Friday, January 10, 2025
Time One Track Mind
1200 Registration Opens
1400

Opening Remarks, Rumblings, Ruminations, and Rants
1530 TaskMooster
1600 I Just Wanted to Charge the Car

Richo Butts
1630 Software Screws Around, Reverse Engineering Finds Out: How Independent, Adversarial Research Informs Government Regulation

Andy Sellars and Mike Specter
1700 The Cost of an Incident

Amanda Draeger
1730 Future Breaches and Past Disasters: Volunteering with ITDRC

Impos73r
1800 Lighting Up ShmooCon: Interactive Light Wands for an Epic Opening

Rob Joyce
1845 Registration Closes
2000

Firetalks

Saturday, January 11, 2025
Time Build It! Belay It! Bring it On!
0930 Registration Opens
1000 Building and Hacking USB with FPGAs

Michael Ossmann

 A Commencement into Real Kubernetes Security

Jay Beale and Mark Manning

 Pages from a Sword-Makers Notebook pt. III, “The cursed blade”

Vyrus
1100 Rayhunter: Recording PCAPs from Stingrays With a $20 Hotspot

Cooper Quintin and Will Greenberg

 Inside the Information Stealer Ecosystem: From Compromise to Countermeasure

Olivier Bilodeau and Eric Clay

 Hacker Rock and Roll: Visualizing the 20 Year Evolution of ShmooCon Research

Greg Conti and Danielle Scalera
1200 Modern-day SOC Evolution from Open Source to Unlimited Budget

Grifter and pope

 The Hardest Problem I’ve Ever Seen: Making US Elections More Trustworthy in a World of Untrustworthy Technology

Matt Blaze

 Attacking Classified Safes and Vaults from the Cold War to Now

Deviant Ollam
1300 Lunch Break (On Your Own)
1400 The Permission Slip Attack — Leveraging a Confused Deputy in Android with ‘pSlip’

Edward Warren

 SQLi is /so/ Last ShmooCon

Falcon Darkstar Momot

 C2 Operators Infecting Themselves: The Malware Maestro Story

Estelle Ruellan and Stuart Beck
1430 Casting Light on Shadow Cloud Deployments

Brittney Argirakis and Chapin Bryce

 Is this /s/C/F/ake? Content Provenance Tech to Fight Online Disinformation

Christian Paquin

 Deception & Operations Planning Frameworks

Russell Handorf
1500 Sandboxing Agentic Workflows with WASM

Joe Lucas

 OpSec for Grandma

Rich Mogull

 Murthy v. Missouri, Jawboning, and How What the Supreme Court Had to Say Could Bear on Cybersecurity and Online Speech

Cathy Gellis
1515 The Tech That Fought Back: How I Turned My Rejected ShmooCon Talk into a Democracy-Saving Research Project for the 2024 U.S. Election

Andrew Schoka
1530 On Covert Channels Using QUIC Protocol Headers

David Cheeseman

 Books, OMG, Books: Commence with Reading

Meghan Jacquot

 Taking Over Millions of Accounts from Abandoned Startups

Dylan Ayrey
1545 I’m Not Your Enemy: How Practitioners Can Empower Content

Kali Fencl
1600 Windows Projected File System — The Reality Stone

Casey Smith

 Azure Survey 2025: 60 million Users and Counting

nyxgeek

 Keeping Our Home Addresses Offline: How To Graduate From Opt-Out Whack-A-Mole

Yael Grauer
1615 Taiwan Digital Blockade: How Wargaming Taught Me About ICS Vulnerabilities and Small Islands

Nina Kollars and Jay Vogt
1630 SkyScan — Autonomously Filming Aircraft

Luke Berndt and Mike Chadwick

 Extracting the Ghost in the Machine

Guilherme Santos

 Our Time in a Product Review Cabal: And All the Malware and Bugs that Came With It

Adam Schaal and Matt Virus
1700 Building on the Foundation of our Shared Hacker History

Robert Weiss

 Tracking the Triad Nexus: Investigating FUNNULL CDN’s Role in Global Fraud and Money Laundering

Noah Plotkin

 Shmooganography, Looking Back from Behind the Scenes and into Plain Sight

Will Newton and Mike Bowen
1730 Meshtastic Attacktastic

Dave Schwartzberg
1815 Registration Closes
2100

Saturday Night Events — ShmooFAQ & Game Night

Sunday, January 12, 2025
Time Build It! Belay It! Bring it On!
0930 Registration Opens
1000 Detecting BLE Trackers for the price of a Gas Station Hot Dog

Bil Swearingen and Larry Pesce

 Disrupting the Model: Abusing MLOps Platforms to Compromise ML Models and Enterprise Data Lakes

Brett Hawkins and Chris Thompson

 Hacker (Non)Court: Seymore, Inc. v. ThinkIz, Inc.

Andrea Matwyshyn, Carole Fennelly, Jonathan Klein, Elizabeth (Liz) Wharton, Jessica Wilkerson, and Desirae Satterlee
1100 Imposter Detection with Watchman

Matthew Wollenweber

 A Story About Fighting Disinformation (Or How We Helped the Russian Trolls)

Krassimir Tzvetanov

 The UN Cybercrime Treaty is Final, Here’s What You Need to Know

Kurt Opsahl
1200 TaskMooster
1300 0wn the Con / Growing Up ShmooCon
1400

Closing Remarks
1500 End of Con – Thanks for the Memories!