ShmooCon 2015 Write Up

I attended ShmooCon for the second time in a row and, I have to say, I thoroughly enjoyed myself. As promised, here’s the detailed write-up of my experiences.

TL;DR: ShmooCon 2015 was awesome. Oh, by the way - I created a Twitter account for the site - @malware_cat. If you want to stay up-to-date, following the Twitter account is a great way to do so!

I had attended ShmooCon 2014, stylized as ShmooCon X, last year and had an absolute blast. I attended it as a student through the Shmooze-a-Student program, a program that graciously pays for a student’s ticket and gives a $200 stipend with the intentions of paying for your travel, meal, and any other con-related expenses you have.

I attended ShmooCon 2015 again through the sponsorship from ShmooCon and their 25 or so independent parties who helped fund the program. I’d like to thank ShmooCon (and all of the Shmoozers) for their gracious contributions!

I had a CyberPatriot regional championship (y’know, the one before nationals) on Friday, the 17th. This was a tragedy, considering there were multiple things going on at that time:

  • 6 hour CyberPatriot regional championship
  • ShmooCon XI Shmooze-a-Student meetup
  • Opening ceremonies
  • Awesome talks

I wasn’t able to start the drive down until 1500, putting me down there sometime after 1830, thanks to rush-hour traffic. Once I arrived, I checked into the fancy Washington Hilton Hotel. I grabbed something quick to eat and then found Registration, where I was given an incredibly cool wood-burnt badge and a schedule that was in the form of a plastic card, much like the badge from last year. I think that the schedule card was a great addition and look forward to seeing it return next year – it’s surely more convenient than the alternative of digging through multiple pages of your magazine, hunting for a schedule.

I then made my way to the Bring It On room, the large conference room, to attend the Family Feud parody of Family FUD. The turnout was not what was expected but it was absolutely hilarious -the organizer had everyone fill out a Google Form full of questions, true Family Feud style. Some of the notable questions were “What is the first thing you install on a new PC?” and “What piece of clothing accurately attributes a hacker?”. Although there were many, many mishaps with the problematic buzzer it was still hilarious. My favorite moment had to be when an individual guessed “vim” for the first thing you install on a new computer and that was the second most popular choice.


ShmooCon’s trademark logo.

Since I had missed all the talks on Friday, the first talk I was able to attend was NSA Playset: USB Tools. Three security researchers (including the creator of Ubertooth) gave a talk on their process of (successfully) attempting to recreate some of the capabilities they believe the NSA has. Most notable was a USB device that allowed persistence through reboots and allowed an attacker to send and receive wireless transmissions from afar to control it. They actually succeeded and had a prototype of the device there, a prototype built at 3 AM the night before. They also created a device that could effectively perform a MITM attack on a USB drive.

Another talk that deserves a mention was Analysis of PoS Malware. In the talk Brandon Benson gave a talk on his analysis of many PoS malware strains he’s found. It was a great talk that accurately explained the majority of PoS malware. All of it was previously discovered knowledge but he summarized it well. I also attended a talk about military deception by Tom Cross, David Raymond, and Gregory Conti that was entertaining.

I didn’t get to check out the Lockpick Village but checked out the chill-out room. I mainly spent my time attending talks and talking to vendors. I looked forward to the fire talks once again and was pleasantly satisfied. da_667 gave an excellent talk on amateur malware hunting and his escapades. Another user gave a talk on logging and mapping a bunch of attempted SSH brute force attacks that was pretty neat.

I didn’t go to the party because, y’know, I can’t drink, but I heard it was a lot of fun.

Sunday’s panel posed an interesting question and caused a healthy debate that attempted to address how cybersecurity as a whole was changing. Everyone on the panel was “seasoned”, a word that’s an euphemism for older. They contributed a lot and I enjoyed listening to Space Rouge’s arguments the most.

All in all, ShmooCon 2015 was a blast and I can’t wait for ShmooCon 2016! It’s obvious how much time and care the ShmooCon organizers put into the conference and how hard they try to make it such a success. Shout out to Heidi and her immense contributions to the conference every year!

Leave a Reply

Your email address will not be published. Required fields are marked *