guzman
|
IoT Defenses - Software, Hardware, Wireless and Cloud |
|
Cammack,
Cook
|
Static PIE: How and Why |
|
Hollembaek,
Pond
|
Finding a Weak Link: Attacking Windows OEM Kernel Drivers |
|
Bougere
|
The Beginner's Guide to ICS: How to Never Sleep Soundly Again |
|
| 14:30 | Closing Ceremony |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.