ShmooCon 2023 Videos by Shmoo Group, various presenters

The videos in this collection are from ShmooCon 2023, which occurred on 20 - 22 January 2023, at the Washington Hilton Hotel. For more information about ShmooCon please visit https://www.shmoocon.org.

Please note that each video listed with [** TALK NOT RECORDED** ] next to it was (you guessed it) not recorded - at the request of the presenter.

Friday, January 20, 2023:

  • Shmoo Group - Opening Remarks, Rumblings, Ruminations, and Rants
  • Aeva Black - Open Source Software — Y U No Secure?
  • Paul Syverson - How to Use Sauteed Onion to Get to the Taste of Website You Want
  • Nicole Schwartz - Ya Got Trouble (And SLSA May Help)
  • Libby Liu - Big Tech Whistleblowers: Transparency, Accountability, and the Power of the Press
  • Tom Howard - Social Engineering from the Detective Perspective
  • Harley Geiger - Hacker Law for Hackers

Firetalks:

  • Firetalks Opening
  • Bryson Bort and Tarah Wheeler - AWe’re Going To Hell in a Handbasket (Together)
  • mubix “Rob” Fuller - Building a Successful Internal Red Team
  • Amit Serper - A 15-minute Crash Course to Building Your Own IoT Hacking Lab at Home
  • Brett Thorson - Incident Dress Rehearsal — Creating and Executing Your Own Table Top Exercise
  • Tabatha DiDomenico and Tarah Wheeler - A Celebration of (End of) Life
  • Nick Ascoli and Aiden Raney - Catching Some Phisherman [** TALK NOT RECORDED** ]
  • Jake Williams and Ray [Redacted] - “No! No! I can’t go to bed! Someone is wrong about Infosec!”
  • Firetalks Closing

Saturday, January 21, 2023:

  • Jason Baird - Mr. Radar: Layer 1 Recon
  • Brandon DeVault - Les Miserable Persistence: Hunting Through Scheduled Tasks
  • Krassimir Tzvetanov - Media Effects Used in Influence Operations [** TALK NOT RECORDED** ]
  • Travis Goodspeed - A Mask ROM Tool in Qt6 and C++
  • Jay Beale - Escalating Attack and Defense on Cloud-based Kubernetes — The Difference Between a Container and a Pod is a Pod can Begin an Adventure!
  • Kurt Opsahl - The UN Cybercrime Treaty: The One Treaty to Rule All the Hacking Laws
  • Tracy Mosley - Dit Dit-Dah-Dit: The Evolution of Cellular Networks
  • Jacob Torrey - Putting on a Big Show: Defending by Attacking Attacker Incentives
  • Brian Butterly - An Insight into Railway Security
  • Adnan Khan, Mason Davis, and Matt Jackoski - Phantom of the Pipeline — Abusing Self-Hosted CI/CD Runners
  • Kaitlyn DeValk - Riverside: A Network Security Visualization Tool
  • Christopher Forte - The Song Must NOT Go On
  • Falcon Darkstar Momot - The Un-parsing Manifesto: Reconnecting our Corpus Callosum
  • Christian Paquin - US Covid19 Immunization Credentials + Privacy-friendly QR Codes for Identity
  • Carson Zimmerman - How to Save Your SOC from Stagnation
  • nobletrout - How I Scanned the Internet for NSA Compromised Firewalls [** TALK NOT RECORDED** ]
  • Mao Sui - Catching Chinese Actors — A Game of Cat and Mouse [** TALK NOT RECORDED** ]
  • Andrew Logan - The OSINT Game that Reveals Hidden Helicopters of DC
  • Christopher Hewitt - Bringing the Curtain Down on Flash Protection in Obscure Microcontrollers through Fault Injection
  • Michael Rudden - Parkalot — Using Parking Apps Like Traditional Meters Using License Plate Validation Loopholes
  • Jesika McEvoy - You and Me (But Mostly Me)
  • Dylan Hoffmann - No, Really, The Gerasimov Doctrine Doesn’t Exist [** TALK NOT RECORDED** ]
  • Xeno Kovah - OpenSecurityTraining2: Free Deep-Technical Training
  • Space Rogue (C. Thomas) - The Perfect Resume For Entry-Level Infosec
  • Amanda Draeger - Textiles and Technology
  • Jonathan Fischer - From the Keyboards, Through the Walls, Got Implant Shells for Y’all
  • Gabriel Landau and Mark Mager - Hide Your Valuables — Mitigating Physical Credential Dumping Attacks
  • Madison Oliver and Jonathan Leitschuh - Congratulations! You Found a Security Vulnerability in an Open Source Project! Now What?
  • The Shmoo Group - 0wn the Con
  • Joe Oney - I Spy a Spy: Degrading Advanced Phishing Campaigns Against Your Organization and Clients
  • Omer Tsarfati - Inglourious Drivers — The Revenge of the Peripheral Devices

Sunday, January 22, 2023:

  • Jan Nunez and Jay Smith - Mainframe Hacking for CICS and Giggles
  • Scott Young - REveal: Unmasking Malware’s True Identity
  • Patricia Bailey - Telegram, Translations, and Twitter: How a Covert Russian Disinformation Effort Is Bypassing Censorship and Targeting Global Audiences
  • evm, Joshua Bailey, Robert Barr, Amanda Lee, and Jonah Schimpf - It Must Be Nice to Have Washington on Your Side: Unlinking Binaries on the DARPA Assured Micropatching Program
  • Gal Zror - Hacking ISPs with PPPoE
  • Kelly Ohlert - Under Pressure: Balancing Privacy Breach Notification with Incident Response
  • Kasimir Schulz - Escaping the Tar Pit and Securing the Supply Chain
  • Paul Asadoorian - The UEFI Threat — Or How I Can “Permanently” Brick Your Computer
  • Jonathan Fuller - Large-Scale Infiltration and Monitoring of C&C Servers
  • Mark Manning, Tina Velez, SPAM, and Bruce Potter (moderator) - Closing Plenary: OK, So What IS Working?
  • The Shmoo Group - Closing Remarks End of Con — See You Next Year!!