This year’s ShmooCon 2010 East coast hacker convention was a three day event at the Wardman Park Marriott, Washington DC, USA. The event took place according to schedule from Friday, February 5 to Sunday, February 7, 2010.
The central theme for day one was “One Track Mind,” a single track consisting of seven 30-minute speed talks. Day two and day three each presented three tracks: Break It!, Build It!, and Bring It On! For those that did not attend ShmooCon this year, the ShmooCon Group broadcast ShmooCon Live Streaming Video of all presentations.
As with the past three ShmooCon conventions, tickets for ShmooCon 2010 had sold out early. About 1,500 fans attended ShmooCon 2010, despite the heavy snow that blanketed the greater Washington, DC, area. This post lists links to ShmooCon 2010 related articles, blog posts, videos, photos, tools and downloads.
ShmoonCon 2010 East Coast Hacker Convention, Washington, DC, USA
- The ShmooCon 2010 schedule.
- ShmooCon’s Hacker Arcade.
- ShmooCon exclusive, Hack-or-Halo.
- The TF2 Lan Party Cheater Tourney and TF2 Tourney (Team Fortress 2- Blog).
- Full Disclosure: ShmooCon 2010 CFP – About the ShmooCon conference format and more.
- ShmooCon 2010 Washington, D.C., area map.
ShmooCon 2010 – InfosecEvents Previous Posts
- ShmooCon 2010 – Preview
- ShmooCon 2010 – Day One
- ShmooCon 2010 – Day Two
- ShmooCon 2010 – Day Three
- ShmooCon 2010 – Shmoo Photos
ShmooCon 2010 – Resources and Tools
Blackberry Mobile Spyware – The Monkey Steals the Berries, Tyler Shields.
- Slides: Blackberry Mobile Spyware (PDF).
- TXSBBSpy Demo by Tyler Shields at Veracode Research Lab.
- txsBBSpy.java source code.
Cracking the Foundation: Attacking WCF Web Services, Brian Holyfield.
Information Disclosure via P2P Networks, Larry Pesce and Mick Douglas. Check out The Cactus Project at PaulDotCom. The Cactus Project is a tool intended to be used for all sorts of purposes on the Gnutella bases P2P network.
Articles and Blog Posts
- NovaInfosecPortal’s coverage on ShmoonCon 2010 FireTalks.
- ShmooCon | Inside FarmVille’s Sinister Underbelly (CSO, Bill Brenner, Senior Editor). “You love Facebook apps like FarmVille and Mafia Wars and think they’re perfectly safe, right? Think again.”
- ShmooCon | Your iPhone’s Dirty Little Security Secret (CSO, Bill Brenner, Senior Editor). “Just how easy is it for the bad guys to use your iPhone against you . . . Trevor Hawthorn explains what to do about it.”
- ShmooCon 2010 GSM: SRSLY? by Chris Paget and Karsten Nohl. Shmoocon 2010 – Hak5, an intervew with Chris Paget via revision3 on YouTube.
Paget, “Cloning, spoofing, man-in-the-middle, decrypting, sniffing, crashing, DoS’ing, or just plain having fun. If you can work a BitTorrent client and a standard GNU build process then you can do it all. . . .”
- ShmooCon 2010 Social Zombies II: Your Friends Need More Brains by Tom Eston, Kevin Johnson, Robin Wood. Facebook Application Autopwn with BeEF, via spylogicdotnet (Tom Eston) on YouTube. Demo showing machine getting pwnd by simply viewing the profile page of a vulnerable Facebook application; particular Facebook app found vulnerable to persistent XSS (via theharmonyguy).
- BeEF Tool (Browser Exploitation Framework) used to launch the Metasploit Browser Autopwn module to attack the victim machine.
- There is a lot of valuable information security talk out there in the world of Twitter. The twitosphere was full of interesting streams about #shmoocon.
- OWASP BWA (Broken Web Application) Project (BWA Main Page) via ChrisJohnRiley and danphilpott. Learn about the OWASP (Main Page), DVWA, WebGoat, Matiliday, and more.
- VMWare vSphere Hardening Guide via k4l4m4r1s. This guide represents a new approach to providing security guidance.
- Secmaniac.com launched; Social Engineering Toolkit: SET v0.4 codename “pink pirate” (not making that up) talk at firetalks #shmoocon from Shpantzer
InfosecEvents’ Closing Comments
February 2010, this concludes another exciting ShmooCon East coast hacker convention; held this year at the Wardman Park Marriott, Washington DC, USA. Be sure to check back here at InfosecEvents for the latest information on hacking contests, security tools, training, vulnerabilities, workshops, and upcoming events.