shmoocon 2011: come and gone
So this year I attended my first Shmoocon and I can definitely say I had a good time. It’s an affordable con with a lot of stuff to do and a good variety of subject matter. The atmosphere is laid back and there’s a lot of swag to be had if that’s your thing. Most of the talks that I attended were pretty interesting with only a couple being crappy. Of the interesting ones a few stand out that I’ll recap on. They are supposed to put all the talks online to watch for free so I will update as soon as that is available.
Keynote by Mudge:
Mudge gave an outstanding keynote which was a real treat to hear. He’s a great speaker and very respected in the security community so it was really neat to actually see him in person.
If you try to google John McNabb you won’t find much. He’s nobody famous (infamous?) in the hacker community, but he’s doing some great work on an area that is going to get more attention in the years to come: SCADA systems and Cyberterroism. His talk focused on “Smart Water” systems and how attackers could attack a public water system. John did an outstanding job and I look forward to seeing more work from him.
The long and short of it is that Trent Lo (aka Surbo) found the absolute most broken site I’ve ever heard of. Surbo completely dismantles evite.com with some hilarious antics. For the love of god do not use this website ever!!!
Rich gave a great talk on the NetSA Security Suite offered by CERT. Admittedly, we don’t use netflow in any form at my current employer, but after seeing this it’s officially near the top of my to-do list. This free suite of tools can give you more visibility into your network and seems to be pretty valuable for anyone playing defense. I hope to get it setup soon and will post an article when I do.
Other than talks, Shmoocon also had a “Lock Pick Village” to learn about lock picking, a contest called “Hack Fortress” that combines hacking/puzzle challenges and TF2 (very cool concept), and several other contests involving things like crypto and hacker-esque puzzles. I did check out the Lock Pick Village which was my first foray into picking locks and it was very cool.
I didn’t do any of the contests unfortunately, except for Barcode Shmarcode which is a contest to make the coolest barcode (your barcode is your ticket into the con). I didn’t win because they said mine didn’t scan, however in my testing it does in fact scan but that’s ok. I made a Shmoocon Passport that mimics a standard US Passport with some modifications. I didn’t put as much effort into it as I wanted, but the guy that won blew everyone out of the water anyway. Below is a picture of the inside of my passport:
All in all I had a great time and if I can I plan on attending again next year even though it’s cold as hell in DC in January!