Skip to Main Content
February 16, 2010

Shmoocon 2010 the aftermath....

Written by David Kennedy
Remediation Assistance & Training Training
Phew, I know its a few days late, but you generally need a week or so to recover from a weekend at ShmooCon. This year I have to say was probably one of the better ones that I've attended inR a long time. I got to meet a lot of new friendly faces and get to hang out with some of my favorite people in the industry. It's always great to put faces to names that you meet on IRC or through email. But here's a little recap if you didn't get to hear about all of the talks: I had the privilege in speaking at the fire talks this year, I released a new version of the Social-Engineer Toolkit v0.4 which incorporated many new attack vectors, including the Thomas Werth Java Applet that is now incorporated into SET. The Shodan talk by theprez was probably one of my favorites, he had a ton of enthusiasm and entertaining information that kept me intrigued the entire time. The search capabilities within Shodan are absolutely necessary when performing any type of penetration test and can be invaluable information that shouldn't be overlooked. On par was Irongeek with his presentations and if you have ever seen Adrian present, he is a blast to watch. His talk on honeypots and how he used his own sites to really just mess with peoples heads was entertaining and full of laughs the entire time. If you haven't seen the fire talks yet, head over to here (special thanks to Irongeek): ShmooCon 2010 Firetalks TheX1le and Kingtuna gave a talk on a newly released tool called airdrop, I would like to take this time to point out that almost every demo that they had failed miserably and felt bad as they were ruthlessly pelted (mostly by me) by shmoo balls. I've never seen a crowd go on stage just to get back the Shmoo balls they there, just to throw them again. While this may sound ruthless and cold-hearted, this is finally pay back to TheX1le for all of the times he has called my code ugly and how far superior his orientation of Python is better then mine :-) Overall, while the demo's didn't work the tool itself seems pretty sweet, the ability to whitelist/blacklist wireless clients in a very targeted manner has more uses then I can think of. Very cool concept, and enjoyed the talk regardless. The, GSM: SRSLY talk by Chris Paget and Karsten Nohl was probably one of my other favorites, it was at the same time as TheX1le's so I picked it up on DVD. This one was a must at ShmooCon and talked about the flaws within GSM. They were working on a live Linux distribution similar to BackTrack in many ways but specifically dedicated into killing GSM. Very cool talk. I caught the tail end of Larry Pesce and Mick Douglas' talk, the PDC guys are always a blast to watch and from what I saw of it, was a great discussion. Another awesome talk that's always great to watch was Tom Eston, Kevin Johnson, and Robin Wood's (@digininja) presentation on Social Zombies, very similar to the Defcon talk, this one was punched with more laughs and how scary social networks can really be and how they continue to just be a cesspool of information stealing and compromising peoples data. On Saturday night was the podcasters meetup, I have to honestly say, if you know me you know how much I can endure from hurling lemons to snow balls to projectiles whizzing 90 MPH. Nothing I could have done would have prepared me for the podcasters meetup warzone. I have never seen so many hurling Shmoo balls at one time, there literally was probably multiple hundreds of Shmoo balls flying through the area. For anyone wanting to join next year, wear a cup. The podcasters meetup was a blast though, we had a lot of good discussion and topics and I have nothing but mad respect for the PaulDotCom crew, great bunch of people and always fun to hang out with them. Lastly, we did the Social-Engineer podcast ( for more information) which I thought went extremely well. I'm not sure how we do it but I think after each one it just gets better and better everytime. If you haven't had a chance to checkout the podcast, I believe we are on Episode 6 now, and each download has surpassed the previous one. Overall, ShmooCon was a blast, lots of great people and good talks. The Shmoo Cannon made Larry was unbelievable, it talked to you, it was remote controlled, and it launched at insane speeds, I seriously do not know how hes going to outdo himself next year, I don't believe there is a way.