Thoughts from ShmooconIX (2013)

(Image presumably (c) Shmoo group)

First off, I want to thank all of the organizers and speakers – everything went great, even including IPv6 connectivity for most of the event and only one broken chandelier (that I know of, anyway).

For those who don’t know, Shmoocon is a ~3 day security conference (Friday-Sunday) mostly broken up into three concurrently-running tracks:
“Build It”
“Belay It”
“Bring it on”
… these names give a pretty good idea of the topics that will be focussed on.

There are other talks as well, a “Train the trainer” schedule that runs partially parallel to those tracks, and “Fire Talks” after the main conference ends Friday and Saturday.  There are many other events going on – Ghost in the Shellcode, Barcode Shmarcode, Lockpick Village … it really is quite a packed event.
(The Fire Talks are about 20minutes long, vs. the main conference presnetations which run closer to an hour.)

Aside from being rather well-known for the quality of the talks (more on that later), Shmoocon is also infamous for selling all of their tickets in about 25 seconds.  The conference is intentionally kept small and reasonably priced, so selling all of the tickets is to be expected – but this rate of sell-out-age is amazing … and frustrating, as you burn up the F5 key on your keyboard trying to get tickets.
(The tickets are released in 3 different batches, and each batch uses up all of it’s ‘reservation tokens’ in 10 sconds or less … amazing!)

Another fantastic feature: all of the presentations are streamed live, and recorded.  These recordings are then made available, FREE.  This year’s recordings will eventually be posted at
(No ETA at the time of this writing.  Once posted, these are a great way to catch up on the ~2/3+ of the presnetations you missed!)

The Con
Anyway, let’s talk about a couple of the presentations – maybe get you fired up to go watch the videos (when they get posted).
(I won’t take up your whole day sharing the details for all of the talks I saw, if you want that see the very end of this post …)

#1 – Travis Goodspeed’s presentation about “Anti-Active Forensics” (aka Exploiting the USB Magic School Bus) was great.  Facedancer talks USB, and drives that wipe themselves in the face of “unusual access patterns (signifying forensic activity vs. normal user access)”.  (This was a Fire Talk)

#2 – Michael Rash’s “Port Knocking” presnetation was novel; and I think there could be a play for IPv6 there as well.  Michael, call me.

#3 – Chris Campbell’s “Pwn without tools” shows us the power of Power Shell and using Twitter for Command and Control (C2).  (This talk was also presented long-form at Epilogue, see below.)

Honorable mention goes to many of the presenters … Michelle’s Thin-Slicing (“fighting digital kudzu”), Georgia’s Smartphone Pentest Framework is of personal interest, Joe’s Becoming a Time Lord (“hacking NTP”, with props!) and G.Mark’s Hacking as an Act of War (“The DoD is for when the Dept of State fails”) were phenominal.

It may also go without saying, but I will say it anyway – the real value of attending this conference is just being in the same room(s) with all of these very smart people enaged in technical conversations and bouncing ideas back and forth; questioning and defending positions.
I might even more go so far as saying more information is exchanged in the hallways than in the presentations – learning via proximity :) .

The Northern Virginia Hackers (NoVaHa) put on a post-conference-conference called “Epilogue”.  This was a great day of great presentations as well, culminating in something that may make CCDC Blue Team’ers cry just a little bit.  An interesting experiment was to stream them all via Google Hangouts, which has the nifty benefit of also making them IPv6 reachable :) .
(Note: grecs was nive enough to catalog the videos from Epilogue,

(( For those really into self-abuse, you can follow my “stream of consciousness notes … (please excuse any typos, they were typed on a phone during the talks!):
Days 0, 1:
Day 2:
Epilogue:  ))

Feel free to ask me if you have any questions …
PS – It was good to see the return of the Shmooball!

Call to Arms!

The most common challenge I see out there with respect to IPv6 transition is the perception that this is just another 6 months long network upgrade or network feature enablement. It is NOT. This is not your usual project and it is not just another fire you can put out with a bucket of sweat. Well … at least that is true if you want to do it right. Look, it is not that the technology is super hard, it is simply a very wide scope project that touches every aspect of the IT environment. So the network team will finally have to play nice with the compute, storage and apps teams. And might as well because they need to practice for the brave new age of the Cloud.

Those of you who are well acquainted with the World of IPv6 are likely nodding your heads in silent approval. For how many years have we been trying to drive this message and push this education? Since we are not the “I told you so” kind of people, we keep trying to find a way to convey the message. So we, at Nephos6 decided to try something else. We wrote books, we wrote RFCs but that doesn’t seem to catch on as fast as we hoped. So …  we decided to go for the funny bone with help from our friends at Three Post.

This is not for the converted few, this is for the World.

My call to arms: Calling on those who passionately believe in IPv6 to help us spread the message. Help us fine tune the right message and get people to understand that they don’t need to spend a fortune on IPv6, they just need to take it serious.