Shmoocon Day1



Post Fri Mar 23, 2007 10:43 pm

Shmoocon Day1

Don was nice enough to sponsor me to go to Shmoocon for EH-net.

site: http://www.shmoocon.org/

so here is my wrap up for day 1:

this is the 3rd year of shmoocon and started off very well.

We started with Bruce Potter giving the crowd a warm up to the day's speakers and a bit of history about the con and another bit about how the ticket sales went.  in case you don't know, the first batch sold out in about 3 days, the second batch in 45 minutes and the last batch in 8 minutes.  Of course there i was trying to buy my ticket in that last batch and didnt make it in the first 8 minutes  >:(.  thankfully Don came to the rescue.

Here is the speaker's schedule:

Today's talks were 20 minute talks with 10 minutes Q&A.

Hacking the Airwaves with FPGA's:

*this talk was about some advancements & research in WPA & WEP cracking drastically speeding up cracking time using FPGA's.  He did a couple of demos and was cracking WEP and WPA with cowpatty on windows and was on the order of 4 times faster with FPGA than without.  He also talked about some flaws in OS X FileVault and being able to crack the hashes with John The Ripper.  He also did a demo cracking bluetooth PINs, again considerably faster with the FPGA than without.  i was really wanting to go out and purchase one until he dropped the $1900.00 pricetag for one. 

Eoin Miller and Adair Collins
Auditing Cached Credentials with Cachedump:

*this talk was about using the Cachedump tool during assessment to pull down the cached administrator credentials that can be left over when a domain admin logs in to a windows box for maintenance.  they discussed that these creds can be cached when  the admin logs in locally, remotely with RDP, using the "run as" command, logging in with dameware or if admins share a laptop with other users.

they had a group policy script (dont know if they are releasing it) that would go thru using cachedump look for cached admin creds and delete the key out of the registry which should pretty much mitigate the attack.

Adam Shostack
Security Breaches are Good for You:

*This talk was about how security breaches should be good for us (as the consumer).  He talked about TJMAX and choicepoint data losses/breaches and how you would have thought that these companies would have lost major $$ and customers but it didn't seem to go that way.  fairly interesting discussion.  the major obstacles to this research seems to be the lack of reporting by companies of losses or breaches or personal data even though most states require it by law.

Johnny Long
No-Tech Hacking

*Excellent talk on really just observing things around you from a hacker's perspective.  like what people are wearing at the airport letting you know what they do for a living, security badges, DoD stickers on cars telling ALOT about the person driving, and how shoulder surfing at the airport or on a plane is still a very real threat.  He also had another good piece on how valuable dumpster diving still is.  really good talk considering it had nothing to with computers per say but still putting those hacker mind skills to work.

Deviant Ollam, Noid and Thorn
Boomstick-Fu: The Fundamentals of Physical Security at its Most Basic Level:

*this talk was about firearms. handguns versus rifles vs shotguns.  good Q&A with some ex law enforcement people.

Sergey Bratus
Simple Entropy-based heuristics for Log and Traffic Analysis:

*when the talk starts out with the guy explaining entropy and log and traffic analysis to all the people in the crowd you know you are in for some good con-fu and it was good.  Check out his speaker bio for more info:

Keynote Address: Aviel Rubin:

*GREAT talk on Breaking into systems; Political, Legal, & Technical Aspects.  Covered responsible disclosure and the law, how/when to involve lawyers, DMCA issues, and creating adversaries out of the the companies whose software you broke into little pieces :-)  Also good points on making sure you inform management of what you found so they can line up their lawyers for damage control if the company decides to play rough.  Dr. Rubin talked about his research into the Diebold voting machines and cracking the RFID (exxon/mobil speedpass) as well as some of the car keys that use similar technology to verify that your key is paired with your car.

His slides are already posted on his blog, so check them out:

Other things of note were:

T-shirts were 10 bucks!  ;D

Got to meet Ed Skoudis, that was cool!

Crowd was good, location was good, and atmosphere was good too.
Last edited by LSOChris on Fri Mar 23, 2007 10:49 pm, edited 1 time in total.


User avatar

Hero Member
Hero Member

Posts: 1911

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Mar 23, 2007 11:00 pm

Re: Shmoocon Day1

Excellent! Sounds pretty good so far. Thanks for the info and post. Keep us updated :)


User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Sat Mar 24, 2007 9:55 am

Re: Shmoocon Day1

Wow Chris Thanks!! You took some serous notes :P. I am not hanging at the edge of my seat for "day 2".

Keep up the good work and try to get at least 4 hours sleep :)

CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP


User avatar


Posts: 4270

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Mar 24, 2007 10:04 am

Re: Shmoocon Day1

Well done. I can't wait for Day 2!

Once again, you prove that any investment I make in you is well worth it.

Slimjim - You're next with Notacon (I'll PM you details). Chris sets the bar high, doesn't he?


Return to Gates

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software