| 08:00 |
Murphy
|
Industrial Control System Network Analysis |
Kubecka
|
Hands-on OSINT Crash Course for Hackers |
|
Mott,
Trudeau,
Williams
|
Intro to Practical Network Signature Development for Open Source IDS |
|
| 10:00 |
Miller
|
Something Wicked: Defensible Social Architecture in the context of Big Data, Behavioral Econ, Bot Hives, and Bad Actors |
| 10:50 |
Corman
|
How To Lose Friends and Influence People (An Apology) |
| 11:30 |
Strazzere
|
GO Forth And Reverse |
Dufresne,
Limbago
|
Destructive Malware and Interstate Rivalries: The Evolution of Digital Weapons and Geopolitical Conflict |
|
Ottenheimer
|
Hidden Hot Battle Lessons of Cold War: All Learning Models Have Flaws, Some Have Casualties |
|
Castellucci
|
Optimizations for Bitcoin key cracking |
|
Xmas
|
How To Accidentally Get A Job In InfoSec. |
|
Corman,
Elazari,
Woods
|
IATC Kickoff |
|
Townes
|
A Day in the Life of a Product Security Incident Response Manager |
|
3ncr1pt3d
|
Banking on Insecurity: The ongoing fairytale of securing financial institutions |
|
| 12:00 |
Adefala
|
Deep Learning Neural Networks – Our Fun Attempt At Building One |
Stempfley
|
What A Career In Public Service Is Really About |
|
Butz
|
From SOC to CSIRT |
|
| 12:30 | Mentoring, Networking, Resume Review |
|
| 14:00 |
_Naught,
zerosum0x0
|
Koadic C3 - Windows COM Command & Control Framework |
Bin
|
Google Apps Scripts Kill Chain |
|
Anderson
|
Your model isn't that special: zero to malware model in Not Much Code and where the real work lies |
|
Castellucci,
Vasek
|
Measuring the Use and Abuse of Brain Wallets |
|
Wilkerson
|
Public Policy of Things |
|
Aoyama
|
How to escalate privileges to administrator in latest Windows. |
|
Rajguru
|
Extreme Mobile Application Exploitation |
|
Esposito,
Montoro
|
Elastic-ing All the Things - Saving anything at elastic stack and having fun with detections |
|
Brenes,
Sokol
|
Navigating the Alternative Facts of Malware Prevention |
|
| 14:30 |
Dewey,
Sterling
|
IMSI Catchers And The Happy Yellow Helicopter: Security Challenges At Standing Rock |
Harang
|
Getting insight out of and back into deep neural networks |
|
Bush,
Sheridan
|
Rate the Recruiter |
|
Kirwin
|
Two-Factor Auth - Demand Bidirectional |
|
| 15:00 |
Ryan
|
The Black Art of Wireless Post-Exploitation: Bypassing Port-Based Access Controls Using Indirect Wireless Pivots |
Braik,
Debize
|
Hadoop Safari : Hunting For Vulnerabilities |
|
Rankin
|
Sex, Secret and God: A Brief History of Bad Passwords |
|
Sweaney
|
The Commoditization of Security Solutions: Will You Be Replaced by a Small Script? |
|
Friedman,
Schwartz,
Wilkerson
|
Feds <3 H4ckers |
|
Actis
|
Pwn All The Mobile Porn Apps |
|
Pratt
|
Inside MormonLeaks: the why, the how, and the what |
|
| 15:30 |
Arnaldo,
Mather
|
Transfer Learning: Analyst-Sourcing Behavioral Classification |
Elaassal
|
Breaking the Fourth Wall - Hacking a 50 years old myth |
|
| 17:00 |
Baxendale
|
Microservices And FaaS For Offensive Security |
McNeil
|
All The Sales President’s Men |
|
Nye
|
The Human Factor: Why Are We So Bad at Security and Risk Assessment? |
|
Foster,
Hulton
|
Think Complex Passwords Will Save You? |
|
Corman,
Dameff,
Tulley
|
