ShmooCon 2017 – More Talks, More Moose, More Fun!

I got the chance to attend ShmooCon 2017, and it was definitely enjoyable for my first Shmoo.

Tickets

This is actually where I got even luckier than I realized. I had a co-worker buy two tickets on the first release after asking if I wanted to go with him. He was able to get them, and then everyone I spoke to told me that it might be the last time I get tickets unless I work for a sponsor. That said, if he could do it, so can you!

D.C.

While I’ve been to D.C. before, going for an actual conference was a nice change.

Driving is never the best, but I caught a ride with a coworker and only had to perform navigational duties.

As far as the neighborhood the hotel was in, it was nice enough, but I could have used a few more shops/restaurants within walking distance. That said, I had forgotten how expensive D.C. was. While I was only there for a few days, every time I had to spend $8 on a beer or $14 on a burger I wasn’t that excited.

All in all, it’s a nice place to have a con, and it was good to spend some more time in that area of D.C. again.

CTFs

Unfortunately, there wasn’t a lot in the way of CTFs there. That said, the Wireless CTF seemed pretty popular, but my lack of skills and recviking‘s lack of gear meant we couldn’t do much.

I did grab a few flags in G2’s Switches Get Stiches (their spelling, not mine) CTF for a free shirt/shot glass, but that was about it.

Talks

While there wasn’t a CTF to my liking, it also meant that I got to go to more talks!

You can find the videos for these, and the rest of the talks, on archive.org.

Here are a few of the talks that I really liked, or plan on looking into more.

• How to Spoil all Movies and Give an Unforgettable Presentation (Firetalk #1). This was an AWESOME talk about giving great presentations (not just at Cons, but conversations in general)
• Quick and Dirty Emulation of ARM Firmware (Firetalk #2). This was mostly about emulating firmware without having to write an emulator via hooking and using QEMU.
• NAVRIE Athena (Firetalk #3). A graph database solution to unify InfoSec data and workflow - the talk was a bit rough since the demo didn’t work, but this tool sounds super cool. It is about correlating information, building graph databases, and displaying it all in a 3d world.
• 22 Short Films About Security (Firetalk #4). A talk about failed talks and ideas. Great for a way to remember to share your ideas or projects, even if they don’t go anywhere.
• You Can Do the Thing! (Firetalk #6). Awesome talk about volunteering/using your unique skills (general IT) to help small non-profits as opposed to just giving money to the EFF every year.
• LangSec for Penetration Testing: How and Why. While a bit above my head, this talk was about great idea: getting CWEs approved for code that just doesn’t “smell good”. A specific vulnerability for more generalized cases and issues, as opposed to requiring exploitability for a bad parser for example.
• Flailing is Learning: My First Year as a Malware Analyst. A talk about someone’s first year doing malware analysis, a few good references for the subject, touching on how getting into a new field can go, how mentor-ship and goals are important, and how automation is also important.
• User Focused Security at Netflix: Stethoscope. How Netflix manages user security (patching, BYOD, etc.). I think the bigger takeaways would be for actual institutions, but the concept of simplicity, an all in one portal, freedom, and colors were all great takeaways that I plan on using for dashboards etc.
• ripr - Run Slices of Binary Code from Python. The CTF tool that I’m most excited to start using. Export entire chunks of disassembled code (from Binary Ninja) and throw them STRAIGHT into Python including any dependencies or additional jumps (GitHub source).
• Excuse me, Server, Do You Have the Time? A really neat talk about looking for cases where the application uses time to generate cookies/UUIDs/etc., and possible ways to attack them. More concept than tooling, but he plans on releasing a helper tool or two soon.
• Designing and Executing the World's First All-Computer Hacking Competition. A panel with the development team – this was a panel with the CGC guys (DARPA computer hacking challenge that had its final at DefCon), which I’m always a fan of (plus I got a free book for asking a question).

Smashbot

I’d be lying if I didn’t say I probably spent most of my time playing against SmashBot. As a former (current?) Melee player AND a pentester, this felt like the perfect intersection of my two hobbies. Initially, I tried to play it as if it was a regular Melee opponent, which obviously didn’t work. After a few tries, I realized that it was just a black box penetration test, and started my fuzzing. I was able to take quite a number of notes against it, and ended up finding quite a few vulnerabilities. In the end, I was able to beat it twice and get up to 158% damage.

I may try to post a bit more about this in a separate post, so that’s all about it for now. That said, if you have some controllers, I recommend installing Dolphin and giving it a try.

Swag

I think this was the con that I left with the most free stuff as well. Nothing too exciting, but a bunch of nice shirts, some shot glasses, and a few more bottle openers.

ShmooCon 2017 – Conclusion

ShmooCon was definitely fun, and in the realm of DerbyCon as far as size and atmosphere. I’d like to go back, but with the cost of DC and the difficulty to get tickets, it won’t be the highest on my priority list. I do recommend it though, but you might have to pickups tickets from work/Twitter.

Ray Doyle

Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.

This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.