Thoughts from ShmooconIX (2013)

(Image presumably (c) Shmoo group)

First off, I want to thank all of the organizers and speakers – everything went great, even including IPv6 connectivity for most of the event and only one broken chandelier (that I know of, anyway).

For those who don’t know, Shmoocon is a ~3 day security conference (Friday-Sunday) mostly broken up into three concurrently-running tracks:
“Build It”
“Belay It”
“Bring it on”
… these names give a pretty good idea of the topics that will be focussed on.

There are other talks as well, a “Train the trainer” schedule that runs partially parallel to those tracks, and “Fire Talks” after the main conference ends Friday and Saturday.  There are many other events going on – Ghost in the Shellcode, Barcode Shmarcode, Lockpick Village … it really is quite a packed event.
(The Fire Talks are about 20minutes long, vs. the main conference presnetations which run closer to an hour.)

Aside from being rather well-known for the quality of the talks (more on that later), Shmoocon is also infamous for selling all of their tickets in about 25 seconds.  The conference is intentionally kept small and reasonably priced, so selling all of the tickets is to be expected – but this rate of sell-out-age is amazing … and frustrating, as you burn up the F5 key on your keyboard trying to get tickets.
(The tickets are released in 3 different batches, and each batch uses up all of it’s ‘reservation tokens’ in 10 sconds or less … amazing!)

Another fantastic feature: all of the presentations are streamed live, and recorded.  These recordings are then made available, FREE.  This year’s recordings will eventually be posted at
(No ETA at the time of this writing.  Once posted, these are a great way to catch up on the ~2/3+ of the presnetations you missed!)

The Con
Anyway, let’s talk about a couple of the presentations – maybe get you fired up to go watch the videos (when they get posted).
(I won’t take up your whole day sharing the details for all of the talks I saw, if you want that see the very end of this post …)

#1 – Travis Goodspeed’s presentation about “Anti-Active Forensics” (aka Exploiting the USB Magic School Bus) was great.  Facedancer talks USB, and drives that wipe themselves in the face of “unusual access patterns (signifying forensic activity vs. normal user access)”.  (This was a Fire Talk)

#2 – Michael Rash’s “Port Knocking” presnetation was novel; and I think there could be a play for IPv6 there as well.  Michael, call me.

#3 – Chris Campbell’s “Pwn without tools” shows us the power of Power Shell and using Twitter for Command and Control (C2).  (This talk was also presented long-form at Epilogue, see below.)

Honorable mention goes to many of the presenters … Michelle’s Thin-Slicing (“fighting digital kudzu”), Georgia’s Smartphone Pentest Framework is of personal interest, Joe’s Becoming a Time Lord (“hacking NTP”, with props!) and G.Mark’s Hacking as an Act of War (“The DoD is for when the Dept of State fails”) were phenominal.

It may also go without saying, but I will say it anyway – the real value of attending this conference is just being in the same room(s) with all of these very smart people enaged in technical conversations and bouncing ideas back and forth; questioning and defending positions.
I might even more go so far as saying more information is exchanged in the hallways than in the presentations – learning via proximity :) .

The Northern Virginia Hackers (NoVaHa) put on a post-conference-conference called “Epilogue”.  This was a great day of great presentations as well, culminating in something that may make CCDC Blue Team’ers cry just a little bit.  An interesting experiment was to stream them all via Google Hangouts, which has the nifty benefit of also making them IPv6 reachable :) .
(Note: grecs was nive enough to catalog the videos from Epilogue,

(( For those really into self-abuse, you can follow my “stream of consciousness notes … (please excuse any typos, they were typed on a phone during the talks!):
Days 0, 1:
Day 2:
Epilogue:  ))

Feel free to ask me if you have any questions …
PS – It was good to see the return of the Shmooball!