Healthcare in Critical Condition |
|
Lamberson
|
I Club and So Can You |
|
Cardozo,
Galperin,
Opsahl
|
Ask the EFF |
|
| 17:30 |
Barth,
Gilman
|
Zero Trust Networks: In Theory and in Practice |
Levy,
Radloff,
Rides
|
How To Hack Recruiting: Turning the Tables (Panel) |
|
Suresh
|
Engineering My Way Into InfoSec |
|
| 18:00 |
Cardella
|
The Struggle Is Real: My Journey With Mental Health Issues |
Pyorre
|
Behavioral Analysis from DNS and Network Traffic |
|
Caput
|
Cash in the aisles: How gift cards are easily exploited |
|
Duren,
Havermann,
Levy,
Radloff,
Rides
|
Recruiter Smack Down (Panel) |
|
Corman
|
HHS Task Force (Panel) |
|
Weinman
|
Introduction to Reversing and Pwning |
|
Greenhagen
|
Skip tracing for fun and profit |
|
| 18:30 |
Darracott,
Eidelberg
|
SniffAir – An Open-Source Framework for Wireless Security Assessments |
Everette
|
Regulatory Nets vs. The Fishing Hook Of Litigation |
|
Chen,
King,
Tierney
|
Internet of Cars |
|
| 19:00 |
Bitensky
|
Writing Malware Without Writing Code |
Chin
|
Pwning Software-Defined Networking (SDN) |
|
Gibson
|
Sympathy for the Developer |
|
Johnson
|
Going Passwordless |
|
Liberman,
Misgav
|
The Attack Chain Of A Nation-State (Equation Group) |
|
| 19:30 |
Byers
|
YARA-as-a-Service (YaaS): Real-Time Serverless Malware Detection |
Elazari
|
Hacking the Law: A Call for Action – Bug Bounties Legal Terms as a Case Study |
| 08:00 |
Bowne,
Duffy,
Smith
|
Practical Malware Analysis - Hands-On |
John
|
Effective YARA |
|
| 09:00 |
Momot
|
Crams and Exams for Hams |
| 10:00 |
Arvanaghi,
Truncer
|
CheckPlease - Payload-Agnostic Implant Security |
Mathieu
|
Purple Team: How This Color Can Help You And Your Organisation Learn and Get Better |
|
Saxe
|
The New Cat and Mouse Game: Attacking and Defending Machine Learning Based Software |
|
Reinhold
|
Safer Storage and Handling of User Answers to Security Questions |
|
Murray
|
Hacking Is Easy, Hiring Is Hard: Managing Security People |
|
Clark
|
Scamming the Scammers - Becoming the Robin Hood of the phones |
|
Brandt
|
Why is China all up in my SQL server? |
|
| 10:30 |
Gordon
|
Mining Software Vulns in SCCM / NIST’s NVD– The Rocky Road to Data Nirvana |
beard
|
Technical Tactics: Embedded Linux Software BOM |
|
Gray
|
Applied OSINT: Enabling Better Social Engineering for Better Pen Tests |
|
| 10:45 |
Farrell
|
Technical Tactics: Fear & loathing in building management systems |
| 11:00 |
Peteroy,
Warner
|
Network Forensic Analysis in an Encrypted World |
Bailey,
Ellis,
Graham,
Ottenheimer
|
Baby Got Hack Back |
|
Brandon,
Seymour
|
Building a Benign Data Set |
|
Thomas
|
TMTO...Y? |
|
Brand
|
Hacking Tech Interviews |
|
Batz,
Luczynski,
Wong,
Wood
|
Lightning Talks: Thinking Different |
|
St-Pierre
|
One OSINT Tool to Rule Them All |
|
Patel
|
Accessibility: A Creative Solution to Living Life Blind |
|
| 11:30 |
Mitchell
|
A System Dynamics Approach to CNO Modelling |
Hocking
|
(In)Outsider Trading - Hacking stocks using public information and influence. |
|
| 12:00 |
Snezhkov
|
Abusing Webhooks for Command and Control |
Roth
|
The Role of Data Visualization in Improving Machine Learning Models |
|
Dickey
|
Rethinking P@ssw0rd Strength Beyond Brute-force Entropy |
