This information is also available in ePub and other formats.

Friday, January 19, 2018
Time One Track Mind
1200 Registration Opens
1400

Opening Remarks, Rumblings, Ruminations, and Rants

1530
Pseudo-Doppler Redux

Michael Ossmann and Schuyler St. Leger

1600
Don’t Ignore GDPR; It Matters Now!

Thomas Fischer

1630
The Friedman Tombstone — A Cipher in Arlington National Cemetery

Elonka Dunin

1700
Blink for Your Password, Blink Away Your Civil Rights?

Wendy Knox Everette

1730
Tap, Tap, Is This Thing On? Testing EDR Capabilities

Casey Smith

1800
Running a Marathon Without Breaking a Sweat? Forensic Manipulation of Fitness App Data.

Mika Devonshire

1830
Keynote

Donna F. Dodson

Time Firetalks
2000
That’s No Moon(shot)!

Beau Woods

2020
Everything You Wanted to Know About Creating an Insider Threat Program (But Were Afraid To Ask)

Tess Schrodinger

2040
Stack Cleaning — A Quest in Hunting for FLIRT

Jon Erickson

2100
Your Defense is Flawed (it’s only kinda your fault)

Bryson Bort

2120
The First Thing We Do, Let’s Kill all the [CISOs]

Alexander Romero and Steve Luczynski

2140
Patching — It’s Complicated

Cheryl Biswas

2200
Libation Escalation — Scotch and Bubbles

Erin Jacobs

Saturday, January 20, 2018
Time Build It! Belay It! Bring it On!
0930 Registration Opens
1000
Opening Closed Systems with GlitchKit

Kate Temkin and Dominic Spill


The Background Noise of the Internet

Andrew Morris


IoT RCE, a Study With Disney

Lilith Wyatt

1100
When CAN CANT

Tim Brom and Mitchell Johnson


Profiling and Detecting all Things SSL with JA3

John Althouse and Jeff Atkinson


Pages from a Sword-Maker’s Notebook pt. II

Vyrus

1200
Building a GoodWatch

Travis Goodspeed


Nation-State Espionage: Hunting Multi-Platform APTs on a Global Scale

Mike Flossman, Eva Galperin, and Cooper Quintin


Building Absurd Christmas Light Shows

Rob Joyce

1300 Break
1400
ODA: A Collaborative, Open Source Reversing Platform in the Cloud

Anthony DeRosa and Bill Davis


Catch Me If You Can: A Decade of Evasive Malware Attack and Defense

Alexei Bulazel and Bülent Yener


Electronic Voting in 2018: Threat or Menace

Matt Blaze, Joe Hall, Margaret MacAlpine, and Harri Hursti

1500
Better Git Hacking: Extracting “Deleted” Secrets from Git Databases with Grawler

Justin Regele


Someone is Lying to You on the Internet–Using Analytics to Find Bot Submissions in the FCC Net Neutrality Submissions

Leah Figueroa


A Social Science Approach to Cybersecurity Education for all Disciplines

Aunshul Rege

1530
CertGraph: A Tool to Crawl the Graph of SSL Certificate Alternate Names using Certificate Transparency

Ian Foster


Bludgeoning Bootloader Bugs: No Write Left Behind

Rebecca Shapiro


Listing the 1337: Adventures in Curating HackerTwitter’s Institutional Knowledge

hex waxwing and Daniel Gallagher

1600
afl-unicorn: Fuzzing the ‘Unfuzzable’

Nathan Voss


AWS Honey Tokens with SPACECRAB

Dan Bourke


Cyberlaw: Year in Review

Steve Black

1630
radare2 in Conversation

Richard Seymour


Time Signature Based Matching for Data Fusion and Coordination Detection in Cyber Relevant Logs

Lauren Deason


Skill Building By Revisiting Past CVEs

Sandra Escandor-O’Keefe

1700
OK Google, Tell Me About Myself

Lisa Chang


Defending Against Robot Attacks

Brittany Postnikoff


Hacking the News: an Infosec Guide to the Media, and How to Talk to Them

Sean Gallagher, Steve Ragan, and Paul Wagenseil

2100 Saturday Night Party

Sunday, January 21, 2018
Time Build It! Belay It! Bring it On!
0930 Registration Opens
1000
Embedded Device Vulnerability Analysis Case Study Using TROMMEL

Kyle O’Meara and Madison Oliver


Deep Learning for Realtime Malware Detection

Domenic Puzio and Kate Highnam


This Is Not Your Grandfather’s SIEM

Carson Zimmerman

1100
0wn the Con

The Shmoo Group


Securing Bare Metal Hardware at Scale

Paul McMillan and Matt King


CITL — Quantitative, Comparable Software Risk Reporting

Sarah Zatko, Tim Carstens, Parker Thompson, Peiter “Mudge” Zatko, and Patrick Stach

1200
SIGINT on a budget: Listening in, gathering data and watching–for less than $100

Phil Vachon and Andrew Wong


Getting Cozy with OpenBSM Auditing on MacOS … The Good, the Bad, & the Ugly

Patrick Wardle


Do as I Say, Not as I Do: Hacker Self Improvement and You

Russell Handorf

1300
ShmooCon Debates

Crypto Currency – Fad or Future
Consumer IOT Security – Controlling the Climate or Burning Down the House

Wendy Nather, Jack Daniel, Jack Gavigan, Elizabeth Wharton, and Bruce Potter (moderator)

1400

Closing Remarks