ShmooCon 2010 - Wrap Up

This year’s ShmooCon 2010 East coast hacker convention was a three day event at the Wardman Park Marriott, Washington DC, USA. The event took place according to schedule from Friday, February 5 to Sunday, February 7, 2010.

The central theme for day one was “One Track Mind,” a single track consisting of seven 30-minute speed talks. Day two and day three each presented three tracks: Break It!, Build It!, and Bring It On! For those that did not attend ShmooCon this year, the ShmooCon Group broadcast ShmooCon Live Streaming Video of all presentations.

As with the past three ShmooCon conventions, tickets for ShmooCon 2010 had sold out early. About 1,500 fans attended ShmooCon 2010, despite the heavy snow that blanketed the greater Washington, DC, area. This post lists links to ShmooCon 2010 related articles, blog posts, videos, photos, tools and downloads.

ShmoonCon 2010 East Coast Hacker Convention, Washington, DC, USA

ShmooCon 2010 – InfosecEvents Previous Posts

ShmooCon 2010 – Resources and Tools

Jsunpack-network Edition Release: JavaScript Decoding and Intrusion Detection by Blake Hartstein, Blake Hartstein.

Blackberry Mobile Spyware – The Monkey Steals the Berries, Tyler Shields.

Cracking the Foundation: Attacking WCF Web Services, Brian Holyfield.

DIY Hard Drive Diagnostics: Understanding a Broken Drive, by Scott Moulton. Be sure to get your free copy of DIY Hard Drive Diagnostics (PDF). Visit Moulton’s web site, MyHardDriveDied.

Information Disclosure via P2P Networks, Larry Pesce and Mick Douglas. Check out The Cactus Project at PaulDotCom. The Cactus Project is a tool intended to be used for all sorts of purposes on the Gnutella bases P2P network.

Articles and Blog Posts

Videos

  • ShmooCon 2010 GSM: SRSLY? by Chris Paget and Karsten Nohl. Shmoocon 2010 – Hak5, an intervew with Chris Paget via revision3 on YouTube.
    Paget, “Cloning, spoofing, man-in-the-middle, decrypting, sniffing, crashing, DoS’ing, or just plain having fun. If you can work a BitTorrent client and a standard GNU build process then you can do it all. . . .”

  • ShmooCon 2010 Social Zombies II: Your Friends Need More Brains by Tom Eston, Kevin Johnson, Robin Wood. Facebook Application Autopwn with BeEF, via spylogicdotnet (Tom Eston) on YouTube. Demo showing machine getting pwnd by simply viewing the profile page of a vulnerable Facebook application; particular Facebook app found vulnerable to persistent XSS (via theharmonyguy).
    • BeEF Tool (Browser Exploitation Framework) used to launch the Metasploit Browser Autopwn module to attack the victim machine.

Twitter

InfosecEvents’ Closing Comments

February 2010, this concludes another exciting ShmooCon East coast hacker convention; held this year at the Wardman Park Marriott, Washington DC, USA. Be sure to check back here at InfosecEvents for the latest information on hacking contests, security tools, training, vulnerabilities, workshops, and upcoming events.