|
Batz,
Luczynski,
Wong,
Wood
|
Red/Blue Q&A: Pressure Test Lightning Talk Ideas |
|
Keim
|
Your Facts Are Not Safe with Us: Russian Information Operations as Social Engineering |
|
Rand
|
Kick up the Jams |
|
| 14:00 |
Dick,
Flores
|
SECSMASH: Using Security Products to own the Enterprise' |
Lininger
|
Minimum Viable Risk Management Program |
|
Park
|
Data visualization in security: Still home of the WOPR? |
|
Burnett
|
Protecting Windows Credentials: An Excessive Guide for Security Professionals |
|
Carey
|
Hacking College, a Cybersecurity Career, and Certifications |
|
Corman,
Healey,
Woods
|
IATC Cyber Crisis Simulation |
|
Mosley
|
Robust Defense for the rest of Us |
|
Rakhmanov,
Zakharevich
|
Auditing Of IoT Devices |
|
Ryan
|
Advanced Wireless Attacks Against Enterprise Networks |
|
Brandt
|
Poking bears: Validating the truth from IoCs in attack postmortem reports |
|
| 14:30 |
Choudhury,
Wylie
|
Exploration of Novel Visualizations for Information Security Data |
Johnson
|
It’s Not Me, It’s You: How To Be A Better Hiring Manager or Rooting Out Excellent Candidates Despite Themselves |
|
Rose
|
I got more games than Milton Bradley: Incentivize a positive change in your security culture |
|
| 15:00 |
underflow
|
Modern Internet-Scale Network Reconnaissance |
Abrams,
CmdC0de,
Gater_Byte
|
DefCon DarkNet Badge Hardware And Software: An Introduction To Custom Badge Building |
|
Tam
|
Magical Thinking... and how to thwart it. |
|
Williams
|
Password Cracking 201: Beyond the Basics |
|
Bachelor
|
Interrogation Techniques for Fun and Profit: Designing better tools for your SOC team |
|
FORTRAN
|
(Even More) Mainframes? On my Internet? |
|
| 15:30 |
Rogers,
Rogers,
Stillwell
|
Is Data Visualization still necessary? |
Clawson
|
Messing with Forensic Analysts: Modifying VSS Snapshots |
|
| 17:00 |
Bitensky
|
Vaccination - An Anti-Honeypot Approach |
Toth
|
Hacks and Crafts: Improvised Physical Security Tools for Improvised Situations |
|
Momot,
Postnikoff
|
Grappling Hooks on the Ivory Tower: This Year in Practical Academic Research |
|
Aumasson,
Romailler
|
Automating Crypto Bugs Discovery |
|
Wong,
Wood
|
Hacking Office Politics for Cybersecurity Leaders |
|
Healey,
Wilkerson
|
IATC Mock Congressional Hearing |
|
Handorf
|
Why can't we be friends? (Ask a Fed.) |
|
| 17:30 |
Basurto,
Buendia
|
How To Obtain 100 Facebooks Accounts Per Day Through Internet Searches |
| 18:00 |
Ahern
|
Lessons from the front lines: New York City Cyber Command |
Lacambra
|
How To Respond To Cops Who Want Your Passwords |
|
Powell
|
How to make metrics and influence people |
|
Zendzian
|
F! Passwords! |
|
Pardo
|
CTF all the things: Leveraging gamification to up your security game |
|
Kinser
|
/.git/ing All Your Data |
|
| 18:30 |
Beatty
|
Everything is Not Awesome: How to Overcome Barriers to Proper Network Segmentation |
mcauley
|
How I Scanned The Internet For NSA Compromised Firewalls |
|
| 18:45 | IATC Closing |
|
| 19:00 |
Horiuchi
|
Radio frequencies all around us! What data are you leaking and what is done with it? |
This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.
Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.